Date: Thu, 4 Sep 2025 13:00:41 +0200 (CEST) From: Ronald Klop <ronald-lists@klop.ws> To: net@freebsd.org Subject: (solved) Re: bridge new vlan and iftagged "none" Message-ID: <1163973293.2324.1756983641807@localhost> In-Reply-To: <481902534.1074.1756977663370@localhost> References: <481902534.1074.1756977663370@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Ah, after looking into the config of my switch and seeing the nice "untagged 1" on all interfaces it dawned on me what the config should be.
I now have this bridge:
bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=10<VLAN_HWTAGGING>
ether 58:9c:fc:10:ea:3e
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
bridge flags=1<VLANFILTER>
member: epair3a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 21 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair4a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 18 priority 128 path cost 2000 vlan protocol 802.1q untagged 1
member: epair6a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 15 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair10a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 12 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 9 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair5a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 6 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 4 priority 128 path cost 2000 vlan protocol 802.1q untagged 1
member: genet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 1 priority 128 path cost 55 vlan protocol 802.1q untagged 1 tagged 3
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED>
And everything works as expected.
I realize that I can now configure this to sent "tagged 1" traffic between genet0 and the switch and even further into my network. Would that have /any/ influence on performance?
Regards,
Ronald.
Van: Ronald Klop <ronald-lists@klop.ws>
Datum: donderdag, 4 september 2025 11:21
Aan: net@freebsd.org
Onderwerp: bridge new vlan and iftagged "none"
>
> Hi,
>
> I'm trying out the new bridge vlan functionality.
> I can't find a lot of examples of the new config options yet and I'm a bit confused.
>
> I have this setup working:
>
> genet0 <--> bridge0 <--> multiple epairs for jails
>
> Some epairs will be in vlan 3 and some epairs are not in a vlan.
> I have this working.
> bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
> options=10<VLAN_HWTAGGING>
> ether 58:9c:fc:10:ea:3e
> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
> bridge flags=1<VLANFILTER>
> member: epair3a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> port 21 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
> member: epair6a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> port 18 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
> member: epair4a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> port 15 priority 128 path cost 2000 vlan protocol 802.1q
> member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> port 12 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
> member: epair10a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> port 9 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
> member: epair5a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> port 6 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
> member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> port 4 priority 128 path cost 2000 vlan protocol 802.1q
> member: genet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> port 1 priority 128 path cost 55 vlan protocol 802.1q
> groups: bridge
> nd6 options=9<PERFORMNUD,IFDISABLED>
> epair4a still receives all traffic, so also traffic for vlan 3.
> My expectation was that I should be able to filter vlan traffic from epair4a by doing this.
> ifconfig bridge0 vlanfilter
> ifconfig bridge0 iftagged epair4a none
> And somehow make it possible to have genet0 to transfer all traffic even with vlanfilter enabled.
>
> I don't understand if this is possible and how. Any insights?
>
> Regards,
> Ronald.
>
[-- Attachment #2 --]
<html><head></head><body>Ah, after looking into the config of my switch and seeing the nice "untagged 1" on all interfaces it dawned on me what the config should be.<br>
I now have this bridge:
<pre>bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=10<VLAN_HWTAGGING>
ether 58:9c:fc:10:ea:3e
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
bridge flags=1<VLANFILTER>
member: epair3a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 21 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair4a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 18 priority 128 path cost 2000 vlan protocol 802.1q untagged 1
member: epair6a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 15 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair10a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 12 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 9 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair5a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 6 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 4 priority 128 path cost 2000 vlan protocol 802.1q untagged 1
member: genet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 1 priority 128 path cost 55 vlan protocol 802.1q untagged 1 tagged 3
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED></pre>
<br>
And everything works as expected.<br>
<br>
I realize that I can now configure this to sent "tagged 1" traffic between genet0 and the switch and even further into my network. Would that have /any/ influence on performance?<br>
<br>
Regards,<br>
Ronald.<br>
<br>
<p><strong>Van:</strong> Ronald Klop <ronald-lists@klop.ws><br>
<strong>Datum:</strong> donderdag, 4 september 2025 11:21<br>
<strong>Aan:</strong> net@freebsd.org<br>
<strong>Onderwerp:</strong> bridge new vlan and iftagged "none"</p>
<blockquote style="padding-right: 0px; padding-left: 5px; margin-left: 5px; border-left: #000000 2px solid; margin-right: 0px">
<div class="MessageRFC822Viewer" id="P">
<div class="MultipartAlternativeViewer">
<div class="TextHTMLViewer" id="P.P.P">Hi,<br>
<br>
I'm trying out the new bridge vlan functionality.<br>
I can't find a lot of examples of the new config options yet and I'm a bit confused.<br>
<br>
I have this setup working:<br>
<br>
genet0 <--> bridge0 <--> multiple epairs for jails<br>
<br>
Some epairs will be in vlan 3 and some epairs are not in a vlan.<br>
I have this working.
<pre style=";white-space: pre-wrap;white-space: pre-wrap;">bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=10<VLAN_HWTAGGING>
ether 58:9c:fc:10:ea:3e
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
bridge flags=1<VLANFILTER>
member: epair3a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 21 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair6a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 18 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair4a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 15 priority 128 path cost 2000 vlan protocol 802.1q
member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 12 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair10a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 9 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair5a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 6 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 4 priority 128 path cost 2000 vlan protocol 802.1q
member: genet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 1 priority 128 path cost 55 vlan protocol 802.1q
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED></pre>
<br>
epair4a still receives all traffic, so also traffic for vlan 3.<br>
My expectation was that I should be able to filter vlan traffic from epair4a by doing this.
<pre style=";white-space: pre-wrap;white-space: pre-wrap;">ifconfig bridge0 vlanfilter
ifconfig bridge0 iftagged epair4a none</pre>
And somehow make it possible to have genet0 to transfer all traffic even with vlanfilter enabled.<br>
<br>
I don't understand if this is possible and how. Any insights?<br>
<br>
Regards,<br>
Ronald.<br>
</div>
</div>
</div>
</blockquote>
<br>
</body></html>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1163973293.2324.1756983641807>