Hello gentlemen! Could you express your opinion please?
I’ve heard that it’s genuinely incorrect to use bridge PVID instead of vlan interface when you just need to land a switch to an address. Is it? I mean if no routing involved and you just need admin vlan on a switch, why create more entities as vlan interface?
OR it can bring some unexpected behavior?
It depends. In general, it’s like using a native VLAN other than 1 on any other port of the bridge than the virtual one facing towards the routing stack, nothing wrong about that per se.
The “only” thing is that tagging & untagging is only done directly by the bridge when vlan-filtering on that bridge is set to yes. So if you do not use vlan-filtering on the bridge, and the VLAN you want to use for management of the switch is tagged on the uplink port, setting pvid of the bridge will have no effect and you’ll have to attach an /interface vlan to the bridge to do the tagging/untagging, and attach the IP configuration to that /interface vlan rather than to the virtual-switch-facing-interface of the routing stack called “bridge”.
Which means you need a different setup for vlan-filtering=yes and vlan-filtering=no, which causes trouble when switching between these two modes if you have no other management access to the device.
Another thing is that devices with simple switch chips do not support offloading the L2 forwarding between Ethernet ports of a bridge to the switch chip when vlan-filtering on the bridge is set to yes, but as you talk about a switch, it should not be your case?
Yeah thanks, I know what it does and I used both solutions. I just heard from respectable trainer that the only right solution is to use vlan interface and I wonder why. Meanwhile I found some weird behavior in neighbor discovery when setting address with bridge pvid and dhcp client on that bridge. But that’s all. I just want to understand what’s the rule of thumb here, because both methods works.