diff options
| author | jack9603301 <jack9603301@163.com> | 2020-11-14 18:46:22 +0800 | 
|---|---|---|
| committer | jack9603301 <jack9603301@163.com> | 2020-11-14 18:46:22 +0800 | 
| commit | b2d18af5523fceb1d5222f2040aa28738780524e (patch) | |
| tree | 31e5c6888ca23be1127971293252adeb72b14b0f | |
| parent | 2bdeae5f7c9a0be6ffaecb2fc8c2b9e369030131 (diff) | |
| download | vyos-documentation-b2d18af5523fceb1d5222f2040aa28738780524e.tar.gz vyos-documentation-b2d18af5523fceb1d5222f2040aa28738780524e.zip | |
bridge: T3042: Document VLAN filter
| -rw-r--r-- | docs/interfaces/bridge.rst | 90 | 
1 files changed, 90 insertions, 0 deletions
| diff --git a/docs/interfaces/bridge.rst b/docs/interfaces/bridge.rst index ba6d70fb..058d7b01 100644 --- a/docs/interfaces/bridge.rst +++ b/docs/interfaces/bridge.rst @@ -113,6 +113,57 @@ links providing fault tolerance if an active link fails.     Designated Bridges. Hello packets are used to communicate information     about the topology throughout the entire Bridged Local Area Network. +Enable VLAN-aware bridge +------------------------- + +.. cfgcmd:: set interfaces bridge <interface> member interface <member> native-vlan <vlan-id> + +   Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters +   the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan  +   id flag flows out, the tag of the vlan id will be stripped + +.. cfgcmd:: set interfaces bridge <interface> member interface <member> allowed-vlan <vlan-id> + +   Allows specific VLAN IDs to pass through the bridge member interface + +.. cfgcmd:: set interfaces bridge <interface> member interface <member> allowed-vlan <n-m> + +   `n` and `m` represent a VLAN ID, which identifies a VLAN ID range and allows all VLAN IDS in this range to pass through the bridge member interface + +VLAN (802.1q) configuration +--------------------------- + +IEEE 802.1q, often referred to as Dot1q, is the networking standard that supports +virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a +system of VLAN tagging for Ethernet frames and the accompanying procedures to be +used by bridges and switches in handling such frames. The standard also contains +provisions for a quality-of-service prioritization scheme commonly known as IEEE +802.1p and defines the Generic Attribute Registration Protocol. + +Portions of the network which are VLAN-aware (i.e., IEEE 802.1q conformant) can +include VLAN tags. When a frame enters the VLAN-aware portion of the network, a +tag is added to represent the VLAN membership. Each frame must be distinguishable +as being within exactly one VLAN. A frame in the VLAN-aware portion of the network +that does not contain a VLAN tag is assumed to be flowing on the native VLAN. + +The standard was developed by IEEE 802.1, a working group of the IEEE 802 +standards committee, and continues to be actively revised. One of the notable +revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) +and much of the IEEE 802.1d standard. + +802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The +term used for this is ``vif``. + +.. cfgcmd:: set interfaces bridge <interface> vif <vlan-id> + +  Create a new VLAN interface on interface `<interface>` using the VLAN number +  provided via `<vlan-id>`. + +  You can create multiple VLAN interfaces on a physical interface. The VLAN ID +  range is from 1 to 4094. + +  .. note:: Only 802.1Q-tagged packets are accepted on Bridge vifs. +  *******  Example  ******* @@ -152,6 +203,45 @@ This results in the active configuration:  Example  ******* +An example of creating a VLAN-aware bridge is as follows: + +* A bridge named `br100` +* The member interface `eth1` is a trunk that allows VLAN 10 to pass +* VLAN 10 on member interface `eth2` (ACCESS mode) +* Enable STP +* Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64 + +.. code-block:: none + +  set interfaces bridge br100 member interface eth1 allowed-vlan 10 +  set interfaces bridge br100 member interface eth2 native-vlan 10 +  set interfaces bridge br100 vif 10 address 192.0.2.1/24 +  set interfaces bridge br100 vif 10 address 2001:db8::ffff/64 +  set interfaces bridge br100 stp + +This results in the active configuration: + +.. code-block:: none + +   vyos@vyos# show interfaces bridge br100 +    member { +        interface eth1 { +            allowed-vlan 10 +        } +        interface eth2 { +            native-vlan 10 +        } +    } +    stp +    vif 10 { +        address 192.0.2.1/24 +        address 2001:db8::ffff/64 +    } + +******* +Example +******* +  .. opcmd:: show bridge     The `show bridge` operational command can be used to display | 
