Hi Jiri Protected domains are like protected ports on a switch two ports that are in the bridge with the same protected domain will not be able to communicate with each other,
Protected domains are implemented on the Bridge but not on Switch in OpenBSD Bridge Protected domain does work from 6.3 and up here is the output of my bridge config cat /etc/hostname.bridge101 up maxaddr 16384 timeout 300 add vio0 -stp vio0 add vlan3993 protected vlan3993 1 -stp vlan3993 add vlan3994 protected vlan3994 1 -stp vlan3994 add vlan3995 protected vlan3995 1 -stp vlan3995 add vlan3996 protected vlan3996 1 -stp vlan3996 add vlan3997 protected vlan3997 1 -stp vlan3997 add vlan3998 protected vlan3998 1 -stp vlan3998 add vlan3999 protected vlan3999 1 -stp vlan3999 add vlan4000 protected vlan4000 1 -stp vlan4000 protected interfacename pddomainnumber the vio0 address is the uplink and is not a member of the protected domain all the other ports that you want to isolate from each other should be members of the same protected domain *1* in this example Hope this helps @Mike Larkin yes this could be implemented with Vlans and many people do when they dont have the port isolation functionality (necessity being the mother of invention ) ... but protected domains allow one to use the same vlan and minimise the amount of vlans / simplify configuration of the (network /hardware switches) Hope this Helps Tom Smyth On 22 August 2018 at 07:08, Mike Larkin <[email protected]> wrote: > On Fri, Aug 17, 2018 at 06:39:22PM +0200, jirib wrote: > > Hello, > > > > I was checking bridge's protected domains and I'm curious > > how to add VMM VM's tap into a VMM switch/bridge protected domain. > > > > It seems it's not implemented yet. > > > > I wanted to achieve this: > > > > - multiple VMM VMs in same switch/bridge > > - VMs cannot talk to each other inside the bridge > > hence protected domain > > - VMs can access uplink via bridge's vether > > > > Jiri > > > > I am not a networking person but is this something VLANs can solve? > > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
