Re: Linux Bridging of Tagged-VLAN (802.1q) Ethernet Traffic
Hi, just 2 cents: The vconfig man says that many ethernet controllers will remove vlan tags in hardware, so I woulk check with a sniffer for a presence of the vlan tag in ethernet header first. ( And see the vconfig set_flag 1 effect on a vlan interface. ) On 01/24/2011 11:31 PM, shimi wrote: On Mon, Jan 24, 2011 at 11:26 PM, Oron Peledo...@actcom.co.il wrote: On Monday, 24 בJanuary 2011 21:47:20 shimi wrote: I'm trying to run a Linux Bridge in order to manipulate traffic running between trunk ports on two switches. The ports on both ends pass all their traffic with VLAN tagging to both ends (i.e. both switches has the port set to 802.1q/trunk, and the traffic flow between the switches encapsulates many subnets on different VLANs) Short googling turned out the following related links: - [LARTC] linux bridging vlans? http://mailman.ds9a.nl/pipermail/lartc/2006q1/018537.html - 802.1Q VLAN Tagging and Untagging on Linux? http://www.linuxsa.org.au/pipermail/linuxsa/2006-July/084589.html The point mentioned is that you should vconfig the *physical* interfaces and then bridge the result. The reason given for this is that it is more flexible (although more complex) -- e.g: you can bridge a physical non-vlan capable interface to a specific vlan. I didn't test any of this personally... Thanks, but, quoting my original message: I also tried intercepting VLAN traffic by creating VLANs on the physical interfaces with vconfig, then adding them to the br0 and also tried setting them up in promisc mode. This also didn't seem to have any effect. Any other idea? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Linux Bridging of Tagged-VLAN (802.1q) Ethernet Traffic
Hi all, I'm trying to run a Linux Bridge in order to manipulate traffic running between trunk ports on two switches. The ports on both ends pass all their traffic with VLAN tagging to both ends (i.e. both switches has the port set to 802.1q/trunk, and the traffic flow between the switches encapsulates many subnets on different VLANs) I have set up the bridge the following way: 0. Create bridge br0 1. Add both NICs to the same bridge; 2. Put the bridge interface up. 3. Put the physical NICs and the bridge interface in promisc mode. (as I've seen mentions for this, but I think this is a redundant stage given that it's a bridge?) If I pass regular traffic through this setup, it works correctly - i.e. the Linux box acts as if it was a switch. If I pass VLAN-tagged traffic the very same way, it doesn't pass to the other side... Upon scanning the net a bit, I've also decided to put 0 on the following kernel options: net.bridge.bridge-nf-call-arptables = 0 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-filter-vlan-tagged = 0 ... which didn't seem to have any effect. I also tried intercepting VLAN traffic by creating VLANs on the physical interfaces with vconfig, then adding them to the br0 and also tried setting them up in promisc mode. This also didn't seem to have any effect. Setting an IPv4 address on br0 also did not seem to have any effect. It is to be noted the traffic do pass correctly if I take both Ethernet cables from the machine and connect them to each other using a plastic Coupler :) Any ideas? What did I miss? Is what I am trying even possible with the kernel Bridging code? :) Thanks in advance, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Linux Bridging of Tagged-VLAN (802.1q) Ethernet Traffic
On Monday, 24 בJanuary 2011 21:47:20 shimi wrote: I'm trying to run a Linux Bridge in order to manipulate traffic running between trunk ports on two switches. The ports on both ends pass all their traffic with VLAN tagging to both ends (i.e. both switches has the port set to 802.1q/trunk, and the traffic flow between the switches encapsulates many subnets on different VLANs) Short googling turned out the following related links: - [LARTC] linux bridging vlans? http://mailman.ds9a.nl/pipermail/lartc/2006q1/018537.html - 802.1Q VLAN Tagging and Untagging on Linux? http://www.linuxsa.org.au/pipermail/linuxsa/2006-July/084589.html The point mentioned is that you should vconfig the *physical* interfaces and then bridge the result. The reason given for this is that it is more flexible (although more complex) -- e.g: you can bridge a physical non-vlan capable interface to a specific vlan. I didn't test any of this personally... Enjoy, -- Oron Peled Voice: +972-4-8228492 o...@actcom.co.il http://users.actcom.co.il/~oron We spend the first twelve months of our children's lives teaching them to walk and talk and the next twelve years telling them to sit down and shut up. -- Phyllis Diller I have set up the bridge the following way: 0. Create bridge br0 1. Add both NICs to the same bridge; 2. Put the bridge interface up. 3. Put the physical NICs and the bridge interface in promisc mode. (as I've seen mentions for this, but I think this is a redundant stage given that it's a bridge?) If I pass regular traffic through this setup, it works correctly - i.e. the Linux box acts as if it was a switch. If I pass VLAN-tagged traffic the very same way, it doesn't pass to the other side... Upon scanning the net a bit, I've also decided to put 0 on the following kernel options: net.bridge.bridge-nf-call-arptables = 0 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-filter-vlan-tagged = 0 ... which didn't seem to have any effect. I also tried intercepting VLAN traffic by creating VLANs on the physical interfaces with vconfig, then adding them to the br0 and also tried setting them up in promisc mode. This also didn't seem to have any effect. Setting an IPv4 address on br0 also did not seem to have any effect. It is to be noted the traffic do pass correctly if I take both Ethernet cables from the machine and connect them to each other using a plastic Coupler :) Any ideas? What did I miss? Is what I am trying even possible with the kernel Bridging code? :) Thanks in advance, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Linux Bridging of Tagged-VLAN (802.1q) Ethernet Traffic
On Mon, Jan 24, 2011 at 11:26 PM, Oron Peled o...@actcom.co.il wrote: On Monday, 24 בJanuary 2011 21:47:20 shimi wrote: I'm trying to run a Linux Bridge in order to manipulate traffic running between trunk ports on two switches. The ports on both ends pass all their traffic with VLAN tagging to both ends (i.e. both switches has the port set to 802.1q/trunk, and the traffic flow between the switches encapsulates many subnets on different VLANs) Short googling turned out the following related links: - [LARTC] linux bridging vlans? http://mailman.ds9a.nl/pipermail/lartc/2006q1/018537.html - 802.1Q VLAN Tagging and Untagging on Linux? http://www.linuxsa.org.au/pipermail/linuxsa/2006-July/084589.html The point mentioned is that you should vconfig the *physical* interfaces and then bridge the result. The reason given for this is that it is more flexible (although more complex) -- e.g: you can bridge a physical non-vlan capable interface to a specific vlan. I didn't test any of this personally... Thanks, but, quoting my original message: I also tried intercepting VLAN traffic by creating VLANs on the physical interfaces with vconfig, then adding them to the br0 and also tried setting them up in promisc mode. This also didn't seem to have any effect. Any other idea? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
