FBSD 15 :: if_bridge help needed
- Reply: Patrick M. Hausen: "Re: FBSD 15 :: if_bridge help needed"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 08 Oct 2025 06:51:08 UTC
Trying to get ahead of this before 15's release.
What I thought was going to be pretty simple isn't turning out as such.
They say a picture is worth a thousand words:
+-------------+
| Jail 1 | <- controls epair0b and tags
w/ (epair0b.60)
+-------------+
/
/ <- should trunk vlan 60
+------------+
| bridge0 |
+------------+
\ <- should be an access port vhid 60
\
+---------------+
| Jail 2 | <- controls only epair1b and
does no tagging
+---------------+
Simply put two epairs' "A" sides have been placed into the bridge via:
ifconfig bridge0 addm $epair0a tagged 60 up
ifconfig bridge0 addm $epair1a untagged 60 up
The two corresponding epairs' "B" sides have been placed into each
jail via a jail.conf directive:
Jail 1:
vnet.interface = "epair0b";
Jail 2:
vnet.interface = "epair1b";
Jail 1 then furthers the above, with creating a vlan(4) off of epair0b
while Jail 2 does no such thing.
This should effectively be a scenario where jail 1 is connected to a
trunk, while jail 2 is connected to an access port.
Given the documentation (which follows), I cannot for the life of me
figure out what I'm doing wrong. Jail 1 cannot communicate with jail
2 over vlan 60 via the bridge.
Any insight here would be appreciated.
Thanks,
Paul Procacci
Relevant documentation:
"
The interface name may be followed by one or more of the
following options:
untagged vlan-id Set the untagged VLAN identifier for the
interface. This is equivalent to the
ifuntagged command.
tagged vlan-set Set the allowed VLAN list for the interface.
This is equivalent to the iftagged command.
"
and
"
iftagged interface vlan-list
Set the interface's VLAN access list to the provided list of
VLANs. The list should be a comma-separated list of one or more
VLAN IDs or ranges formatted as first-last, the value “none”
meaning the empty set, or the value “all” meaning all VLANs
(1-4094).
This option is only meaningful if the vlanfilter option is
enabled for the bridge; otherwise, all VLANs will be permitted.
ifuntagged interface vlan-id
Set the untagged VLAN identifier for an interface. Frames
received on this interface without an 802.1Q tag will be assigned
to this VLAN instead of the default VLAN 0, and outgoing frames
on this VLAN will have their 802.1Q tag removed.
"
bridge0 (trimmed)
bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP>
metric 0 mtu 1500
options=10<VLAN_HWTAGGING>
ether 58:9c:fc:10:6f:fa
bridge flags=1<VLANFILTER>
member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 12 priority 128 path cost 2000 vlan protocol
802.1q untagged 60
member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 10 priority 128 path cost 2000 vlan protocol
802.1q tagged 10,20,30,40,50,60,70
epair0a: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP>
metric 0 mtu 1500
options=60000b<RXCSUM,TXCSUM,VLAN_MTU,RXCSUM_IPV6,TXCSUM_IPV6>
ether 58:9c:fc:10:8b:0f
status: active
epair1a: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP>
metric 0 mtu 1500
options=60000b<RXCSUM,TXCSUM,VLAN_MTU,RXCSUM_IPV6,TXCSUM_IPV6>
ether 58:9c:fc:10:87:aa
status: active
epair0b.60: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP>
metric 0 mtu 1500
options=0
ether 58:9c:fc:10:bb:b7
inet 192.168.60.1 netmask 0xffffff00 broadcast 192.168.60.255
vlan: 60 vlanproto: 802.1q vlanpcp: 0 parent interface: epair0b
status: active
epair1b: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP>
metric 0 mtu 1500
options=60000b<RXCSUM,TXCSUM,VLAN_MTU,RXCSUM_IPV6,TXCSUM_IPV6>
ether 58:9c:fc:10:00:5d
inet 192.168.60.2 netmask 0xffffff00 broadcast 192.168.60.255
status: active
--
__________________
:(){ :|:& };: