Linuxbridge支持vlanfiltering功能后,我们不再需要以子接口的形式划分VLAN,简化了VLAN的配置。1.bridgevlandescriptionmanbridge通过以下命令可以了解到linux配置vlan过滤:bridgevlan{add|del}devDEVvidVID[pvid][untagged][self][master]选项说明:pvid:port端口的默认vlan,所有从这个端口输入的没有vlan的包都会打上这个vlantag,这个选项是仅对输入数据包有效。untagged:端口的untaggedvlan,当输出包携带这个vlan时,会被剥离。一般情况下pvid和untagged是同时使用的,对应Cisco的switchporttrunknativevlanselfmaster,这两个选项在帮助手册中有解释:selfvlan是在指定的物理设备上配置的。如果设备是网桥device.master,vlan在软件网桥上配置(默认),则为必需。我的理解是:self是指给bridge设备添加vlan,并且这个选项必须也只能在给bridge添加vlan时带上,否则会报错:ubuntu@VM-126-137-ubuntu:~$sudoiplinkaddBridgeuptypebridgevlan_filtering1ubuntu@VM-126-137-ubuntu:~/bgp-lab$sudobridgevlanaddvid100devBridgeselfubuntu@VM-126-137-ubuntu:~/bgp-lab$ubuntu@VM-126-137-ubuntu:~/$sudobridgevlanaddvid100devBridgemasterRTNETLINKanswers:Operationnotsupportedubuntu@VM-126-137-ubuntu:~/$sudobridgevlanaddvid100devBridgeRTNETLINKanswers:Operationnotsupportedubuntu@VM-126-137-ubuntu:~/$master表示将vlan添加到bridge的端口设备上,这个选项是默认的,对于bridge来说添加的时候不需要指定这个参数一个VLAN到端口。ubuntu@ubuntu:~/$sudoiplinkdelBridgeubuntu@ubuntu:~/$sudoiplinkaddBridgeup类型桥vlan_filtering1ubuntu@ubuntu:~/$sudoiplinkseteth1masterBridgeubuntu@ubuntu:~/$sudobridgevlan添加vid100devBridgeselfubuntu@ubuntu:~/$sudobridgevlan添加vid100deveth1ubuntu@ubuntu:~/$sudobridgevlan添加vid100deveth1masterubuntu@ubuntu:~/$ubuntu@ubuntu:~/$sudobridgevlanaddvid100deveth1selfRTNETLINKanswers:Operationnotsupportedubuntu@ubuntu:~/$ubuntu@ubuntu:~/$sudobridgevlanshowportvlanidseth11PVIDEgressUntagged100Bridge1PVIDEgressUntagged100ubuntu@$ubuntu:~在默认情况下vlan1默认会以pviduntagged的形式加入,很多厂商会把vlan1作为保留vlan,用户是不允许配置的。ubuntu@ubuntu:~/$sudoiplinkdelBridgeubuntu@ubuntu:~/$sudobridgevlanshowportvlanidsubuntu@ubuntu:~/$sudoiplinkaddBridgeuptypebridgevlan_filtering1ubuntu@ubuntu:~/$sudobridgevlanshowportvlanidsBridge1PVID出口Untaggedubuntu@ubuntu:~/$sudoiplinkdelBridgeubuntu@ubuntu:~/$sudoiplinkdelBridgeubuntu@ubuntu:~/$iplinkaddBridgeuptypebridgevlan_filtering1ubuntu@ubuntu:~/$sudoiplinkseteth1masterBridgeubuntu@ubuntu:~/$sudobridgevlanshowportvlanidseth11PVIDEgressUntaggedBridge1PVIDEgressUntaggedubuntu@ubuntu:~/$alsoavailabledeletedefaultvlan1ubuntu@ubuntu:~/$sudobridgevlandelvid1devenp4s0f0masterubuntu@ubuntu:~/$sudobridgevlanshowportvlanidsenp129s0f0np0enp129s0f1np1enp4s0f0100Bridge1PVID出口未标记100ubuntu@ubuntu:~/$sudobridgevlandelvid1devBridgeselfubuntu@ubuntu:~/$sudobridgevlanshowportvlanidsenp4s0f0100Bridge100ubuntu@ubuntu:~/$2.实验2.1ubuntu配置ubuntu@ubuntu:~/$sudoiplinkaddBridgeuptypebridgevlan_filtering1ubuntu@ubuntu:~/$sudoiplinkseteth1masterBridgeubuntu@ubuntu:~/$sudobridgevlanaddvid100devBridgeselfubuntu@ubuntu:~/$sudobridgevlanaddvid100deveth1masterubuntu@ubuntu:~/$sudoiplinkaddlink网桥名称Vlan100uptypevlanid100ubuntu@ubuntu:~/$sudoipaddradd10.0.2.1/24devVlan100ubuntu@ubuntu:~/$sudobridgevlanshowportvlanidseth11PVIDEgressUntagged100Bridge1PVIDEgressUntagged100ubuntu@ubuntu:~/$2.2交换机配置SWITCH#exitSWITCH>enableSWITCH#showvlan+------------+------------+--------+-----------------+------------------------+|VLANID|IP地址|港口|端口标记|DHCP助手地址|+===========+==============+=========+================+=======================++------------+--------------+--------+--------------+----------------------+SWITCH#配置终端SWITCH(config)#vlan100SWITCH(config)#interfaceeth25GE47SWITCH(config-if)#switchportmodeaccesstrunkSWITCH(config-if)#switchportmodetrunkSWITCH(config-if)#switchporttrunkallowdvlanadd100SWITCH(config-if)#exitSWITCH(config)#interfacevlan100SWITCH(config-if)#ipaddress10.0。2.2/24AddVlan100intodefaultVRFSWITCH(config-if)#2.3互pingSWITCH(config-if)#doping10.0.2.1PING10.0.2.1(10.0.2.1)56(84)bytesofdata.64bytesfrom10.0.2.1:icmp_seq=1ttl=64time=0.196ms64bytesfrom10.0.2.1:icmp_seq=2ttl=64time=0.219ms64bytesfrom10.0.2.1:icmp_seq=3ttl=64time=0.150ms^CSWITCH(config-if)#---10.0.2.1ping统计---3个数据包传输,3个接收,0%数据包丢失,时间2032msrttmin/avg/max/mdev=0.150/0.188/0.219/0.030msSWITCH(config-if)#ubuntu@ubuntu:~/$ping10.0.2.2PING10.0.2.2(10.0.2.2)56(84)字节的数据。来自10.0.2.2的64字节:icmp_seq=1ttl=64time=0.308ms64bytesfrom10.0.2.2:icmp_seq=2ttl=64time=0.245ms64bytesfrom10.0.2.2:icmp_seq=3ttl=64time=0.262ms^C---10.0.2.2pingstatistics---3已传输数据包,收到3个,丢包0%,时间2031msrttmin/avg/max/mdev=0.245/0.271/0.308/0.032msubuntu@ubuntu:~/$
