Hi all, I am hoping someone can enlighten me to how the same settings for ingress-filtering on both the bridge and on the individual port interact?
You can set ingress-filtering and admit-frames at both the bridge and at the port level.
Which one takes priority when deciding on what packets to filter into a particular port? Is it for example whichever has the most restrictive setting? e.g. ingress-filtering=yes at bridge and ingress-filtering=no at the port means ingress-filtering is on, whereas ingress-filtering=no at bridge and ingress-filtering=yes at port also means ingress-filtering is on. Only if they are both off is ingress-filtering turned off.
I can’t seem to find anything in the manuals about it,
Bridge in ROS has two personalities: something like a switch (spanning member interfaces on L2) and interface (through which router can interact with networks). The interface part gets created implicitly with the “something like a switch” and is more or less full featured interface (which connects bridge with CPU).
My uderstanding is, that several bridge settings actually apply to the “interface” personality … those include pvid, ingress-filtering and frame-types …
Ah yes I hadn’t considered pvid. So given these settings are on both (bridge and bridge-port), which one takes precedence?
I am surprised that these bridge-port settings don’t have a setting of “from-bridge” or “default-from-bridge”. In other words the setting from the bridge is taken unless overridden by the bridge-port setting.
My understanding is that bridge-as-switch is simply bridge … it will perform VLAN-related tasks if vlan-filtering is set. The settings I mentioned in my previous port are strictly for bridge interface (which you use for L3 setup either directly on bridge interface or on vlan interface(s) created on bridge interface), but don’t affect bridge “like-a-switch” behaviour. E.g. if you set pvid on bridge, this means that if you bound IP address to interface=bridge then all traffic to and from this IP address will get tagged with PVID upon entering bridge-as-switch. Ditto for frame-types and ingress-filtering … bridge settings only affect bridge interface but don’t do anything about the rest of bridge ports.