关于linux:Linux-Bridge-vlan-filtering

71次阅读

共计 4376 个字符,预计需要花费 11 分钟才能阅读完成。

linux 网桥反对 vlan filtering 过滤性能后,咱们不仔再须要通过子接口的模式进行 vlan 划分,简化了 vlan 配置。

1. bridge vlan 阐明

man bridge 能够理解到,linux 通过如下命令进行 vlan filtering 的配置:

bridge vlan {add | del} dev DEV vid VID [pvid] [untagged] [self] [master]

选项阐明:

pvid:端口的默认 vlan,所有从该端口输出的没有携带 vlan 的报文,会被打上该 vlan 标签,该选项只对输出报文无效。

untagged:端口的 untag vlan,输入报文携带该 vlan 时,会被剥离。

个别状况下 pvid 和 untagged 是同时应用的,对应于 cisco 的 switchport trunk native vlan

self

master

这两个选项在帮忙手册上是这么解释的:

self   the vlan is configured on the specified physical device. Required if the device is the bridge device.
master the vlan is configured on the software bridge (default).

我的了解是:self 示意该 vlan 是增加再 bridge 设施上的,而且给桥增加 vlan 时必须且只能携带该选项,否则会报错:

ubuntu@VM-126-137-ubuntu:~$ sudo ip link add Bridge up type bridge vlan_filtering 1
ubuntu@VM-126-137-ubuntu:~/bgp-lab$ sudo bridge vlan add vid 100 dev Bridge self
ubuntu@VM-126-137-ubuntu:~/bgp-lab$ 
ubuntu@VM-126-137-ubuntu:~/$ sudo bridge vlan add vid 100 dev Bridge master
RTNETLINK answers: Operation not supported
ubuntu@VM-126-137-ubuntu:~/$ sudo bridge vlan add vid 100 dev Bridge 
RTNETLINK answers: Operation not supported
ubuntu@VM-126-137-ubuntu:~/$ 

master 示意该 vlan 是增加再 bridge 的端口设施上的,该选项是默认的,给桥上的端口增加 vlan 时能够不指定该参数。

ubuntu@ubuntu:~/$ sudo ip link del Bridge
ubuntu@ubuntu:~/$ sudo ip link add Bridge up type bridge vlan_filtering 1
ubuntu@ubuntu:~/$ sudo ip link set eth1 master Bridge
ubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev Bridge self
ubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev eth1 
ubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev eth1 master
ubuntu@ubuntu:~/$ 
ubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev eth1 self
RTNETLINK answers: Operation not supported
ubuntu@ubuntu:~/$ 
ubuntu@ubuntu:~/$ sudo bridge vlan show
port    vlan ids
eth1         1 PVID Egress Untagged
         100

Bridge   1 PVID Egress Untagged
         100

ubuntu@ubuntu:~/$ 

增加桥时,默认会以 pvid untagged 模式增加的默认 vlan 1 中,很多厂商会把 vlan 1 作为保留 vlan,不容许用户配置。

ubuntu@ubuntu:~/$ sudo ip link del Bridge
ubuntu@ubuntu:~/$ sudo bridge vlan show
port    vlan ids

ubuntu@ubuntu:~/$ sudo ip link add Bridge up type bridge vlan_filtering 1
ubuntu@ubuntu:~/$ sudo bridge vlan show
port    vlan ids

Bridge   1 PVID Egress Untagged

ubuntu@ubuntu:~/$ 

端口退出桥时,也会默认以 pvid untagged 模式增加的默认 vlan 1 中,

ubuntu@ubuntu:~/$ sudo ip link del Bridge
ubuntu@ubuntu:~/$ sudo ip link add Bridge up type bridge vlan_filtering 1
ubuntu@ubuntu:~/$ sudo ip link set eth1 master Bridge
ubuntu@ubuntu:~/$ sudo bridge vlan show
port    vlan ids
eth1         1 PVID Egress Untagged

Bridge   1 PVID Egress Untagged

ubuntu@ubuntu:~/$ 

也能够删除默认 vlan 1

ubuntu@ubuntu:~/$ sudo bridge vlan del vid 1 dev enp4s0f0 master
ubuntu@ubuntu:~/$ sudo bridge vlan show
port    vlan ids
enp129s0f0np0
enp129s0f1np1
enp4s0f0         100

Bridge   1 PVID Egress Untagged
         100

ubuntu@ubuntu:~/$ sudo bridge vlan del vid 1 dev Bridge self
ubuntu@ubuntu:~/$ sudo bridge vlan show
port    vlan ids
enp4s0f0         100

Bridge   100

ubuntu@ubuntu:~/$ 

2. 试验

2.1 ubuntu 配置

ubuntu@ubuntu:~/$ sudo ip link add Bridge up type bridge vlan_filtering 1
ubuntu@ubuntu:~/$ sudo ip link set eth1 master Bridge
ubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev Bridge self
ubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev eth1 master
ubuntu@ubuntu:~/$ sudo ip link add link Bridge name Vlan100 up type vlan id 100 
ubuntu@ubuntu:~/$ sudo ip addr add 10.0.2.1/24 dev Vlan100
ubuntu@ubuntu:~/$ sudo bridge vlan show
port    vlan ids
eth1         1 PVID Egress Untagged
         100

Bridge   1 PVID Egress Untagged
         100

ubuntu@ubuntu:~/$ 

2.2 交换机配置

SWITCH# exit
SWITCH> enable 
SWITCH# show vlan
+-----------+--------------+---------+----------------+-----------------------+
| VLAN ID   | IP Address   | Ports   | Port Tagging   | DHCP Helper Address   |
+===========+==============+=========+================+=======================+
+-----------+--------------+---------+----------------+-----------------------+
SWITCH# configure terminal 
SWITCH(config)# vlan 100
SWITCH(config)# interface eth25GE 47
SWITCH(config-if)# switchport mode 
access  trunk   
SWITCH(config-if)# switchport mode trunk 
SWITCH(config-if)# switchport trunk allowd vlan add 100
SWITCH(config-if)# exit
SWITCH(config)# interface vlan 100
SWITCH(config-if)# ip address 10.0.2.2/24
Add Vlan100 into default VRF
SWITCH(config-if)# 

2.3 互 ping

SWITCH(config-if)# do ping 10.0.2.1
PING 10.0.2.1 (10.0.2.1) 56(84) bytes of data.
64 bytes from 10.0.2.1: icmp_seq=1 ttl=64 time=0.196 ms
64 bytes from 10.0.2.1: icmp_seq=2 ttl=64 time=0.219 ms
64 bytes from 10.0.2.1: icmp_seq=3 ttl=64 time=0.150 ms
^C
SWITCH(config-if)# 
--- 10.0.2.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2032ms
rtt min/avg/max/mdev = 0.150/0.188/0.219/0.030 ms
SWITCH(config-if)# 
ubuntu@ubuntu:~/$ ping 10.0.2.2
PING 10.0.2.2 (10.0.2.2) 56(84) bytes of data.
64 bytes from 10.0.2.2: icmp_seq=1 ttl=64 time=0.308 ms
64 bytes from 10.0.2.2: icmp_seq=2 ttl=64 time=0.245 ms
64 bytes from 10.0.2.2: icmp_seq=3 ttl=64 time=0.262 ms
^C
--- 10.0.2.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2031ms
rtt min/avg/max/mdev = 0.245/0.271/0.308/0.032 ms
ubuntu@ubuntu:~/$ 

正文完
 0