I have configured a bridge with VLANs and VIF interfaces with the following config
I have 3 devices connected to a Mellanox Switch on eth0, an ethernet device connected to eth1 connected to VLANs 5 through 50. The device on eth2 is only connected on VLAN 10.
The device on eth8 is the GPON ethernet connected to the gateway.
For this, we have the device on eth2 set with an IP of 192.168.1.222.
vif 10 {
address 192.168.1.1/24
address 2xxx:xxx:xxx:xxx::1/64
description LAN
}
vif 30 {
address XXX.XXX.XXX.XX1/28
address XXX.XXX.XXX.XX2/28
address XXX.XXX.XXX.XX3/28
description WAN
ip {
enable-arp-announce
enable-proxy-arp
}
}
description "The Network Switch"
enable-vlan
ip {
disable-arp-filter
}
mac e4:1d:2d:b6:15:40
member {
interface eth0 {
allowed-vlan 5
allowed-vlan 10
allowed-vlan 15
allowed-vlan 16
allowed-vlan 20
allowed-vlan 30
allowed-vlan 35
allowed-vlan 45
allowed-vlan 50
}
interface eth1 {
allowed-vlan 5
allowed-vlan 10
allowed-vlan 15
allowed-vlan 16
allowed-vlan 20
allowed-vlan 30
allowed-vlan 35
allowed-vlan 45
allowed-vlan 50
}
interface eth2 {
allowed-vlan 5
allowed-vlan 10
allowed-vlan 15
allowed-vlan 16
allowed-vlan 20
allowed-vlan 30
allowed-vlan 35
allowed-vlan 45
allowed-vlan 50
}
interface eth8 {
native-vlan 30
}
}
I am running
VyOS 1.5-rolling-202312100433
The issue seems to be that the above bridge will not allow tagged traffic to be stripped and exit out the vif for the gateway.
So vif 10 sends packets untagged the bridged that are destined for the vif 30 interface. This then causes a “tcp destination unreachable” back to the device sending the request.
I have tested this with the device on eth2 and setting “native-vlan 10” and traffic goes out the gateway as expected. Once I set the interfaces back to tagged vlans for 10, the packets fail. So the device on one end is sending tagged packets when the interface on eth2 is set for allowed-vlan 10
Am I doing something wrong in my expectations of how a VLAN-aware Bridge should work?
