On 08/08/2019 13:43, Felipe Arturo Polanco wrote: > The hypervisor is the one that adds the ports to the switch I specify. > > Is there a way to limit vlan tags being delivered to a fake bridge perhaps? I > only want untagged traffic in the fake > bridge. > > > On Wed, Aug 7, 2019, 2:52 AM Matthias May via discuss > <[email protected] <mailto:[email protected]>> > wrote: > > On 06/08/2019 17:12, Felipe Arturo Polanco wrote: > > Hello, > > > > This is for a hosting environment where we are using OVS bridges with > KVM. > > > > I have two interfaces bonded together with LACP and allowing two vlans. > > VLAN 500 public and vlan 400 private. > > The native vlan for this trunk port is Vlan 500* > > > > I need to find a way to limit trunk access on the VMs when they are > > connected to my bridge. > > If I add a tap0 interface to ovsbr0, I can see tagged traffic which is > not good. > > > > I was thinking about adding a second bridge and connect both of them > > using a patch port but I still need to find a way to filter tagged > > frames and only allow untagged traffic on the second bridge. > > > > Any ideas how can this be done? > > > > Thanks, > > _______________________________________________ > > discuss mailing list > > [email protected] <mailto:[email protected]> > > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > > > > When you add the port, set > vlan_mode=access > tag=500 > > BR > Matthias > _______________________________________________ > discuss mailing list > [email protected] <mailto:[email protected]> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss >
I highly suggest you read the documentation regarding vlan_mode, tag and trunk. My answer is still to set the vlan_mode to access and set the tag. It doesn't matter if the hypervisor adds the port or someone else. You can set a config for a port even if it is not yet part of a bridge. BR Matthias _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
