Bug 1652910
Summary: | [RFE] expose VLAN filtering in linux bridge connection attributes | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Dan Kenigsberg <danken> |
Component: | NetworkManager | Assignee: | Beniamino Galvani <bgalvani> |
Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> |
Severity: | high | Docs Contact: | Marc Muehlfeld <mmuehlfe> |
Priority: | unspecified | ||
Version: | 7.0 | CC: | atragler, bgalvani, fgiudici, fpokryvk, haliu, jmaxwell, lmiksik, lrintel, mduarted, pasik, rkhan, sukulkar, thaller |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | 7.7 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | NetworkManager-1.18.0-1.el7 | Doc Type: | Enhancement |
Doc Text: |
.`NetworkManager` now supports VLAN filtering on bridge interfaces
With this enhancement, administrators can configure virtual LAN (VLAN) filtering on bridge interfaces in the corresponding `NetworkManager` connection profiles. This enables administrators to define VLANs directly on bridge ports.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-06 13:16:25 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1605123, 1654714, 1709731 |
Description
Dan Kenigsberg
2018-11-23 13:52:39 UTC
I think this is a duplicate of bug 1605123, isn't it? actually I only need a single boolean attribute to enable/disable vlan_filtering ip link set br0 type bridge vlan_filtering 1 I pushed a branch for review at: https://github.com/NetworkManager/NetworkManager/pull/322 It adds the following connection properties: * bridge.vlan-filtering: yes|no Enables/disables VLAN filtering. * bridge.vlan-default-pvid: 0-4094 The VLAN id assigned to incoming untagged frames. 0 disables the default VLAN. * bridge.vlans: <vid> [pvid] [untagged], ... List of VLANs on the bridge, in addition to the default one. * bridge-port.vlans: <vid> [pvid] [untagged], ... List of VLANs on the bridge port, in addition to the default one. What should I do to enable vlans 1-4095 on a port named bond0? I realize (quite late) that this is an important piece of our use case. Would my ifcfg have thousands of lines? (In reply to Dan Kenigsberg from comment #7) > What should I do to enable vlans 1-4095 on a port named bond0? I realize > (quite late) that this is an important piece of our use case. Would my ifcfg > have thousands of lines? Not thousands of lines, but a single BRIDGE_VLANS= line with thousands of elements. I think we could implement VLANs ranges to support this use case. Yes, having a range in ifcfg, nmcli and dbus API would make this more workable. Could you include this in 7.7? (In reply to Dan Kenigsberg from comment #9) > Yes, having a range in ifcfg, nmcli and dbus API would make this more > workable. > > Could you include this in 7.7? Filed merge request: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/114 I hope this will be merged before the NM 1.18 release that will be used in 7.7. Notes for QE: Supported properties: * bridge.vlan-filtering: yes|no Enables/disables VLAN filtering. * bridge.vlan-default-pvid: 0-4094 The VLAN id assigned to incoming untagged frames. 0 disables the default VLAN pvid. * bridge.vlans: <vid>[-<vid>] [pvid] [untagged], ... List of VLANs on the bridge, in addition to the default one set with the 'bridge.vlan-default-pvid' property. Each element can be a single VLAN or a range. vid must be [1-4094]. Ranges must be valid (start < end). Duplicated VLANs and overlapping ranges are not allowed. Only one vlan can have the 'pvid' attribute. If a VLAN is pvid, it overrides the default-pvid. * bridge-port.vlans: <vid>[-<vid>] [pvid] [untagged], ... Same as 'bridge.vlans'. Examples: ==== no pvid ==== $ nmcli connection add type bridge \ ifname mybr con-name mybr+ \ bridge.vlan-default-pvid 0 \ bridge.vlan-filtering yes \ bridge.vlans "10" $ nmcli connection add type ethernet \ ifname ens11 con-name ens11-slave+ \ master mybr slave-type bridge \ bridge-port.vlans "4094" $ bridge vlan port vlan ids ens11 4094 mybr 10 ==== default pvid (1) ==== $ nmcli connection add type bridge \ ifname mybr con-name mybr+ \ bridge.vlan-filtering yes \ bridge.vlans "10-14 untagged" $ nmcli connection add type ethernet \ ifname ens11 con-name ens11-slave+ \ master mybr slave-type bridge \ bridge-port.vlans "4 untagged, 5" $ bridge vlan port vlan ids ens11 1 PVID untagged 4 untagged 5 mybr 1 PVID untagged 10 untagged 11 untagged 12 untagged 13 untagged 14 untagged ==== non-default pvid ==== $ nmcli connection add type bridge \ ifname mybr con-name mybr+ \ bridge.vlan-filtering yes \ bridge.vlan-default-pvid 80 \ bridge.vlans "1-10, 100 pvid, 200 untagged" $ nmcli connection add type ethernet \ ifname ens11 con-name ens11-slave+ \ master mybr slave-type bridge \ bridge-port.vlans 4000-4010 $ bridge vlan port vlan ids ens11 80 PVID untagged 4000 4001 4002 4003 4004 4005 4006 4007 4008 4009 4010 mybr 1 2 3 4 5 6 7 8 9 10 80 untagged 100 PVID 200 untagged *** Bug 1605123 has been marked as a duplicate of this bug. *** Looks good, thanks! Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2302 |