linux网桥支持vlan filtering过滤功能后,我们不仔再需要通过子接口的形式进行vlan划分,简化了vlan配置。
1. bridge vlan说明
man bridge可以了解到,linux通过如下命令进行vlan filtering的配置:
bridge vlan { add | del } dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]
选项说明:
pvid:端口的默认vlan,所有从该端口输入的没有携带vlan的报文,会被打上该vlan标签,该选项只对输入报文有效。
untagged:端口的untag vlan,输出报文携带该vlan时,会被剥离。
一般情况下pvid和untagged是同时使用的,对应于cisco的switchport trunk native vlan
self
master
这两个选项在帮助手册上是这么解释的:
self the vlan is configured on the specified physical device. Required if the device is the bridge device.
master the vlan is configured on the software bridge (default).
我的理解是:self表示该vlan是添加再bridge设备上的,而且给桥添加vlan时必须且只能携带该选项,否则会报错:
ubuntu@VM-126-137-ubuntu:~$ sudo ip link add Bridge up type bridge vlan_filtering 1
ubuntu@VM-126-137-ubuntu:~/bgp-lab$ sudo bridge vlan add vid 100 dev Bridge self
ubuntu@VM-126-137-ubuntu:~/bgp-lab$
ubuntu@VM-126-137-ubuntu:~/$ sudo bridge vlan add vid 100 dev Bridge master
RTNETLINK answers: Operation not supported
ubuntu@VM-126-137-ubuntu:~/$ sudo bridge vlan add vid 100 dev Bridge
RTNETLINK answers: Operation not supported
ubuntu@VM-126-137-ubuntu:~/$
master表示该vlan是添加再bridge的端口设备上的,该选项是默认的,给桥上的端口添加vlan时可以不指定该参数。
ubuntu@ubuntu:~/$ sudo ip link del Bridge
ubuntu@ubuntu:~/$ sudo ip link add Bridge up type bridge vlan_filtering 1
ubuntu@ubuntu:~/$ sudo ip link set eth1 master Bridge
ubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev Bridge self
ubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev eth1
ubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev eth1 master
ubuntu@ubuntu:~/$
ubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev eth1 self
RTNETLINK answers: Operation not supported
ubuntu@ubuntu:~/$
ubuntu@ubuntu:~/$ sudo bridge vlan show
port vlan ids
eth1 1 PVID Egress Untagged
100
Bridge 1 PVID Egress Untagged
100
ubuntu@ubuntu:~/$
添加桥时,默认会以 pvid untagged形式添加的默认vlan 1中,很多厂商会把vlan 1作为保留vlan,不允许用户配置。
ubuntu@ubuntu:~/$ sudo ip link del Bridge
ubuntu@ubuntu:~/$ sudo bridge vlan show
port vlan ids
ubuntu@ubuntu:~/$ sudo ip link add Bridge up type bridge vlan_filtering 1
ubuntu@ubuntu:~/$ sudo bridge vlan show
port vlan ids
Bridge 1 PVID Egress Untagged
ubuntu@ubuntu:~/$
端口加入桥时,也会默认以 pvid untagged形式添加的默认vlan 1中,
ubuntu@ubuntu:~/$ sudo ip link del Bridge
ubuntu@ubuntu:~/$ sudo ip link add Bridge up type bridge vlan_filtering 1
ubuntu@ubuntu:~/$ sudo ip link set eth1 master Bridge
ubuntu@ubuntu:~/$ sudo bridge vlan show
port vlan ids
eth1 1 PVID Egress Untagged
Bridge 1 PVID Egress Untagged
ubuntu@ubuntu:~/$
也可以删除默认vlan 1
ubuntu@ubuntu:~/$ sudo bridge vlan del vid 1 dev enp4s0f0 master
ubuntu@ubuntu:~/$ sudo bridge vlan show
port vlan ids
enp129s0f0np0
enp129s0f1np1
enp4s0f0 100
Bridge 1 PVID Egress Untagged
100
ubuntu@ubuntu:~/$ sudo bridge vlan del vid 1 dev Bridge self
ubuntu@ubuntu:~/$ sudo bridge vlan show
port vlan ids
enp4s0f0 100
Bridge 100
ubuntu@ubuntu:~/$
2.实验
2.1 ubuntu配置
ubuntu@ubuntu:~/$ sudo ip link add Bridge up type bridge vlan_filtering 1
ubuntu@ubuntu:~/$ sudo ip link set eth1 master Bridge
ubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev Bridge self
ubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev eth1 master
ubuntu@ubuntu:~/$ sudo ip link add link Bridge name Vlan100 up type vlan id 100
ubuntu@ubuntu:~/$ sudo ip addr add 10.0.2.1/24 dev Vlan100
ubuntu@ubuntu:~/$ sudo bridge vlan show
port vlan ids
eth1 1 PVID Egress Untagged
100
Bridge 1 PVID Egress Untagged
100
ubuntu@ubuntu:~/$
2.2 交换机配置
SWITCH# exit
SWITCH> enable
SWITCH# show vlan
+-----------+--------------+---------+----------------+-----------------------+
| VLAN ID | IP Address | Ports | Port Tagging | DHCP Helper Address |
+===========+==============+=========+================+=======================+
+-----------+--------------+---------+----------------+-----------------------+
SWITCH# configure terminal
SWITCH(config)# vlan 100
SWITCH(config)# interface eth25GE 47
SWITCH(config-if)# switchport mode
access trunk
SWITCH(config-if)# switchport mode trunk
SWITCH(config-if)# switchport trunk allowd vlan add 100
SWITCH(config-if)# exit
SWITCH(config)# interface vlan 100
SWITCH(config-if)# ip address 10.0.2.2/24
Add Vlan100 into default VRF
SWITCH(config-if)#
2.3 互ping
SWITCH(config-if)# do ping 10.0.2.1
PING 10.0.2.1 (10.0.2.1) 56(84) bytes of data.
64 bytes from 10.0.2.1: icmp_seq=1 ttl=64 time=0.196 ms
64 bytes from 10.0.2.1: icmp_seq=2 ttl=64 time=0.219 ms
64 bytes from 10.0.2.1: icmp_seq=3 ttl=64 time=0.150 ms
^C
SWITCH(config-if)#
--- 10.0.2.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2032ms
rtt min/avg/max/mdev = 0.150/0.188/0.219/0.030 ms
SWITCH(config-if)#
ubuntu@ubuntu:~/$ ping 10.0.2.2
PING 10.0.2.2 (10.0.2.2) 56(84) bytes of data.
64 bytes from 10.0.2.2: icmp_seq=1 ttl=64 time=0.308 ms
64 bytes from 10.0.2.2: icmp_seq=2 ttl=64 time=0.245 ms
64 bytes from 10.0.2.2: icmp_seq=3 ttl=64 time=0.262 ms
^C
--- 10.0.2.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2031ms
rtt min/avg/max/mdev = 0.245/0.271/0.308/0.032 ms
ubuntu@ubuntu:~/$