2 files changed, 21 insertions, 7 deletions

diff --git a/python/vyos/ifconfig/bridge.py b/python/vyos/ifconfig/bridge.py
index 7c77e050a..e6cda4adb 100644
--- a/python/vyos/ifconfig/bridge.py
+++ b/python/vyos/ifconfig/bridge.py
@@ -309,15 +309,12 @@ class BridgeIf(Interface):
                     vlan_filter = 1
                     cmd = f'bridge vlan del dev {interface} vid 1'
                     self._cmd(cmd)
-                    vlan_del.add(1)
                     vlan_id = interface_config['native_vlan']
+                    if vlan_id != 1:
+                        vlan_del.add(1)
                     cmd = f'bridge vlan add dev {interface} vid {vlan_id} pvid untagged master'
                     self._cmd(cmd)
                     vlan_add.add(vlan_id)
-                else:
-                    cmd = f'bridge vlan del dev {interface} vid 1'
-                    self._cmd(cmd)
-                    vlan_del.add(1)
                 
                 if 'allowed_vlan' in interface_config:
                     vlan_filter = 1
@@ -325,6 +322,11 @@ class BridgeIf(Interface):
                         cmd = f'bridge vlan add dev {interface} vid {vlan} master'
                         self._cmd(cmd)
                         vlan_add.add(vlan)
+                
+                if vlan_filter:
+                    if 'native_vlan' not in interface_config:
+                        cmd = f'bridge vlan del dev {interface} vid 1'
+                        self._cmd(cmd)
         
         
         for vlan in vlan_del:
diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py
index 076bdb63e..7af3e3d7c 100755
--- a/src/conf_mode/interfaces-bridge.py
+++ b/src/conf_mode/interfaces-bridge.py
@@ -123,12 +123,12 @@ def get_config(config=None):
             
             # VLAN-aware bridge members must not have VLAN interface configuration
             if 'native_vlan' in interface_config:
-                if 'disable' not in interface_config['native_vlan']:
-                    vlan_aware = True
+                vlan_aware = True
             
             if 'allowed_vlan' in interface_config:
                 vlan_aware = True
             
+            
             if vlan_aware:
                 tmp = has_vlan_subinterface_configured(conf,interface)
                 if tmp:
@@ -142,6 +142,8 @@ def verify(bridge):
 
     verify_dhcpv6(bridge)
     verify_vrf(bridge)
+    
+    vlan_aware = False 
 
     if dict_search('member.interface', bridge):
         for interface, interface_config in bridge['member']['interface'].items():
@@ -168,6 +170,16 @@ def verify(bridge):
             if 'has_vlan' in interface_config:
                 raise ConfigError(error_msg + 'it has an VLAN subinterface assigned!')
             
+            # VLAN-aware bridge members must not have VLAN interface configuration
+            if 'native_vlan' in interface_config:
+                vlan_aware = True
+            
+            if 'allowed_vlan' in interface_config:
+                vlan_aware = True
+            
+            if vlan_aware and 'wlan' in interface:
+                raise ConfigError(error_msg + 'VLAN aware cannot be set!')
+            
             if 'allowed_vlan' in interface_config:
                 for vlan in interface_config['allowed_vlan']:
                     if re.search('[0-9]{1,4}-[0-9]{1,4}', vlan):