[Bridge] Bridging vlans

Jeremy Jones jeremy at samnjack.com
Wed Mar 24 16:23:19 PST 2004


Hi folks,

I have an implementation question regarding bridging on a linux box between
a catalyst trunk port and a cisco 26something w/802.1q subinterfaces.

So right now, there's no vlan trunking going on on the link my bridging
firewall sits on, but I'm going to need to bridge two vlans, 4 and 51.  My
question is this:  should the vlan interfaces on the linux firewall be
created first, then bridged; or should the bridge interface be created, then
vlans bound to that?

Here's the first:

ip link set eth0 up
ip link set eth1 up
vconfig set_bind_mode PER_DEVICE
vconfig set_name_type DEV_PLUS_VID_NO_PAD
vconfig add eth0 4
vconfig add eth1 4
vconfig add eth0 51
vconfig add eth1 51
ip link set eth0.4 up
ip link set eth1.4 up
ip link set eth0.51 up
ip link set eth1.51 up
brctl addbr br0 
brctl addif br0 eth0.4
brctl addif br0 eth1.4
brctl stp br0 off
ip link set br0 up
brctl addbr br1 
brctl addif br1 eth0.51
brctl addif br1 eth1.51
brctl stp br1 off
ip link set br1 up

And the second:

ip link set eth0 up
ip link set eth1 up
brctl addbr br0 
brctl addif br0 eth0
brctl addif br0 eth1
brctl stp br0 off
ip link set br0 up
vconfig set_bind_mode PER_KERNEL
vconfig set_name_type DEV_PLUS_VID_NO_PAD
vconfig add br0 4
vconfig add br0 51
ip link set br0.4 up
ip link set br0.51 up

I lean towards the first, as it gives me more interfaces to filter, and thus
more flexibility with my iptables rules.  Just looking for the wisdom of
experience...

Thanks,
Jeremy Jones






More information about the Bridge mailing list