summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-11-14 16:49:20 +0100
committerGitHub <noreply@github.com>2020-11-14 16:49:20 +0100
commitf386ecc471080d7e0b43ef6bd376d0c71e6f5e91 (patch)
tree31e5c6888ca23be1127971293252adeb72b14b0f /docs
parent2bdeae5f7c9a0be6ffaecb2fc8c2b9e369030131 (diff)
parentb2d18af5523fceb1d5222f2040aa28738780524e (diff)
downloadvyos-documentation-f386ecc471080d7e0b43ef6bd376d0c71e6f5e91.tar.gz
vyos-documentation-f386ecc471080d7e0b43ef6bd376d0c71e6f5e91.zip
Merge pull request #377 from jack9603301/master
bridge: T3042: Document VLAN filter
Diffstat (limited to 'docs')
-rw-r--r--docs/interfaces/bridge.rst90
1 files changed, 90 insertions, 0 deletions
diff --git a/docs/interfaces/bridge.rst b/docs/interfaces/bridge.rst
index ba6d70fb..058d7b01 100644
--- a/docs/interfaces/bridge.rst
+++ b/docs/interfaces/bridge.rst
@@ -113,6 +113,57 @@ links providing fault tolerance if an active link fails.
Designated Bridges. Hello packets are used to communicate information
about the topology throughout the entire Bridged Local Area Network.
+Enable VLAN-aware bridge
+-------------------------
+
+.. cfgcmd:: set interfaces bridge <interface> member interface <member> native-vlan <vlan-id>
+
+ Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters
+ the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan
+ id flag flows out, the tag of the vlan id will be stripped
+
+.. cfgcmd:: set interfaces bridge <interface> member interface <member> allowed-vlan <vlan-id>
+
+ Allows specific VLAN IDs to pass through the bridge member interface
+
+.. cfgcmd:: set interfaces bridge <interface> member interface <member> allowed-vlan <n-m>
+
+ `n` and `m` represent a VLAN ID, which identifies a VLAN ID range and allows all VLAN IDS in this range to pass through the bridge member interface
+
+VLAN (802.1q) configuration
+---------------------------
+
+IEEE 802.1q, often referred to as Dot1q, is the networking standard that supports
+virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a
+system of VLAN tagging for Ethernet frames and the accompanying procedures to be
+used by bridges and switches in handling such frames. The standard also contains
+provisions for a quality-of-service prioritization scheme commonly known as IEEE
+802.1p and defines the Generic Attribute Registration Protocol.
+
+Portions of the network which are VLAN-aware (i.e., IEEE 802.1q conformant) can
+include VLAN tags. When a frame enters the VLAN-aware portion of the network, a
+tag is added to represent the VLAN membership. Each frame must be distinguishable
+as being within exactly one VLAN. A frame in the VLAN-aware portion of the network
+that does not contain a VLAN tag is assumed to be flowing on the native VLAN.
+
+The standard was developed by IEEE 802.1, a working group of the IEEE 802
+standards committee, and continues to be actively revised. One of the notable
+revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging)
+and much of the IEEE 802.1d standard.
+
+802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The
+term used for this is ``vif``.
+
+.. cfgcmd:: set interfaces bridge <interface> vif <vlan-id>
+
+ Create a new VLAN interface on interface `<interface>` using the VLAN number
+ provided via `<vlan-id>`.
+
+ You can create multiple VLAN interfaces on a physical interface. The VLAN ID
+ range is from 1 to 4094.
+
+ .. note:: Only 802.1Q-tagged packets are accepted on Bridge vifs.
+
*******
Example
*******
@@ -152,6 +203,45 @@ This results in the active configuration:
Example
*******
+An example of creating a VLAN-aware bridge is as follows:
+
+* A bridge named `br100`
+* The member interface `eth1` is a trunk that allows VLAN 10 to pass
+* VLAN 10 on member interface `eth2` (ACCESS mode)
+* Enable STP
+* Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64
+
+.. code-block:: none
+
+ set interfaces bridge br100 member interface eth1 allowed-vlan 10
+ set interfaces bridge br100 member interface eth2 native-vlan 10
+ set interfaces bridge br100 vif 10 address 192.0.2.1/24
+ set interfaces bridge br100 vif 10 address 2001:db8::ffff/64
+ set interfaces bridge br100 stp
+
+This results in the active configuration:
+
+.. code-block:: none
+
+ vyos@vyos# show interfaces bridge br100
+ member {
+ interface eth1 {
+ allowed-vlan 10
+ }
+ interface eth2 {
+ native-vlan 10
+ }
+ }
+ stp
+ vif 10 {
+ address 192.0.2.1/24
+ address 2001:db8::ffff/64
+ }
+
+*******
+Example
+*******
+
.. opcmd:: show bridge
The `show bridge` operational command can be used to display