[ovs-discuss] How to filter tagged frames in bridge?

Felipe Arturo Polanco felipeapolanco at gmail.com
Thu Aug 8 11:43:35 UTC 2019


The hypervisor is the one that adds the ports to the switch I specify.

Is there a way to limit vlan tags being delivered to a fake bridge perhaps?
I only want untagged traffic in the fake bridge.


On Wed, Aug 7, 2019, 2:52 AM Matthias May via discuss <
ovs-discuss at openvswitch.org> wrote:

> On 06/08/2019 17:12, Felipe Arturo Polanco wrote:
> > Hello,
> >
> > This is for a hosting environment where we are using OVS bridges with
> KVM.
> >
> > I have two interfaces bonded together with LACP and allowing two vlans.
> > VLAN 500 public and vlan 400 private.
> > The native vlan for this trunk port is Vlan 500*
> >
> > I need to find a way to limit trunk access on the VMs when they are
> > connected to my bridge.
> > If I add a tap0 interface to ovsbr0, I can see tagged traffic which is
> not good.
> >
> > I was thinking about adding a second bridge and connect both of them
> > using a patch port but I still need to find a way to filter tagged
> > frames and only allow untagged traffic on the second bridge.
> >
> > Any ideas how can this be done?
> >
> > Thanks,
> > _______________________________________________
> > discuss mailing list
> > discuss at openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
> >
>
> When you add the port, set
> vlan_mode=access
> tag=500
>
> BR
> Matthias
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20190808/c2be72ee/attachment.html>


More information about the discuss mailing list