From owner-freebsd-net@freebsd.org Sat Apr 28 14:51:39 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D2ECFFB140F for ; Sat, 28 Apr 2018 14:51:38 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2EBF06F58B for ; Sat, 28 Apr 2018 14:51:38 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: by mail-lf0-x235.google.com with SMTP id z130-v6so6702493lff.5 for ; Sat, 28 Apr 2018 07:51:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eF6yXmYXIBNcKL5FJCzp6Cyk+cjCyAQfwYFIgZC6kmM=; b=UkW8usXTTriJ/LAtWKqpo27Fio9P0djoDAefh/o8Hr3CaNg2wwHcJR3FRr+gLCf3Aq sjsfuUrv7P/nr+aXDbI1oY6VCJq/3UFUUpkKy9l5B/dW979oLbui6O+2r6LwJbKp1PEh u48dMG7LEthuWusYYPLXY0ReQPanhLVhgxCyH8+nDJfIltCcuUIgUBjyPwmLedge7mk0 Mn8FLUOO3hhNnZ9zi2tzMR8Cndyy9rxz0kAL7FNZmi254iv82+uGzRWz0WttpovAMQBx Gx8GTeNhEqI2FTOlBmhQ18RScNpwJCz1YsUOW3Mq/73JfnM30UnZxqts86bOdJFhPabc E4JA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eF6yXmYXIBNcKL5FJCzp6Cyk+cjCyAQfwYFIgZC6kmM=; b=If68NnUJ2MbHoC2Xy5I+69aeZ6Ou7pmDamjFKUPwJ1RQhhOSGXuwiw10FNz36ZaKIc +EFdVDvPe+IPEHvKQSf6mJk8u1nu1OD6QFVrziIOvVfeTNLvPj6L3SXvh83m3uic8c/r LCGGAj8+i3hsZyUYrHLc2EAtdfJFvR9rcOvapAcF9MlME3UKlNjNyK5yuTqlPpKt6jUf THvpb05PNhCvfTLchMTo0RvaKkqUcuLcWU+4H7TKUv9LHvCXdwIATP+lQjHcwFearlo8 jr5Zee/yxYZ2BoVPmdvvg5bV494J7gu+KRTXTlyVhWdG3M4g7Ns+AppeXlDVPuMJpkWc HALQ== X-Gm-Message-State: ALQs6tDO1ka5ivBOJCP7+RYZOeDznf+mG9moC2vdStlcroWJfiml1Tex h4fkv+UhcocMJDuYZ2l6U+S8THY8ANUoIihVYUiukg== X-Google-Smtp-Source: AB8JxZoFNcWTMkSd7zsPXrSJ65Cbth9eddu8Iw44YbPuROOt2uAodeI43uYS37+9s4BfebkFnCRefcJIsum7VwDqfDU= X-Received: by 2002:a2e:320b:: with SMTP id y11-v6mr4211283ljy.119.1524927096249; Sat, 28 Apr 2018 07:51:36 -0700 (PDT) MIME-Version: 1.0 References: <5AE216DC.7010905@grosbein.net> <5AE33513.1000001@grosbein.net> <5AE34754.6040905@grosbein.net> <5AE34CFA.7000207@grosbein.net> <5AE437C1.8010706@grosbein.net> <5AE44ADD.7020302@grosbein.net> <5AE468D5.9030702@grosbein.net> In-Reply-To: From: Freddie Cash Date: Sat, 28 Apr 2018 14:51:25 +0000 Message-ID: Subject: Re: NETGRAPH- bridge vlans using netgraph help To: Abdullah Tariq Cc: Eugene Grosbein , freebsd-net Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Apr 2018 14:51:39 -0000 On Sat, Apr 28, 2018, 6:17 AM Abdullah Tariq wrote: > > > > No, its simplier: single bridge contains all interfaces corresponting to > > ports of single vlan. > > You can bridge plain igb* interfaces for untagged ports; or bridge > > interface igbX with interface vlanY > > when one port carries untagged frames of vlan and another ports carries > > tagged frames of the same vlan; > > or bridge interface vlans together when all of them carry tagged frames > of > > the vlan. > > > > > Sorry but getting a little confused here. > Lets say i have 2 interfaces igb0, igb1 and i want them to have tagged > traffic. > I create vlan1 tagged 10 on igb0 > and vlan2 tagged 10 on igb1 > Next i create bridge0, assign vlan1 and vlan2 (no IPs on either the bridge, > physical interface on VLANs)? PCs connected with igb0 and igb1 have > similar IP config (e.g 192.168.10.1 and 192.168.10.2) > Am i correct? > vlan tags are added by each system when the packets leave the NIC on that system. vlan tags are checked when a packet enters a NIC, and only packets where the tag matches that one set on the NIC are allowed. Thus, what you are trying to do is not possible. But, the end-result that you want, is possible, just not the way you think. PC1 has 1.2.3.4 and sends untagged packets. PC1 is connected to igb0 on FreeBSD system. igb0 is part of bridge0. vlan5 interface is created on top of igb1 with vlan tag 5. vlan5 interface is also part of bridge0. igb1 is connected to a switch port configured with tagged vlan 5. Another switch port is configured with untagged vlan 5 (access port with PVID set to 5). PC2 has 1.2.3.5 and is plugged into that switch port. Now, PC1 and PC2 can communicate as they are both connected to vlan 5. Trace the traffic in both directions and you'll see why. PC1 sends packets with no tags --> igb0 accepts traffic with no tags --> bridge0 passes it to vlan5 --> packets get tagged with vlan 5 --> to switch port that accepts tagged traffic on vlan 5 --> out switch port that's part of vlan 5 --> tags are stripped from packet --> PC2 accepts traffic with no tags. Then reversed: PC2 serve packets with no tags --> switch port accepts traffic with no tags, adds vlan 5 to them --> tagged packets sent out other switch port --> vlan5 interface accepts tagged packets, strips the tag from then --> bridge0 passes untagged packets to igb0 --> untagged packets sent to PC1 --> PC1 accepts untagged packets. As mentioned multiple times, if you want to use tagged interfaces for everything, then you need to configure PC1 and PC2 to use tagged interfaces. If these are Windows stations, it's not impossible, just difficult and NIC driver-dependent. Cheers, Freddie Typos courtesy of my phone. >