diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-03-19 17:09:59 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-03-19 17:09:59 +0100 |
commit | 5717ece9dc79b43a2a319eaf592e4215c8d722c8 (patch) | |
tree | c96cc6d11e06093f806761c26cda44b82b738a9c /python/vyos | |
parent | fbc10c8ccdcba6b8625cc8286d59bd854e8b30f2 (diff) | |
download | vyos-1x-5717ece9dc79b43a2a319eaf592e4215c8d722c8.tar.gz vyos-1x-5717ece9dc79b43a2a319eaf592e4215c8d722c8.zip |
bridge: T3415: add port isolation / private-vlan option
Private VLAN, also known as port isolation, is a technique in computer
networking where a VLAN contains switch ports that are restricted such that
they can only communicate with a given "uplink". The restricted ports are
called "private ports".
Each private VLAN typically contains many private ports, and a single uplink.
The uplink will typically be a port (or link aggregation group) connected to a
router, firewall, server, provider network, or similar central resource.
Q: https://en.wikipedia.org/wiki/Private_VLAN
Diffstat (limited to 'python/vyos')
-rw-r--r-- | python/vyos/ifconfig/bridge.py | 6 | ||||
-rw-r--r-- | python/vyos/ifconfig/interface.py | 18 |
2 files changed, 24 insertions, 0 deletions
diff --git a/python/vyos/ifconfig/bridge.py b/python/vyos/ifconfig/bridge.py index 600bd3db8..14f64a8de 100644 --- a/python/vyos/ifconfig/bridge.py +++ b/python/vyos/ifconfig/bridge.py @@ -312,9 +312,15 @@ class BridgeIf(Interface): # not have any addresses configured by CLI so just flush any # remaining ones lower.flush_addrs() + # enslave interface port to bridge self.add_port(interface) + # always set private-vlan/port isolation + tmp = dict_search('isolated', interface_config) + value = 'on' if (tmp != None) else 'off' + lower.set_port_isolation(value) + # set bridge port path cost if 'cost' in interface_config: value = interface_config.get('cost') diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index fe6a3c95e..5a1605a18 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -113,6 +113,10 @@ class Interface(Control): 'convert': lambda name: name if name else '', 'shellcmd': 'ip link set dev {ifname} alias "{value}"', }, + 'bridge_port_isolation': { + 'validate': lambda v: assert_list(v, ['on', 'off']), + 'shellcmd': 'bridge link set dev {ifname} isolated {value}', + }, 'mac': { 'validate': assert_mac, 'shellcmd': 'ip link set dev {ifname} address {value}', @@ -689,6 +693,20 @@ class Interface(Control): """ self.set_interface('path_priority', priority) + def set_port_isolation(self, on_or_off): + """ + Controls whether a given port will be isolated, which means it will be + able to communicate with non-isolated ports only. By default this flag + is off. + + Use enable=1 to enable or enable=0 to disable + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth1').set_port_isolation('on') + """ + self.set_interface('bridge_port_isolation', on_or_off) + def set_proxy_arp(self, enable): """ Set per interface proxy ARP configuration |