Date: Sat, 28 Apr 2018 14:51:25 +0000 From: Freddie Cash <fjwcash@gmail.com> To: Abdullah Tariq <ab.tariq90@gmail.com> Cc: Eugene Grosbein <eugen@grosbein.net>, freebsd-net <freebsd-net@freebsd.org> Subject: Re: NETGRAPH- bridge vlans using netgraph help Message-ID: <CAOjFWZ6m=j6aY7nbeppCK9TTAJ1P%2BfN7Hs5sZ3CfWc7Ad4v_cA@mail.gmail.com> In-Reply-To: <CAPFxuwRdLrEmtVHGSruja6L-bcOi0Z59ae5mB1gWgi-PvU6inw@mail.gmail.com> References: <CAPFxuwQOBkGTHZbGfJz=-fUW8M%2BQGOpTM9T%2B-RO6H4fWcGEtqA@mail.gmail.com> <5AE216DC.7010905@grosbein.net> <CAPFxuwSEDTNhfn1%2B1nXPAC6skJt%2BdAych10FN9bwwBVdqevO2w@mail.gmail.com> <5AE33513.1000001@grosbein.net> <CAPFxuwRceDDoTw-4EohRdjUMSE-YN4YKWhbObuvEpxzEWOh2_A@mail.gmail.com> <5AE34754.6040905@grosbein.net> <CAPFxuwQ5TwZnnW%2B1TT7urq_0pgb=sM_VwH4x0eq0363MCdb7hw@mail.gmail.com> <5AE34CFA.7000207@grosbein.net> <CAPFxuwR54nPiKAAACRY5a_GvDNOVfdniqv6F_3PK4--7vm03uA@mail.gmail.com> <5AE437C1.8010706@grosbein.net> <CAFZYVy7_nVm5G1XDdM_TujN=jVbCyDEKABGbC=M9L5Lh1jAAzQ@mail.gmail.com> <5AE44ADD.7020302@grosbein.net> <CAPFxuwQ=Gi7GiVr%2BsdTavr6r44ftaeFDOvN7%2B3qi_7aZyH6kXw@mail.gmail.com> <5AE468D5.9030702@grosbein.net> <CAPFxuwRdLrEmtVHGSruja6L-bcOi0Z59ae5mB1gWgi-PvU6inw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Apr 28, 2018, 6:17 AM Abdullah Tariq <ab.tariq90@gmail.com> wrote: > > > > No, its simplier: single bridge contains all interfaces corresponting to > > ports of single vlan. > > You can bridge plain igb* interfaces for untagged ports; or bridge > > interface igbX with interface vlanY > > when one port carries untagged frames of vlan and another ports carries > > tagged frames of the same vlan; > > or bridge interface vlans together when all of them carry tagged frames > of > > the vlan. > > > > > Sorry but getting a little confused here. > Lets say i have 2 interfaces igb0, igb1 and i want them to have tagged > traffic. > I create vlan1 tagged 10 on igb0 > and vlan2 tagged 10 on igb1 > Next i create bridge0, assign vlan1 and vlan2 (no IPs on either the bridge, > physical interface on VLANs)? PCs connected with igb0 and igb1 have > similar IP config (e.g 192.168.10.1 and 192.168.10.2) > Am i correct? > vlan tags are added by each system when the packets leave the NIC on that system. vlan tags are checked when a packet enters a NIC, and only packets where the tag matches that one set on the NIC are allowed. Thus, what you are trying to do is not possible. But, the end-result that you want, is possible, just not the way you think. PC1 has 1.2.3.4 and sends untagged packets. PC1 is connected to igb0 on FreeBSD system. igb0 is part of bridge0. vlan5 interface is created on top of igb1 with vlan tag 5. vlan5 interface is also part of bridge0. igb1 is connected to a switch port configured with tagged vlan 5. Another switch port is configured with untagged vlan 5 (access port with PVID set to 5). PC2 has 1.2.3.5 and is plugged into that switch port. Now, PC1 and PC2 can communicate as they are both connected to vlan 5. Trace the traffic in both directions and you'll see why. PC1 sends packets with no tags --> igb0 accepts traffic with no tags --> bridge0 passes it to vlan5 --> packets get tagged with vlan 5 --> to switch port that accepts tagged traffic on vlan 5 --> out switch port that's part of vlan 5 --> tags are stripped from packet --> PC2 accepts traffic with no tags. Then reversed: PC2 serve packets with no tags --> switch port accepts traffic with no tags, adds vlan 5 to them --> tagged packets sent out other switch port --> vlan5 interface accepts tagged packets, strips the tag from then --> bridge0 passes untagged packets to igb0 --> untagged packets sent to PC1 --> PC1 accepts untagged packets. As mentioned multiple times, if you want to use tagged interfaces for everything, then you need to configure PC1 and PC2 to use tagged interfaces. If these are Windows stations, it's not impossible, just difficult and NIC driver-dependent. Cheers, Freddie Typos courtesy of my phone. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ6m=j6aY7nbeppCK9TTAJ1P%2BfN7Hs5sZ3CfWc7Ad4v_cA>