[Bridge] Bridging vlans...
John W. Linville
linville at tuxdriver.com
Thu Mar 25 04:56:08 PST 2004
Jeremy Jones wrote:
> question is this: should the vlan interfaces on the linux firewall be
> created first, then bridged; or should the bridge interface be created, then
> vlans bound to that?
>
> Here's the first:
>
> ip link set eth0 up
> ip link set eth1 up
> vconfig set_bind_mode PER_DEVICE
> vconfig set_name_type DEV_PLUS_VID_NO_PAD
> vconfig add eth0 4
> vconfig add eth1 4
> vconfig add eth0 51
> vconfig add eth1 51
<snip>
> And the second:
>
> ip link set eth0 up
> ip link set eth1 up
> brctl addbr br0
> brctl addif br0 eth0
> brctl addif br0 eth1
<snip>
> I lean towards the first, as it gives me more interfaces to filter, and thus
Jeremy,
I have no specific experience with a situation like yours. But, that
won't stop me from rendering an opinion... :-)
I, too, would lean toward the first at least partly for the reason you
describe. But, you should also consider untagged frames and frames with
other VLAN IDs. The second configuration should bridge all frames
(tagged or untagged), while the first will only be bridging frames with
VLAN IDs of 4 or 51. I'm not sure which is your desired behaviour, but
I suspect it is the first configuration which you should prefer.
Hth...
John
--
John W. Linville
linville at tuxdriver.com
More information about the Bridge
mailing list