Site Navigation

Date:      Thu, 4 Sep 2025 11:21:03 +0200 (CEST)
From:      Ronald Klop <ronald-lists@klop.ws>
To:        net@freebsd.org
Subject:   bridge new vlan and iftagged "none"
Message-ID:  <481902534.1074.1756977663370@localhost>

---

next in thread | raw e-mail | index | archive | help

---

------=_Part_1073_1351441042.1756977662996
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

I'm trying out the new bridge vlan functionality.
I can't find a lot of examples of the new config options yet and I'm a bit confused.

I have this setup working:

genet0 <--> bridge0 <--> multiple epairs for jails

Some epairs will be in vlan 3 and some epairs are not in a vlan.
I have this working.
bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=10<VLAN_HWTAGGING>
        ether 58:9c:fc:10:ea:3e
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        bridge flags=1<VLANFILTER>
        member: epair3a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 21 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair6a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 18 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair4a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 15 priority 128 path cost 2000 vlan protocol 802.1q
        member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 12 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair10a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 9 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair5a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 6 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 4 priority 128 path cost 2000 vlan protocol 802.1q
        member: genet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 1 priority 128 path cost 55 vlan protocol 802.1q
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>
epair4a still receives all traffic, so also traffic for vlan 3.
My expectation was that I should be able to filter vlan traffic from epair4a by doing this.
ifconfig bridge0 vlanfilter
ifconfig bridge0 iftagged epair4a none
And somehow make it possible to have genet0 to transfer all traffic even with vlanfilter enabled.

I don't understand if this is possible and how. Any insights?

Regards,
Ronald.
 
------=_Part_1073_1351441042.1756977662996
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html><head></head><body>Hi,<br>
<br>
I'm trying out the new bridge vlan functionality.<br>
I can't find a lot of examples of the new config options yet and I'm a bit confused.<br>
<br>
I have this setup working:<br>
<br>
genet0 &lt;--&gt; bridge0 &lt;--&gt; multiple epairs for jails<br>
<br>
Some epairs will be in vlan 3 and some epairs are not in a vlan.<br>
I have this working.
<pre>bridge0: flags=1008843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP&gt; metric 0 mtu 1500
        options=10&lt;VLAN_HWTAGGING&gt;
        ether 58:9c:fc:10:ea:3e
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        bridge flags=1&lt;VLANFILTER&gt;
        member: epair3a flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;
                port 21 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair6a flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;
                port 18 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair4a flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;
                port 15 priority 128 path cost 2000 vlan protocol 802.1q
        member: epair2a flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;
                port 12 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair10a flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;
                port 9 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair5a flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;
                port 6 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair0a flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;
                port 4 priority 128 path cost 2000 vlan protocol 802.1q
        member: genet0 flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;
                port 1 priority 128 path cost 55 vlan protocol 802.1q
        groups: bridge
        nd6 options=9&lt;PERFORMNUD,IFDISABLED&gt;</pre>
<br>
epair4a still receives all traffic, so also traffic for vlan 3.<br>
My expectation was that I should be able to filter vlan traffic from epair4a by doing this.
<pre>ifconfig bridge0 vlanfilter
ifconfig bridge0 iftagged epair4a none</pre>
And somehow make it possible to have genet0 to transfer all traffic even with vlanfilter enabled.<br>
<br>
I don't understand if this is possible and how. Any insights?<br>
<br>
Regards,<br>
Ronald.<br>
&nbsp;</body></html>
------=_Part_1073_1351441042.1756977662996--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?481902534.1074.1756977663370>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact