Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Untagged VLAN traffic
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
yzh
n00b
n00b


Joined: 25 Feb 2011
Posts: 53

PostPosted: Thu Nov 08, 2012 8:30 pm    Post subject: Untagged VLAN traffic Reply with quote

Hi,

Is there a way to strip off all frames that have a VLAN tag, so leaving only the untagged frames on an interface?
Back to top
View user's profile Send private message
rolypoly
Tux's lil' helper
Tux's lil' helper


Joined: 30 Nov 2003
Posts: 143

PostPosted: Fri Nov 09, 2012 12:22 am    Post subject: Reply with quote

Set the switch port to be an access port instead of a trunk port?
Back to top
View user's profile Send private message
yzh
n00b
n00b


Joined: 25 Feb 2011
Posts: 53

PostPosted: Fri Nov 09, 2012 10:45 am    Post subject: Reply with quote

I have no control of the switch :(

I was hoping I could create a VLAN on the interface with vlan id 0. which would also match untagged traffic. But sadly this is not the case.
If I recall correctly, in older kernel versions (2.6.x?) the interface was always untagged traffic unless you defined a VLAN.
Back to top
View user's profile Send private message
rolypoly
Tux's lil' helper
Tux's lil' helper


Joined: 30 Nov 2003
Posts: 143

PostPosted: Sat Nov 10, 2012 2:25 am    Post subject: Reply with quote

I think you'll find that if you are connected to a trunk port, all incoming packets will be tagged - otherwise you wouldn't receive them because the switch port wouldn't forward them. If the switch port has a native VLAN then you don't have to tag packets leaving your PC as they will be tagged with the native VLAN.

If you're connected to an access port the packets you receive won't be tagged anyway as the switch will remove them.

I don't think you can do what you're trying to achieve, by design.
Back to top
View user's profile Send private message
yzh
n00b
n00b


Joined: 25 Feb 2011
Posts: 53

PostPosted: Sat Nov 10, 2012 1:03 pm    Post subject: Reply with quote

I forgot to mention that the incoming traffic is from a monitoring port, it's used to capture and monitor the traffic.

I have found a way to strip off all VLAN tags, using ebtables and a bridge.

network setup using /etc/conf.d/net:
Code:
# create interface eth0.ut (will be untagged traffic of eth0, using ebtables)
bridge_eth0_ut="eth0"
brctl_eth0_ut="setageing 0 setfd 0 stp off"
config_eth0_ut="null"
rc_need_eth0_ut="net.eth0"

# create interface eth0.1 that will have all vlan 1 traffic, but stripped
config_eth0="null"
config_eth0_1="null"
vlans_eth0="1"

ebtables rule:
Code:
ebtables -t broute -A BROUTING -p 802_1Q -i eth0 -j DROP


This will result in:
  • eth0: original traffic (mixed vlan)
  • eth0.ut: all untagged traffic
  • eth0.1: all traffic with vlan-id 1, but stripped

Now I can bond eth0.ut and eth0.1 together to get a clean network stream.
I tried to find a better solution, but I guess this will do for now :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum