25
votes
Accepted
Bridged interfaces and VLAN tags
Yes: you can set the bridge to be VLAN aware.
The bridge will then handle VLAN IDs attached to frames crossing it, including tagging and untagging them according to configuration, and will send a ...
- 39.5k
9
votes
Accepted
Linux VLAN-aware bridges and trunk ports
When using the bridge vlan command, you can add (or delete) a range of VLAN IDs in a single shot. For example:
# bridge vlan add vid 2-4094 dev eth0
will add all available VLANs to the trunk ...
- 39.5k
8
votes
Accepted
Linux bond with VLAN question
You need to configure the devices, then the bond and finally the VLAN config files. You also have to pay attention on what attributes work where, such as the bonding_opts, which can only be in the ...
- 1,455
5
votes
Add vlan to interface with unique mac - different syntax for different Linux distros
You can assign VLAN MAC address with ip command:
# ip link add link <interface> name <vlan interface name> address <mac> type vlan id <vlan ID>
Example:
# ip link add link ...
- 1,476
5
votes
Accepted
Need to DNAT mac based on vlan and destination IP match.
This is a limitation of current bridge filtering with ebtables: ebtables matches are specific rather than generic, and unless one adds a vlan-plus-ip match, it's not possible to match a VLAN tagged IP ...
- 39.5k
4
votes
Accepted
Linux IP bridge and vlan_filtering
I found the command for altering the bridge vlans needs slightly different syntax. 'self' must be appended to the device:
bridge vlan add dev br0 self vid 2 pvid
Then the command works as expected.
- 71
4
votes
Communication fails on DSA ethernet ports of Banana Pi R1 (Lamobo R1)
Per default in ArmBian and also in the former Bananian, the 4 ports besides the WAN port are bridged; they are only presented as a single IP interface, being the second interface the WAN port. That is ...
- 58k
3
votes
Accepted
Iptables NAT / Kernel IP forwarding limited to ~10Mbit
The Banana R1/Lamobo R1 while an interesting piece of hardware has too many shortcomings.
Firstly, the "switch" internal interface bandwidth is shared. A theoretical 1GBps tops for all shared 5 ports;...
- 58k
3
votes
Setup VLAN on linux bridge for virtual machines with systemd
PLEASE NOTE:
This configuration is deprecated and no longer supported. I have decided to continue it on serverfault at VLAN support with libvirt for linux bridge to virtual machines, because I think ...
- 726
3
votes
Accepted
VLAN tagging: duplicated packets
There is only one physical interface: eth0. Any virtual interface (here: eth0.0001) linked to the actual interface is showing encapsulated traffic in its virtual view until the traffic is emitted ...
- 39.5k
2
votes
In which vlan am I in?
lldpd package is probably the best solution.
lldpctl
the downside to lldpd is it sends out ARP requests using a hardcoded MAC address. If you install it across multiple machines on the same switch, ...
- 121
2
votes
Centos 7: failed to bring up/down networking: configure interface for a trunk interface
I had this error after importing a VM.
The solution is to fix the HW address in the /etc/sysconfig/network-scripts/ifcfg-ens32 (ens32 happened to be my interface. You can check yours using Network ...
2
votes
Difference between ip link add ... vlan and bridge vlan add vid...?
As you can see from man bridge, bridge vlan ... manipulates the VLAN filter list of a bridge (that describes which ports are enabled for which VLAN tags), while ip link add ... type vlan will create a ...
- 33.4k
2
votes
nftables / iptables rules to rewrite source IP by interface
Yes, it's reasonable.
Unfortunately, Linux DNAT ("destination-rewriting NAT") is restricted to the prerouting chain. This is a PITA in your case, because it means you either:
(a). do the DNAT on ...
- 33.4k
2
votes
Accepted
system get wrong gateway when bonding
Well, it seems gateway (also known as default gateway) is something different from what you think it is, since the way you have it configured looks incorrect to me.
The default gateway defines how ...
- 22.6k
2
votes
InterVLAN between namespaces using a third namespace as a router
Not having used Open vSwitch before, I now had to play around with this.
The key information is in man 5 ovs-vswitchd.conf.db, where the various vlan_mode are explained.
In particular, for an access ...
- 33.4k
2
votes
Accepted
Create multiple untagged virtual interface on a single physical interface
Thanks to LL3 I found out that this feature is called macvlan, for your reference I'll put the command here:
ip link add link eth0 address 00:cc:cc:cc:11:33 eth0mac2 type macvlan
ip link set eth0mac2 ...
- 216
2
votes
Accepted
Linux route selection not taking expected rule
Firstly, it's best to only use the ip commands, so you should have used ip route show (or ip r for short) to list the routing table.
In this case, the route over the VPN is for 10.0.2.0/255.255.255....
- 16.5k
2
votes
Accepted
Why I can't ping between two siblings macvlans in bridge mode?
The Linux kernel detects incoming packets with a local source address, considers them a routing mistake (packets that a particular computer sends out should never come back), and drops them to prevent ...
- 33.4k
2
votes
Does libvirt support vlan aware bridges?
Support for VLAN-aware Linux bridges was added in libvirt 11.0.
- 1,393
2
votes
Accepted
How to create a linux vlan aware bridge with ingress packets untagged and egress packets tagged
Introduction/Initial setup
This answer doesn't attempt to integrate in network configuration tools the commands used below. The following tools, at least, are expected to be usable for this purpose ...
- 39.5k
2
votes
Linux server VLAN tags using SNMP
Unfortunately the Net-SNMP snmpd will not provide VLAN information as standard. You would have to set up a custom extension for that.
(I think some Intel proprietary NIC drivers for Linux once ...
- 114k
1
vote
Creating a VLan interface in SystemD, creates extra interface. What is this?
The second interface pulls up the required link-local address for your ipv6 interface. For further info see: https://en.wikipedia.org/wiki/Link-local_address#IPv6_address
- 186
1
vote
Accepted
Why do I see VLAN tag in my ARP IP packet even though I have disabled the module 8021.q in CentOS 7?
Issue is with the decoding type I have selected. I selected decoding as VLAN for link and then selected decoding as do not decode. Thus somehow ended up with the above wrong decoding.
I just need to ...
- 915
1
vote
Communication fails on DSA ethernet ports of Banana Pi R1 (Lamobo R1)
The snippets in https://github.com/armbian/build/issues/511 gave me the right direction and I ended up with this /etc/network/interfaces file:
auto lo
iface lo inet loopback
auto eth0.101
iface eth0....
- 249
1
vote
Accepted
Hosting a simple honeypot server in each of 3 VLANs using one ethernet port
For this "simple" case (ie not involving bridges and bridge ports, overlapping VLANs or any other fancy setup), you just have to create three vlan sub-interfaces with their default settings. Once done ...
- 39.5k
1
vote
Accepted
port 1556 listening on tcp6 causing issues
It's hard to say exactly what's causing the error.
Having IPv6 enabled, and listening on the same port shouldn't cause issues.
Any system which has dual-stack capability should handle it fine.
I've ...
- 26
1
vote
Accepted
nftables / iptables rules to rewrite source IP by interface
I was able to achieve this with the following nftables ruleset (I had to build nft from source as v0.5 which ships with Ubuntu 16.04 doesn't support packet field mangling) :
table ip mytable {
...
- 415
1
vote
Accepted
Bonding of virtual network interfaces
The answer is: Yes it is possible. At least with RedHat, where the bonding of virtual interfaces works the same way as the bonding of physical interfaces.
It is even possible to bond (mode=broadcast) ...
- 223
1
vote
Virtual LANs in memory for several virtual machines on one host
VirtualBox will do that nicely. You'll want to use "host only" network type or "internal only".
Host only - creates a virtual NIC on your machine, attaches it to a virtual switch that the VM(s) ...
- 5,085
Only top scored, non community-wiki answers of a minimum length are eligible