Hi All,

First forum post, Ive tried asking around in other locations, but to no avail. I figured a Linux forum might have some awesome greybeards who are willing to share their knowledge

So Ive moved over recently to using networkd to get my vlans and bridges setup for VMs, and almost everything is working like a charm.

In short I can create bridges for VLANS but cant create one for the untagged traffic

I have:

Trunk port (lets call it eth0) with 3 vlans (home, domain and lab) and the native untagged traffic

each vlan goes to a separate bridge which my vms connect to, and my host is living in the native untagged world. I want to create another bridge that will pass untagged traffic out

If i create a bridge without vlans my files look like this:

br10.netdev
[NetDev]
Name=br10
Kind=bridge

br10.network
[Match]
Name=eth0

[Network]
Bridge=br10


eth0.network
[Match]
Name=br10

[Network]
Address=172.21.9.1/24
Gateway=172.21.9.254
DNS=172.21.9.254


All is good, VMs and host all live happily on the LAN

Now I make the spicy sauce with the VLANs, as this post is going to be long I will show you only the eth0 and domain network files (however there are 4 files for each of the other vlan/bridge combos)

eth0.network
[Match]
Name=eth0

[Network]
VLAN=home
VLAN=domain
VLAN=lab
Address=172.21.9.1/24
Gateway=172.21.9.254
DNS=172.21.9.254

br-domain.netdev
[NetDev]
Name=br-domain
Kind=bridge

br-domain.network
[Match]
Name=br-domain

domain.netdev
[NetDev]
Name=domain
Kind=vlan

[VLAN]
Id=20

domain.network
[Match]
Name=domain

[Network]
Bridge=br-domain



At this point my host is on the native untagged LAN, my guests can connect to the bridge and communicate on the VLAN.

I cannot work out how I add another bridge for this untagged traffic, as I want the option of adding virtual devices to it. I tried adding a new VLAN called mgt on VLAN 1 but that went down badly, if I look at ip link i dont see the bridge but i do see something called mgt@eth0 which has confused the hell out of me

I have also tried mixing these two solutions together to put a vlan aware bridge in front of the three bridges for each VLAN - that way I could connect virtual machines to any bridge. An example of what I did was to replace the eth0.network with a bridge like this...

eth0.network
[Match]
Name=br-mgt

[Network]
VLAN=home
VLAN=domain
VLAN=lab
Address=172.21.9.1/24
Gateway=172.21.9.254
DNS=172.21.9.254

br-mgt.netdev
[NetDev]
Name=br-mgt
Kind=bridge

[Bridge]
DefaultPVID=1
VLANFiltering=1

br-mgt.network
[Match]
Name=eth0

[Network]
Bridge=br-mgt

[BridgeVLAN]
PVID=1
EgressUntagged=1
VLAN=home
VLAN=domain
VLAN=lab

But I couldnt get any networking on my host or VMs

If you got this far then I appreciate it, hopefully you have an answer at the tips of your fingers!

I certainly don't have a grey beard but Ill take a crack at this one as I have worked on many types of switches and routers. Unfortunately I have not played around with this on Linux but after your post I am quite tempted to do so. You seem to have the knowledge of tagged and untagged vlans so I am sure it is just a matter of finding the correct setting. I found on older switch software, specifically Cisco the that if you did not specifically set a native vlan then it would automatically use vlan 1 as the "management" or untagged if you will. Anyway, what I am getting to is that on older software the management or untagged vlan would need to be manually set as management. If there is perhaps maybe a setting somewhere that does this?

I don't necessary mean creating a vlan and calling it management but basically taking any vlan and changing a setting that specifically sets it as a management vlan. This is just one scenario that comes to mind.

Another scenario could be similar to when setting up a IPT and PC through the same cable and tagging the IPT for lets say vlan400 and the data traffic as untagged on vlan300 as an example.

Welcome aboard the LQ boat by the way!

First a couple of caveats: I don't use systemd-networkd, and I don't work with virtual machines. I do have quite a bit of experience with bridges and VLANs on Linux.

Just so we're talking the same language, a bridge is a way to connect two or more interfaces; physical or virtual(VM).

NOTE: You can't have IP addresses assigned to your physical interfaces when creating bridges. I'm old-school so I use ifconfig:
host# ifconfig eth0 0.0.0.0/0 down
host# ifconfig eth1 0.0.0.0/0 down
host# ifconfig wlan0 0.0.0.0/0 down

You can now create a simple bridge from the command line:
host# brctl addbr BR-01 (create a bridge-virtual-interface [BVI])
host# brctl addif BR-01 eth0 (add an ethernet interface to the BVI)
host# brctl addif BR-01 eth1 (...if you have 2 ethernet ports)
host# brtcl addif BR-01 wlan0 (add an 802.11 interface to the BVI)

VLANs are a construct to separate computers into segregated broadcast domains. VLANs are attached to interfaces, either physical or virtual, such as a bridge-virtual-interface.
host# vconfig add BR-01 11
host# vconfig add BR-01 22
host# vconfig add BR-01 33

Now you can add IP addresses to your interfaces:
host# ifconfig BR-01 172.16.1.1/24 up (untagged)
host# ifconfig BR-01.11 192.168.11.1/24 up (tagged)
host# ifconfig BR-01.22 192.168.22.1/24 up (tagged)
host# ifconfig BR-01.33 192.168.33.1/24 up (tagged)

For troubleshooting, after you've created your bridges and VLANs, run a few commands:
host# brctl show
host# ifconfig -a
host# cd /proc/net/vlan
host# ls -al
host# cat BR-01.11

Don't confuse a Virtual Machines's ethernet interface with a BVI, it's really more of a physical interface... even though it's virtual.

How you convert this command-line nonsense to systemd-networkd config files is up to you.... sorry.

Hope this helps.