Trunk Port with all VLANS

mm933 · March 17, 2023, 8:24am

Hi,
is there a way to set a physical port to a trunk port without defining every single vlans?
f.e.:

Thanks in advance!

_bernd · March 17, 2023, 9:13am

No, not that I'm aware of. You have to add the port to each vlan-bridge.

Edit: to use proper wording: add the tagged port to each config bridge-vlan stanza.

mm933 · March 17, 2023, 9:29am

Hi,
thanks for answering. Ok, I thought so.

Can you tell me whats the difference in using vlan filtering on the bridge instead of just adding a 802.1q interface on the specific interface and bridge it?

Does this have any performance impact or anything else?

f.e.:

VLAN filter on bridge:

Thanks!

VLAN interface and bridge:

_bernd · March 17, 2023, 9:55am

I think this depends on personal preferences... using multiple bridges (one for each vlan) comes from a time when we did not had vlan-aware bridges (if memory serves me well, it got into Linux around 2018 or so).

I don't know/doubt that there is any difference in "speed" or "performance", but I find it more appealing to have a single vlan-aware bridge (on DSA capable devices or "proper" x86 machines with "real" NIC).

# Config snippets from a DSA switch; using a single vlan-aware bridge
# This switch used as an "access"-switch; lan8 is my "uplink-trunk"
config device
        option  name            'switch'
        option  type            'bridge'
        list    ports           'lan1'
        list    ports           'lan2'
        list    ports           'lan3'
        list    ports           'lan4'
        list    ports           'lan5'
        list    ports           'lan6'
        list    ports           'lan7'
        list    ports           'lan8'
        list    ports           'lan9'
        list    ports           'lan10'

config bridge-vlan
        option  device          'switch'
        option  vlan            '24'
        list    ports           'lan6'
        list    ports           'lan7'
        list    ports           'lan8:t'

config bridge-vlan
        option  device          'switch'
        option  vlan            '64'
        list    ports           'lan2'
        list    ports           'lan3'
        list    ports           'lan8:t'

config interface 'vlan24'
        option  device          'switch.24'
        option  proto           'none'

config interface 'vlan64'
        option  device          'switch.64'
        option  proto           'none'

mk24 · March 17, 2023, 2:01pm

When the device has a hardware switch with DSA, you have to use the bridge-vlans method. This will result in hardware accelerated switching.

mm933 · March 21, 2023, 7:23am

Yes you're right but if I remember right there are also "vlan-aware" bridges which transport all vlans - like in Proxmox for example. So I guess this is implemented in the kernel.

_bernd · March 21, 2023, 8:57am

Do you have an example on hand, because I could not find anything related. Only that assign just all vlans to the bridge. But a range of vlans can not be set up with UCI...

mm933 · March 21, 2023, 9:59am

This example is from Proxmox (Kernel 5.15.60, Debian 11.5):

auto vmbr1
iface vmbr1 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
        mtu 1504

Maybe it's just missing in UCI.

_bernd · March 21, 2023, 10:21am

Ah ok, that's what I've found, too. that a range needs to be specified anyway.

mm933 · March 21, 2023, 11:45am

Yeah, but defining a range in UCI is missing, right?