Cumulus Linux bridge VLAN configuration question

Hi experts,

I have a question regarding Cumulus Linux bridge VLAN configuration. If this is my configuration related to VLANs:

admin@SW-MLNX-01:mgmt:~$ nv config show -o commands
nv set bridge domain br_default vlan 99
nv set bridge domain br_default vlan 129
nv set bridge domain br_default vlan 130
nv set bridge domain br_default vlan 131
nv set bridge domain br_default vlan 132
nv set bridge domain br_default vlan 133
nv set bridge domain br_default vlan 134
nv set bridge domain br_default vlan 135
nv set bridge domain br_default vlan 136
nv set interface bond1 bond member swp1
nv set interface bond1 bond mlag id 1
nv set interface bond1-2,5-12,swp12-14 bridge domain br_default untagged 99
nv set interface bond1-4,11-12,swp1-2,9-12 link mtu 1500
nv set interface bond1-12 bond mlag enable on
nv set interface bond1-12 link state up
nv set interface bond1-12 type bond
nv set interface bond2 bond member swp2
nv set interface bond2 bond mlag id 2
nv set interface bond3 bond member swp9
nv set interface bond3 bond mlag id 3
nv set interface bond3-4 bridge domain br_default vlan 99
nv set interface bond4 bond member swp10
nv set interface bond4 bond mlag id 4
nv set interface bond5 bond member swp3
nv set interface bond5 bond mlag id 5
nv set interface bond5-10 bridge domain br_default vlan 1
nv set interface bond6 bond member swp4
nv set interface bond6 bond mlag id 6
nv set interface bond7 bond member swp5
nv set interface bond7 bond mlag id 7
nv set interface bond8 bond member swp6
nv set interface bond8 bond mlag id 8
nv set interface bond9 bond member swp7
nv set interface bond9 bond mlag id 9
nv set interface bond10 bond member swp8
nv set interface bond10 bond mlag id 10
nv set interface bond11 bond member swp51
nv set interface bond11 bond mlag id 11
nv set interface bond11 bridge domain br_default stp admin-edge on
nv set interface bond12 bond member swp11
nv set interface bond12 bond mlag id 12

If this OK for bond1?

image

Why bond1 allows VLANs 129-136 if it is not allowed in the configuration? These VLANs are defined in bridge br_default, but I override this configuration with the specific interface configuration “nv set interface bond1 bridge domain br_default untagged 99”., it should only allow VLAN 99 as untagged, as it shows the “net show configuration” command:

net show configuration

interface bond1

  • mtu 1500*
  • bond-slaves swp1*
  • bond-mode 802.3ad*
  • bond-lacp-bypass-allow no*
  • clag-id 1*
  • bridge-pvid 99*

I don’t know why these two commands show different configurations.

Regards,
Julián

It all comes down to this line of configuration. ‘Untagged’ is meant to be used to call-out the native/untagged/primary vlan on a trunk. Here the ‘untagged’ keyword is being used, so bond1 is being declared a trunk, but only the native/untagged/primary VLAN has been specified and not the normal tagged VLANs. If normal tagged VLANs are not specified, they will all be allowed by default.

If a configuration which consists of a single untagged VLAN is desired, it might be easier to declare the port as an access port like this:

cumulus@cumulus:mgmt:~$ nv unset interface bond1 bridge domain br_default
cumulus@cumulus:mgmt:~$ nv set interface bond1 bridge domain br_default access 99
cumulus@cumulus:mgmt:~$ nv config diff
- unset:
    interface:
      bond1:
        bridge:
          domain:
            br_default:
              untagged:
- set:
    interface:
      bond1:
        bridge:
          domain:
            br_default:
              access: 99
cumulus@cumulus:mgmt:~$ nv config apply
applied [rev_id: 4]
cumulus@cumulus:mgmt:~$ bridge vlan show
port    vlan ids
bond1    99 PVID Egress Untagged

br_default       1 PVID Egress Untagged

cumulus@cumulus:mgmt:~$ net show bridge vlan

Interface   VLAN  Flags
----------  ----  ---------------------
bond1         99  PVID, Egress Untagged
br_default     1  PVID, Egress Untagged

With this configuration line, both an untagged VLAN is defined while also disallowing all tagged VLANs too.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.