I’m having what I would assume to be a very simple and trivial issue. I’m probably making this much tougher than it needs to be.
I have a 750GL with the first port for WAN. The other four are for internal chatter going to my switch. They are configured as bond0.
So…
eth1-gw → cable modem
bond0 → eth{2,3,4,5} → switch
Bond0 is configured as a trunk port on the switch.
So far, this is just like most other switches, but this is also the point where it deviates and confuses the crap outta me.
I have vlan3, vlan5, vlan15, and vlan30. I want them to be available, but only for traffic tagged with those VLANs.
If I just create a bridge (br0) and add bond1, vlan3, vlan5, etc. to that br0 interface, then every VLAN will be available to everything connecting. This obviously defeats the point of having a VLAN set up in the first place. So, this is obviously the wrong solution.
I read that I need to create a separate bridge for each vlan, so something like this
vlan15 → bridge-vlan15 ↔ br0 ← bond0
This is obivously the exact same as what I was doing before with an added bridge in between which really doesn’t change anything beyond adding complexity.
So, I’m stumped. I feel like this should be easy. I’m missing something.
I added my VLANs to the bond0 interface exactly as you just described and anything that connected to the switch on an access port was given an IPv6 address from every VLAN. This implies that the device was seeing every VLAN, but this was untagged traffic. It should have seen nothing from any VLAN.
What you just described is the exact thing I tried way back when I first started with this. The above was my result. It realy seems like it should be that easy, though.
What we’ve been doing on tower sites to segregate management and customer traffic is as follows:
Create LAN bridge for the ports that APs and other devices are connected to
Add the Ethernet interfaces to that bridge
Add a VLAN interface to the bridge for customer traffic
So, as follows:
RB2011 - ether3-10 are LAN ports
Create bridge: name LAN, add ports ether3-ether10
Create VLAN: name vlan2-customers, VLAN ID 2, bind to interface LAN (the bridge)
Then the APs add a VLAN interface on the Ethernet port, bridge the wireless card to the VLAN and leave the Ethernet out of the bridge on the AP. Management IP goes on the Ethernet port and receives untagged traffic, and client traffic gets tagged to VLAN2 and sent to the router.
The way we do it there should meet your requirements, if I understand them correctly. Definitely, if you bridge a “tagged” VLAN in with “untagged” ports (e.g., bond0), or two different “tagged” VLANs together, you’re unioning those VLANs and/or untagged ports together, so that’s going to be the cause of the problem you’re seeing.