From owner-freebsd-net@FreeBSD.ORG Sun Aug 26 12:12:53 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 27939106564A for ; Sun, 26 Aug 2012 12:12:53 +0000 (UTC) (envelope-from djmitche@gmail.com) Received: from mail-wg0-f51.google.com (mail-wg0-f51.google.com [74.125.82.51]) by mx1.freebsd.org (Postfix) with ESMTP id AC7C08FC0A for ; Sun, 26 Aug 2012 12:12:52 +0000 (UTC) Received: by wgbed3 with SMTP id ed3so1924520wgb.8 for ; Sun, 26 Aug 2012 05:12:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=QcjSuooSij49DmtKFyUHV2ZtgQjVZJSeHCUDEK2uSok=; b=MTTeqK+ny4Jx2wmA4X65oOd3nerYK7HMSYyIbTCzL8TQVfuCJQNwsZSWXtgFJaIj5g cguoIK/nw21TDZZVoRdzuAvTglBwzH/axXP95FfKGpFU2lghb/lUq+pqdjLrvxwTVp/B 2ZXRVI3HK+YULtzShW/qCofbgBrs9tRnxRyuI0ppPGtbUXJ9hk/nMbZ2c80/t5km+btF oocFzZ/AkQ32rZoAsaWeNikdfxnHgsKJh9oKWx8ZBf1dLEZJffP73/Yl8DKmsDuiSvuK ffL64KPWbQHUPkZaRHskLlIc9eDpYhrKtkmZZoqr5smoey0FAk2iJe+KGFzuj/mXXlwN JlNQ== MIME-Version: 1.0 Received: by 10.216.41.195 with SMTP id h45mr5704682web.74.1345983171402; Sun, 26 Aug 2012 05:12:51 -0700 (PDT) Sender: djmitche@gmail.com Received: by 10.223.4.215 with HTTP; Sun, 26 Aug 2012 05:12:51 -0700 (PDT) In-Reply-To: References: Date: Sun, 26 Aug 2012 08:12:51 -0400 X-Google-Sender-Auth: cV70YZFUGWIMY5HEQDDOwcyrdfk Message-ID: From: "Dustin J. Mitchell" To: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8 Subject: Re: bridging VLAN interfaces and STP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Aug 2012 12:12:53 -0000 On Sat, Aug 25, 2012 at 7:04 PM, Dustin J. Mitchell wrote: > Hey folks. I'm trying to set up a system with one 802.1q-tagged > upstream, and a few untagged interfaces. So I'd like to bridge the > vlan(4) interfaces on vr1 to specific other interfaces. > > hilbert ~ # ifconfig bridge10 > bridge10: flags=8843 metric 0 mtu 1500 > ether 02:f4:a1:63:5a:0a > inet 172.16.1.21 netmask 0xffffff00 broadcast 172.16.1.255 > nd6 options=21 > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: vr3 flags=143 > ifmaxaddr 0 port 4 priority 128 path cost 55 > member: vr2 flags=143 > ifmaxaddr 0 port 3 priority 128 path cost 55 > member: vr1.10 flags=143 > ifmaxaddr 0 port 8 priority 128 path cost 200000 > > Now, if I try to enable STP on these: > > hilbert ~ # ifconfig bridge10 stp vr2 > hilbert ~ # ifconfig bridge10 stp vr3 > hilbert ~ # ifconfig bridge10 stp vr1.20 > ifconfig: unable to get bridge flags: No such file or directory > > and, indeed, the first two succeeded and the third did not: > ... > member: vr3 flags=147 > ifmaxaddr 0 port 4 priority 128 path cost 55 proto rstp > role disabled state discarding > member: vr2 flags=147 > ifmaxaddr 0 port 3 priority 128 path cost 55 proto rstp > role disabled state discarding > member: vr1.10 flags=143 > ifmaxaddr 0 port 8 priority 128 path cost 200000 > > I tried a bridge interface with vlan'd members only (vr2.10 and > vr1.10, to be exact), and still saw this error. > > So it looks like you can't run STP on vlan interfaces? Can someone > confirm? Or is there a secret sysctl to enable this? > > I'll admit this is a minor point - I'll just leave STP off and not > make loops - but it'd be nice to do the right thing :) > > Dustin And I can verify that STP's *not* working on those interfaces because I just inadvertently created a forwarding loop. Incidentally, it makes sense in retrospect, but the if_bridge(4) manpage doesn't mention that gateway_enable is required for bridging to actually forward packets. Dustin