LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Debian (https://www.linuxquestions.org/questions/debian-26/)
-   -   VLAN Filter ? (https://www.linuxquestions.org/questions/debian-26/vlan-filter-4175663792/)

LBM 11-06-2019 10:01 AM
VLAN Filter ?
 
Hi,

Im trying to create an VLAN on an KVMGuest, using vlan filters.
Its for testing purposes only, to get familiar with other ways of doing VLAN bridges.

On the switch I have
port:8 tagged VLAN200, KVM host NIC enp2s0f1 server plugged into here
port:7 untagged VLAN200,PVID200 IOT device.

On the KVM host I have done the following:
Code:
ip link add name br200 type bridge
ip link set dev br200 up
ip link set dev enp2s0f1 master br200
ip link set dev br200 type bridge vlan_filtering 1
Added VLAN200 to the bridge
Code:
bridge vlan add vid 200 dev enp2s0f1

bridge vlan show dev enp2s0f1
port        vlan ids
enp2s0f1        1 PVID
        200
From the VMGuest, I have the following defined (the bridge adapter)
from the KVM guest
Code:
  <source bridge='br200'/>
The VMGuest, has the interface configured like so.
Code:
auto eth0.200
iface eth0.200 inet static
        address 192.168.200.5
        netmask 255.255.255.0
If I try to ping IOT device, from this VMGuest, I get timeouts.

If I on the KVM host, tcpdump the new virtual interface, I can see the vlan traffic. But NOT on br200, or the physical interface, I guess I should at least be able to on the physical interface ?

Shows VLAN tags!
Code:
tcpdump -nn -i vnet14  -e  vlan
Does NOT show VLAN tags!
Code:
tcpdump -nn -i br200  -e  vlan
tcpdump -nn -i enp2s0f1  -e  vlan

LBM 11-07-2019 01:49 AM
I found the problem. The vnet adapter for the VM needs to have the VLAN as well, as the physical interface, like so:
Code:
bridge vlan add vid 200 dev enp2s0f1 <- if not already done.
bridge vlan add vid 200 dev vnet14
And I can now see the VLAN traffic on the physical NIC with tcpdump, as I expected.


All times are GMT -5. The time now is 08:09 AM.