Age | Commit message (Collapse) | Author |
|
The VLAN aware bridge was forwarding traffic between member ports, but traffic
destined torwards the CPU was dropped. This resulted in a gateway not reachable
or DHCP leases that could not be handed out.
Tested via:
VyOS
set interfaces bridge br0 enable-vlan
set interfaces bridge br0 member interface eth1 allowed-vlan '10'
set interfaces bridge br0 member interface eth1 allowed-vlan '20'
set interfaces bridge br0 member interface eth1 allowed-vlan '30'
set interfaces bridge br0 member interface eth1 allowed-vlan '40'
set interfaces bridge br0 member interface eth1 native-vlan '40'
set interfaces bridge br0 member interface eth2 allowed-vlan '30'
set interfaces bridge br0 member interface eth2 allowed-vlan '20'
set interfaces bridge br0 member interface eth2 allowed-vlan '10'
set interfaces bridge br0 member interface eth2 allowed-vlan '40'
set interfaces bridge br0 vif 10 address '10.0.10.1/24'
set interfaces bridge br0 vif 20 address '10.0.20.1/24'
set interfaces bridge br0 vif 30 address '10.0.30.1/24'
set interfaces bridge br0 vif 40 address '10.0.40.1/24'
Arista vEOS
vlan 10,20,30,40
interface Ethernet1
switchport trunk allowed vlan 10,20,30,40
interface Vlan10
ip address 10.0.10.2/24
interface Vlan20
ip address 10.0.20.2/24
interface Vlan30
ip address 10.0.30.2/24
interface Vlan40
ip address 10.0.40.2/24
interface Ethernet1
switchport trunk allowed vlan 10,20,30,40
switchport mode trunk
spanning-tree portfast
Cisco vIOS
interface GigabitEthernet0/0
ip address 10.0.40.3 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 10.0.10.3 255.255.255.0
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 10.0.20.3 255.255.255.0
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 10.0.30.3 255.255.255.0
!
(cherry picked from commit f60d0e1ce029925b843f635b36154c90049b9577)
|
|
ocserv: openconnect: T4614: add support for split-dns (equuleus)
|
|
syslog: T4039: Add protocol23format logging for UDP
|
|
Add protocol23format for rsyslog protocol UDP
Add ability to use IPv6 addresses (bracketize_ipv6) for
protocol TCP and UDP, when protocol is configured explicity
|
|
Debian: T4584: remove version number from hostap package requirement
|
|
(cherry picked from commit 681bdf2946d1d10f3b432f70452a8d018b7a98ae)
|
|
To reproduce:
set vpn openconnect authentication mode local
commit
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 147, in <module>
verify(c)
File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 64, in verify
if not ocserv["authentication"]["local_users"] or not ocserv["authentication"]["local_users"]["username"]:
KeyError: 'local_users'
|
|
set vpn openconnect network-settings split-dns <domain>
(cherry picked from commit e41685a2f56cca0a53b4f8c084f61a85cf561c80)
|
|
(cherry picked from commit bd102eac6d0c97a5f75324d1248814ebdad42da5)
|
|
MACsec: T4537: fix AES-GCM-256 support
|
|
(cherry picked from commit 0943ac00412b0049b7a20a54e27e7b8025726598)
|
|
AES-GCM-256
(cherry picked from commit e19889adf8cef101d85a279055271a68b078ec73)
|
|
(cherry picked from commit 993961f60ead2a18912eb577b1152463d4eb8b4e)
|
|
(cherry picked from commit 17e76dc77801ac58b2587f664c884c0d671a55c0)
|
|
(cherry picked from commit 258e6873b60531fe70d868d2e53ce2f921fe7f13)
|
|
(cherry picked from commit fa25d349aebc86e43957f37db765787fb7e431db)
|
|
(cherry picked from commit 5e919d3f91bccaf64878a94756c21766896db132)
|
|
(cherry picked from commit b2ff1407330e383a9fff688376377efc534bcfbc)
|
|
(cherry picked from commit bc70c1f502bc587627b1bd15f6803c6c09d20a66)
|
|
(cherry picked from commit 82d8494d349edd7707c3811a71ca0e9c0648204e)
|
|
(cherry picked from commit 393355f7feaa921eba46b83d4f15ad4a5c37adab)
|
|
Fix missing dict_search import in interfaces-macsec.py
|
|
|
|
mtu: T4572: Add DHCP-option MTU to get values from DHCP-server
|
|
bridge: bugfixes for equuleus
|
|
backport: router-advert: T4582: fix preferred cannot equal valid lifetime
|
|
Ability to get MTU from DHCP-server and don't touch it per
any interface change if interface 'dhcp-options mtu' is
configured
(cherry picked from commit 29b0ee30bf2622a40ca3d17e3f6b9e94e5b62072)
|
|
(cherry picked from commit a09359828e38c5b51a4579af16b5ea263a98233f)
|
|
We should not print the entire dictionary - we only need the bridge interface
name:
Bug:
Cannot assign address to interface "eth1" as it is a member of bridge
"{'br0': {'allowed_vlan': ['5-50', '101'], 'native_vlan': '101'}}"!
Fixed:
Cannot assign address to interface "eth1" as it is a member of bridge
"br0"!
(cherry picked from commit 71f2f2d789bd3452ca7b5306f39df5f6537bfef0)
|
|
Allows preferred lifetime for prefix advertisements to equal the
configured valid lifetime as per RFC 4861.
(cherry picked from commit f6efe3035d352970dc492450c3c9ddf710dda5fe)
|
|
aware bridge
(cherry picked from commit dbc8e243e13b370e74c6ab20b642c881b6377bd5)
|
|
... otherwise functionality like bridge VLANs will loose configuration
on membe rinterface update (e.g. description)
(cherry picked from commit a295ec1fc4cb9cdbb0bd5efd7c8e72060ce036f5)
|
|
(cherry picked from commit 54227591a0eb3c7aa8c896c6ec8b1826ce070ddf)
|
|
Interface() base class already takes care about VLAN creation/removal of
newly added or no longer required interfaces. No need to code this logic again.
(cherry picked from commit 41477cc85208507be55f8db4e412ad78eae764eb)
|
|
(cherry picked from commit 99ff0ac7d29a65466a0fe4a12ef1a42cce90ece0)
|
|
snmp: T2763: Add protocol TCP for service SNMP
|
|
equuleus: Bond and Bridge interface fixes + new smoketests
|
|
smoketest: T4532: Fix for smoketest flow-accounting
|
|
(cherry picked from commit 81e0f4a8dece85da7169ba05448e870206aaf57b)
|
|
When removing a VRF from an ethernet interface and adding the interface to a
bond in the same commit led to an OSError: [Errno 16] Device or resource busy!
(cherry picked from commit 3592f56a8deb6c44dcdd7a44ef54fc2c39eb1a3b)
|
|
This extends commit 39157912 ("vyos.configdict(): T4228: is_member() must use
the "real" hardware interface") and returns the config dict of the used member
interfaces.
(cherry picked from commit 5b4f76429989a6ab8ca64aeed5a1fae09fe7c6ca)
|
|
It makes no sense to enslave an interface to a bond or a bridge device if it is
bound to a given VRF. If VRFs should be used - the encapuslating/master
interface should be part of the VRF.
Error out if the member interface is part of a VRF.
(cherry picked from commit 87d2dff241d9ab4de9f3a2c7fbf9852934557aef)
|
|
VRF names: "add, all, broadcast, default, delete, dev, get, inet,
mtu, link, type, vrf" are reserved and cannot be used for vrf name
(cherry picked from commit 52342f389af2da2995b858d026e6fbcad5c8bfaa)
|
|
(cherry picked from commit 74d6a7e4fc9e2e929c5f899070e6fc3e3e3b5ceb)
|
|
Commit 39157912 ("vyos.configdict(): T4228: is_member() must use the "real"
hardware interface") added a bugfix on calling is_member() to retrieve the real
physical information about an interface. It did not include a code path to also
split up VLAN interfaces.
This has been fixed.
(cherry picked from commit fdeae251431cb747e8f60d96269b4365b7401807)
|
|
Linux Kernel supports to specify the MII link monitoring frequency in
milliseconds. This determines how often the link state of each slave is
inspected for link failures. A value of zero disables MII link monitoring.
A value of 100 is a good starting point.
The default value is 100.
set interfaces bonding bond0 mii-mon-interval <n>
(cherry picked from commit 4315c8fa5bb090e2b7edd6bda205041623e2511d)
|
|
(cherry picked from commit 8d1bb953b784d03e02ba26e78da5488a79aaf20d)
|
|
When is_member() is inspecting the bridge/Bond member interfaces it must work
with the real interface (e.g. eth1) under the "ethernet" node and not work on
the "member interface eth1" CLI tree, that makes no sense at all.
(cherry picked from commit 3915791216998a18bf6831450df68ee199e2e4f8)
|
|
Ability to listen TCP port for service SNMP
set service snmp protocol tcp
|
|
Delete extra space for template uacctd.conf.tmpl
Update smoketest to replace '.' with '-'
|