One more comment - unless there are more VLAN 1 and VLAN 2 sub-interfaces you need to put into BDs 1 and 2, then you may just configure IP addresses on the sub-interfaces to route directly, as suggested by Andrew. It would be a lot more efficient than going through two BDs and route via BVIs. -John
-----Original Message----- From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of John Lo (loj) Sent: Thursday, April 19, 2018 4:48 PM To: carlito nueno <carlitonu...@gmail.com>; Andrew Yourtchenko <ayour...@gmail.com> Cc: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] VLAN to VLAN The config looks correct and should work, assuming the following: 1. The devices connected to GigabitEthernet0/14/0.2 have IP addresses in the 192.168.2.1/24 subnet with default gateway set to that of the BVI IP address of 192.168.2.1. 2. The devices connected to GigabitEthernet0/14/0.3 have IP addresses in the 192.168.3.1/24 subnet with default gateway set to that of the BVI IP address of 192.168.3.1. One improvement is to put the BVI interfaces into their own VRF by setting loop0 and loop1 into a specific ip table to not use the global routing table. For example, set the following before assigning IP address to loop0 and loop1: set int ip table loop0 4 set int ip table loop1 4 This will make the routing between BD-VLANs 2 and 3 private and more secure. Regards, John -----Original Message----- From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of carlito nueno Sent: Thursday, April 19, 2018 4:15 PM To: Andrew Yourtchenko <ayour...@gmail.com> Cc: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] VLAN to VLAN My current VLAN config: loopback create set int l2 bridge loop1 2 bvi set int ip address loop1 192.168.2.1/24 set int state loop1 up create sub GigabitEthernet0/14/0 2 set int l2 bridge GigabitEthernet0/14/0.2 2 set int l2 tag-rewrite GigabitEthernet0/14/0.2 pop 1 set int state GigabitEthernet0/14/0.2 up loopback create set int l2 bridge loop2 3 bvi set int ip address loop2 192.168.3.1/24 set int state loop2 up create sub GigabitEthernet0/14/0 3 set int l2 bridge GigabitEthernet0/14/0.3 3 set int l2 tag-rewrite GigabitEthernet0/14/0.3 pop 1 set int state GigabitEthernet0/14/0.3 up So this should route traffic between VLAN 2 and VLAN 3, correct? Thanks On Thu, Apr 19, 2018 at 12:52 PM, Andrew Yourtchenko <ayour...@gmail.com> wrote: > > hi Carlito, > > you can configure subinterfaces with tags and assign the ip addresses > so the VPP does routing and then either use vnet ACLs or acl plugin to > restrict the traffic. > > —a > > On 19 Apr 2018, at 21:07, Dave Barach <dbar...@cisco.com> wrote: > > Begin forwarded message: > > From: Carlito Nueno <carlitonu...@gmail.com> > Date: April 19, 2018 at 9:03:51 AM HST > To: dbar...@cisco.com > Subject: VLAN to VLAN > > Hi Dave, > > How can I enable VLAN to VLAN communication? I want to have devices on > one VLAN talk to devices on another VLAN, if possible constrain the > devices by MAC or IP address. > > For example, only device with MAC (aa:aa:bb:80:90) or IP address > (192.168.2.20) on VLAN 100 can talk to devices on VLAN 200 > (192.168.3.0/24). > > Thanks > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9003): https://lists.fd.io/g/vpp-dev/message/9003 View All Messages In Topic (5): https://lists.fd.io/g/vpp-dev/topic/17639114 Mute This Topic: https://lists.fd.io/mt/17639114/21656 New Topic: https://lists.fd.io/g/vpp-dev/post Change Your Subscription: https://lists.fd.io/g/vpp-dev/editsub/21656 Group Home: https://lists.fd.io/g/vpp-dev Contact Group Owner: vpp-dev+ow...@lists.fd.io Terms of Service: https://lists.fd.io/static/tos Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub -=-=-=-=-=-=-=-=-=-=-=-
