Ah, after looking into the config of my switch and seeing the nice "untagged 1"
on all interfaces it dawned on me what the config should be.
I now have this bridge:
bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric
0 mtu 1500
options=10<VLAN_HWTAGGING>
ether 58:9c:fc:10:ea:3e
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
bridge flags=1<VLANFILTER>
member: epair3a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 21 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair4a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 18 priority 128 path cost 2000 vlan protocol 802.1q untagged 1
member: epair6a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 15 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair10a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 12 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 9 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair5a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 6 priority 128 path cost 2000 vlan protocol 802.1q untagged 3
member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 4 priority 128 path cost 2000 vlan protocol 802.1q untagged 1
member: genet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 1 priority 128 path cost 55 vlan protocol 802.1q untagged 1
tagged 3
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED>
And everything works as expected.
I realize that I can now configure this to sent "tagged 1" traffic between
genet0 and the switch and even further into my network. Would that have /any/ influence
on performance?
Regards,
Ronald.
Van: Ronald Klop <ronald-li...@klop.ws>
Datum: donderdag, 4 september 2025 11:21
Aan: n...@freebsd.org
Onderwerp: bridge new vlan and iftagged "none"
Hi,
I'm trying out the new bridge vlan functionality.
I can't find a lot of examples of the new config options yet and I'm a bit
confused.
I have this setup working:
genet0 <--> bridge0 <--> multiple epairs for jails
Some epairs will be in vlan 3 and some epairs are not in a vlan.
I have this working.
bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric
0 mtu 1500
options=10<VLAN_HWTAGGING>
ether 58:9c:fc:10:ea:3e
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
bridge flags=1<VLANFILTER>
member: epair3a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 21 priority 128 path cost 2000 vlan protocol 802.1q
untagged 3
member: epair6a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 18 priority 128 path cost 2000 vlan protocol 802.1q
untagged 3
member: epair4a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 15 priority 128 path cost 2000 vlan protocol 802.1q
member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 12 priority 128 path cost 2000 vlan protocol 802.1q
untagged 3
member: epair10a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 9 priority 128 path cost 2000 vlan protocol 802.1q
untagged 3
member: epair5a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 6 priority 128 path cost 2000 vlan protocol 802.1q
untagged 3
member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 4 priority 128 path cost 2000 vlan protocol 802.1q
member: genet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 1 priority 128 path cost 55 vlan protocol 802.1q
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED>
epair4a still receives all traffic, so also traffic for vlan 3.
My expectation was that I should be able to filter vlan traffic from epair4a by
doing this.
ifconfig bridge0 vlanfilter
ifconfig bridge0 iftagged epair4a none
And somehow make it possible to have genet0 to transfer all traffic even with
vlanfilter enabled.
I don't understand if this is possible and how. Any insights?
Regards,
Ronald.
