[Bridge] Looking at impl. Private VLAN
Joakim Tjernlund
joakim.tjernlund at transmode.se
Mon Jun 8 09:52:25 PDT 2009
Ross Vandegrift <ross at kallisti.us> wrote on 08/06/2009 17:50:32:
>
> On Mon, Jun 08, 2009 at 05:35:55PM +0200, Joakim Tjernlund wrote:
> >
> > I am looking into impl Private VLAN(or part thereof) as specified by
> > http://www.rfc-editor.org/internet-drafts/draft-sanjib-private-vlan-10.txt
> >
> > Would that be a welcome addition to the linux bride or is there
> > a better method for doing "Private VLAN"?
>
> It should be pretty simple to cook up a private VLAN setup using
> ebtables. At the simplest level, you could simply write policy to
> only permit frames between specified interfaces. In this way, each
> group of interfaces would represent a private VLAN.
hmm, I have never used ebtables, will have to look into that. Could
you give men an example on how to configure(using ebtables) the following:
br0 with one I/F(eth_master) in Promisc(as defined in the Private VLAN spec above) mode
and two I/F's( eth_client1 and eth_client2) in Isolated mode?
>
> But ebtables is pretty flexible - with the right ruleset, you should
> be able to cook up all kinds of crazy, fun stuff!
Does this mean that you think "Private VLAN" support is unneeded in
the Linux bridge? From you comments it seems like one should be able to do most
things with ebtables, but is this also the preferred way?
Jocke
More information about the Bridge
mailing list