From nobody Thu Sep 4 09:21:03 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cHYr14Zghz677yM for ; Thu, 04 Sep 2025 09:21:05 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smtp-relay-int-backup.realworks.nl (smtp-relay-int-backup.realworks.nl [87.255.56.188]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4cHYr04Hknz40bF for ; Thu, 04 Sep 2025 09:21:04 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=klop.ws header.s=rw2 header.b=i4PDPELt; dmarc=pass (policy=quarantine) header.from=klop.ws; spf=pass (mx1.freebsd.org: domain of ronald-lists@klop.ws designates 87.255.56.188 as permitted sender) smtp.mailfrom=ronald-lists@klop.ws Received: from smtp-relay-int-backup.realworks.nl (crmpreview3.colo2.realworks.nl [10.2.52.33]) by mailrelayint1.colo2.realworks.nl (Postfix) with ESMTP id 4cHYqz2jvPz1WW for ; Thu, 4 Sep 2025 11:21:03 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=klop.ws; s=rw2; t=1756977663; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=ZDKtGYhQo+PU0QEVHgjOPjrWwjLFV04BrlZzRFBwxK8=; b=i4PDPELt/3hQeAE5z/JqfHTTdVaAPZWJulZix5EPE+OlcqrtpSX6WCC8rTOoBo166u5TWT n7xmPxRkelFwvyHv+17AL4KibhsdPsbnKZEZ6pbVaXbj30A5a0U4wZYFQJkpfRZ+GswKQK CarmLdj0lcij1T6OVTXrKnOpQq8OswfoePtOn+TpM9xz38W0ATp/8Jx9Iih+cEkHKWy1G/ g+vUHGeModRksIVFaElDaDFJG7iyLpGWgiMXWvwwVQpAEeqDDUgrMnNXYB2AydJgNyTVSB vgsu6vB5kk4p4npmiWHvlQbO9eAAv1Io6mU2B2EZa+xWE3rN65b9AvKhXpnPPw== Received: from crmpreview3.colo2.realworks.nl (localhost [127.0.0.1]) by crmpreview3.colo2.realworks.nl (Postfix) with ESMTP id 5B1DD1401D6 for ; Thu, 4 Sep 2025 11:21:03 +0200 (CEST) Date: Thu, 4 Sep 2025 11:21:03 +0200 (CEST) From: Ronald Klop To: net@freebsd.org Message-ID: <481902534.1074.1756977663370@localhost> Subject: bridge new vlan and iftagged "none" List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_1073_1351441042.1756977662996" X-Mailer: Realworks (764.81) X-Originating-Host: from (83-81-212-149.cable.dynamic.v4.ziggo.nl [83.81.212.149]) by crmpreview3.colo2.realworks.nl [10.2.52.33] with HTTP; Thu, 04 Sep 2025 11:21:03 +0200 Importance: Normal X-Priority: 3 (Normal) X-Originating-User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:142.0) Gecko/20100101 Firefox/142.0 X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.50 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MID_RHS_NOT_FQDN(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[klop.ws,quarantine]; R_SPF_ALLOW(-0.20)[+ip4:87.255.56.128/26]; R_DKIM_ALLOW(-0.20)[klop.ws:s=rw2]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_TLS_LAST(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:38930, ipnet:87.255.32.0/19, country:NL]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[net@freebsd.org]; HAS_X_PRIO_THREE(0.00)[3]; TO_DN_NONE(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; ARC_NA(0.00)[]; MLMMJ_DEST(0.00)[net@freebsd.org]; DKIM_TRACE(0.00)[klop.ws:+] X-Rspamd-Queue-Id: 4cHYr04Hknz40bF ------=_Part_1073_1351441042.1756977662996 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi, I'm trying out the new bridge vlan functionality. I can't find a lot of examples of the new config options yet and I'm a bit confused. I have this setup working: genet0 <--> bridge0 <--> multiple epairs for jails Some epairs will be in vlan 3 and some epairs are not in a vlan. I have this working. bridge0: flags=1008843 metric 0 mtu 1500 options=10 ether 58:9c:fc:10:ea:3e id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 bridge flags=1 member: epair3a flags=143 port 21 priority 128 path cost 2000 vlan protocol 802.1q untagged 3 member: epair6a flags=143 port 18 priority 128 path cost 2000 vlan protocol 802.1q untagged 3 member: epair4a flags=143 port 15 priority 128 path cost 2000 vlan protocol 802.1q member: epair2a flags=143 port 12 priority 128 path cost 2000 vlan protocol 802.1q untagged 3 member: epair10a flags=143 port 9 priority 128 path cost 2000 vlan protocol 802.1q untagged 3 member: epair5a flags=143 port 6 priority 128 path cost 2000 vlan protocol 802.1q untagged 3 member: epair0a flags=143 port 4 priority 128 path cost 2000 vlan protocol 802.1q member: genet0 flags=143 port 1 priority 128 path cost 55 vlan protocol 802.1q groups: bridge nd6 options=9 epair4a still receives all traffic, so also traffic for vlan 3. My expectation was that I should be able to filter vlan traffic from epair4a by doing this. ifconfig bridge0 vlanfilter ifconfig bridge0 iftagged epair4a none And somehow make it possible to have genet0 to transfer all traffic even with vlanfilter enabled. I don't understand if this is possible and how. Any insights? Regards, Ronald. ------=_Part_1073_1351441042.1756977662996 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Hi,

I'm trying out the new bridge vlan functionality.
I can't find a lot of examples of the new config options yet and I'm a bit confused.

I have this setup working:

genet0 <--> bridge0 <--> multiple epairs for jails

Some epairs will be in vlan 3 and some epairs are not in a vlan.
I have this working. 
bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=10<VLAN_HWTAGGING>
        ether 58:9c:fc:10:ea:3e
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        bridge flags=1<VLANFILTER>
        member: epair3a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 21 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair6a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 18 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair4a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 15 priority 128 path cost 2000 vlan protocol 802.1q
        member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 12 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair10a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 9 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair5a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 6 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
        member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 4 priority 128 path cost 2000 vlan protocol 802.1q
        member: genet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                port 1 priority 128 path cost 55 vlan protocol 802.1q
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>

epair4a still receives all traffic, so also traffic for vlan 3.
My expectation was that I should be able to filter vlan traffic from epair4a by doing this. 
ifconfig bridge0 vlanfilter
ifconfig bridge0 iftagged epair4a none
And somehow make it possible to have genet0 to transfer all traffic even with vlanfilter enabled.

I don't understand if this is possible and how. Any insights?

Regards,
Ronald.
  ------=_Part_1073_1351441042.1756977662996--