From nobody Sat Apr 23 21:20:02 2022 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id BDB701993355 for ; Sat, 23 Apr 2022 21:21:04 +0000 (UTC) (envelope-from lutz@iks-jena.de) Received: from annwfn.iks-jena.de (annwfn.iks-jena.de [IPv6:2001:4bd8::19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Km42R4HtKz4n9y for ; Sat, 23 Apr 2022 21:21:03 +0000 (UTC) (envelope-from lutz@iks-jena.de) X-SMTP-Sender: IPv6:2001:4bd8:0:666:248:54ff:fe12:ee3f Received: from belenus.iks-jena.de (belenus.iks-jena.de [IPv6:2001:4bd8:0:666:248:54ff:fe12:ee3f]) by annwfn.iks-jena.de (8.15.2/8.15.2) with ESMTPS id 23NLK20l032183 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 23 Apr 2022 23:20:03 +0200 X-MSA-Host: belenus.iks-jena.de Received: (from lutz@localhost) by belenus.iks-jena.de (8.14.3/8.14.1/Submit) id 23NLK2r6004733; Sat, 23 Apr 2022 23:20:02 +0200 Date: Sat, 23 Apr 2022 23:20:02 +0200 From: Lutz Donnerhacke To: "Patrick M. Hausen" Cc: Benoit Chesneau , "freebsd-net@FreeBSD.org" Subject: Re: how to bridge "native" vlan? Message-ID: <20220423212002.GC3774@belenus.iks-jena.de> References: <8E5C5DFB-B029-4B32-A67B-D09042ACCEE3@punkt.de> List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8E5C5DFB-B029-4B32-A67B-D09042ACCEE3@punkt.de> X-message-flag: Please send plain text messages only. Thank you. User-Agent: Mutt/1.5.17 (2007-11-01) X-Rspamd-Queue-Id: 4Km42R4HtKz4n9y X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of lutz@iks-jena.de designates 2001:4bd8::19 as permitted sender) smtp.mailfrom=lutz@iks-jena.de X-Spamd-Result: default: False [-1.19 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2001:4bd8::/48]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[donnerhacke.de]; NEURAL_HAM_LONG(-0.85)[-0.846]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-0.57)[-0.575]; NEURAL_HAM_MEDIUM(-0.67)[-0.674]; MLMMJ_DEST(0.00)[freebsd-net]; FORGED_SENDER(0.30)[lutz@donnerhacke.de,lutz@iks-jena.de]; RCVD_IN_DNSWL_LOW(-0.10)[2001:4bd8:0:666:248:54ff:fe12:ee3f:received]; SUBJECT_ENDS_QUESTION(1.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:15725, ipnet:2001:4bd8::/29, country:DE]; MIME_TRACE(0.00)[0:+]; FROM_NEQ_ENVFROM(0.00)[lutz@donnerhacke.de,lutz@iks-jena.de]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N On Thu, Apr 21, 2022 at 02:11:54PM +0200, Patrick M. Hausen wrote: > > Am 21.04.2022 um 11:29 schrieb Benoit Chesneau : > > I have an interface on which multiple vlans are connected. I would like to bridge the vlan 100 and 200 but also have a bridge for the "native" vlan 1. I Can setup a bridge for vlan 100 and 200 the way below I think but how to create a bridge for the "native" vlan? > > I don't have any experience with netgraph but I do know that > you cannot do that with if_bridge(4). If you make the physical > interface the member of a bridge, you cannot use additional > VLANs on that interface, anymore. > > Does anybody know if the same restriction applies to ng_bridge(4)? ng_bridge does not inspect the ethertypes only the mac addresses of the frames. So you can split the VLANs using ng_vlan and connect them to the three bridges: : mkpeer em0: vlan lower downstream : name em0:lower vlan0 : mkpeer vlan0: bridge 100 0 : mkpeer vlan0: bridge 200 0 : mkpeer vlan0: bridge nomatch 0 : msg vlan0: addfilter { vid=100 hook="100" } : msg vlan0: addfilter { vid=200 hook="200" } : name vlan0:100 bridge100 : name vlan0:200 bridge200 : mkpeer em1: vlan lower downstream : name em1:lower vlan1 : connect vlan1: bridge100: 100 1 : connect vlan1: bridge200: 200 1 : connect vlan1: bridge_untagged: nomatch 1 : msg vlan1: addfilter { vid=100 hook="100" } : msg vlan1: addfilter { vid=200 hook="200" } : mkpeer em2: vlan lower downstream : name em2:lower vlan2 : connect vlan2: bridge100: 100 2 : connect vlan2: bridge200: 200 2 : connect vlan2: bridge_untagged: nomatch 2 : msg vlan2: addfilter { vid=100 hook="100" } : msg vlan2: addfilter { vid=200 hook="200" }