Bridge Vlan
The following scenario shows how to configure the hardware switch to work in bridge mode.
Test Switch Bridge Untagged To Untagged Port
Description
In this scenario, the hardware switch is configured as a bridge between eth0 and eth0p0 in untagged mode, allowing all traffic through the switch.
Scenario
Step 1: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set interfaces ethernet eth0 vrf A set system vrf A
Step 2: Set the following configuration in DUT0:
set interfaces bridge br0 vlan 101 pvid set interfaces bridge br0 vlan 101 untagged set interfaces bridge br0 address 192.168.100.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group vlan 101 pvid set interfaces ethernet eth0p0 bridge-group vlan 101 untagged
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf A count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than A. PING 192.168.100.1 (192.168.100.1) from 192.168.100.2 A: 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=414 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 414.071/414.071/414.071/0.000 ms
Step 4: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+br0\s+101\s+PVID, Egress Untagged\s+(?!0)\d+\s+(?!0)\d+Show output
-------------------------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes -------------------------------------------------------------------------------------- br0 br0 101 PVID, Egress Untagged 8 11 682 898 br0 eth0p0 101 PVID, Egress Untagged 8 11 682 898
Step 5: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+eth0p0\s+101\s+PVID, Egress Untagged\s+(?!0)\d+\s+(?!0)\d+Show output
-------------------------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes -------------------------------------------------------------------------------------- br0 br0 101 PVID, Egress Untagged 8 11 682 898 br0 eth0p0 101 PVID, Egress Untagged 8 11 682 898
Test Switch Bridge Untagged To Tagged Port
Description
In this scenario the hardware switch is configured to bridge between eth0 in untagged mode and eth0p0 in tagged mode, which only allows traffic from eth0p0 sent on VLAN 101 and tags all traffic coming from eth0p0.
Scenario
Step 1: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set interfaces ethernet eth0 vrf A set system vrf A set interfaces ethernet eth0 vif 101 address 192.168.100.3/24 set interfaces ethernet eth0 vif 101 vrf B set system vrf B
Step 2: Set the following configuration in DUT0:
set interfaces bridge br0 vlan 101 pvid set interfaces bridge br0 vlan 101 untagged set interfaces bridge br0 address 192.168.100.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group vlan 101
Step 3: Expect a failure in the following command:
Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf A count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than A. PING 192.168.100.1 (192.168.100.1) from 192.168.100.2 A: 56(84) bytes of data. --- 192.168.100.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf B count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than B. PING 192.168.100.1 (192.168.100.1) from 192.168.100.3 B: 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.622 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.622/0.622/0.622/0.000 ms
Step 5: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+br0\s+101\s+PVID, Egress Untagged\s+(?!0)\d+\s+(?!0)\d+Show output
-------------------------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes -------------------------------------------------------------------------------------- br0 br0 101 PVID, Egress Untagged 8 10 678 746 br0 eth0p0 101 8 10 678 746
Step 6: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+eth0p0\s+101\s+(?!0)\d+\s+(?!0)\d+Show output
-------------------------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes -------------------------------------------------------------------------------------- br0 br0 101 PVID, Egress Untagged 8 10 678 746 br0 eth0p0 101 8 10 678 746
Test Switch Bridge Tagged To Untagged Port
Description
In this scenario, the hardware switch is configured to bridge eth0p0 in untagged mode and eth0 in tagged mode, only allowing traffic from eth0 sent on VLAN 101 to go through and tagging all traffic coming from eth0.
Scenario
Step 1: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set interfaces ethernet eth0 vrf A set system vrf A
Step 2: Set the following configuration in DUT0:
set interfaces bridge br0 vlan 101 set interfaces bridge br0 vif 101 address 192.168.100.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group vlan 101 pvid set interfaces ethernet eth0p0 bridge-group vlan 101 untagged
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf A count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than A. PING 192.168.100.1 (192.168.100.1) from 192.168.100.2 A: 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=378 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 378.126/378.126/378.126/0.000 ms
Step 4: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+br0\s+101\s+(?!0)\d+\s+(?!0)\d+Show output
-------------------------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes -------------------------------------------------------------------------------------- br0 br0 101 9 9 674 674 br0 eth0p0 101 PVID, Egress Untagged 9 9 674 674
Step 5: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+eth0p0\s+101\s+PVID, Egress Untagged\s+(?!0)\d+\s+(?!0)\d+Show output
-------------------------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes -------------------------------------------------------------------------------------- br0 br0 101 9 9 674 674 br0 eth0p0 101 PVID, Egress Untagged 9 9 674 674
Test Switch Bridge Tagged To Tagged Port
Description
In this scenario, the hardware switch is configured as a bridge between eth0 and eth0p0 in tagged mode, only allowing traffic sent on VLAN 101.
Scenario
Step 1: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set interfaces ethernet eth0 vrf A set system vrf A set interfaces ethernet eth0 vif 101 address 192.168.100.3/24 set interfaces ethernet eth0 vif 101 vrf B set system vrf B
Step 2: Set the following configuration in DUT0:
set interfaces bridge br0 vlan 101 set interfaces bridge br0 vif 101 address 192.168.100.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group vlan 101
Step 3: Expect a failure in the following command:
Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf A count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than A. PING 192.168.100.1 (192.168.100.1) from 192.168.100.2 A: 56(84) bytes of data. --- 192.168.100.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf B count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than B. PING 192.168.100.1 (192.168.100.1) from 192.168.100.3 B: 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.697 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.697/0.697/0.697/0.000 ms
Step 5: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+br0\s+101\s+(?!0)\d+\s+(?!0)\d+Show output
---------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes ---------------------------------------------------------------------- br0 br0 101 9 9 670 670 br0 eth0p0 101 9 9 670 670
Step 6: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+eth0p0\s+101\s+(?!0)\d+\s+(?!0)\d+Show output
---------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes ---------------------------------------------------------------------- br0 br0 101 12 12 978 978 br0 eth0p0 101 12 12 978 978
Test Switch Allowed Macs
Description
In this scenario, the hardware switch is configured so that it only allows incoming traffic from a specific MAC address on port eth0p0.
Scenario
Step 1: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set interfaces ethernet eth0 vrf A set system vrf A set interfaces ethernet eth1 address 192.168.100.3/24 set interfaces ethernet eth1 vrf C set system vrf C
Step 2: Set the following configuration in DUT0:
set interfaces bridge br0 vlan 101 pvid set interfaces bridge br0 vlan 101 untagged set interfaces bridge br0 address 192.168.100.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group allowed-macs DE:AD:BE:EF:6C:20 set interfaces ethernet eth0p0 bridge-group vlan 101 pvid set interfaces ethernet eth0p0 bridge-group vlan 101 untagged
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf A count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than A. PING 192.168.100.1 (192.168.100.1) from 192.168.100.2 A: 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.21 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.207/1.207/1.207/0.000 ms
Step 4: Expect a failure in the following command:
Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf C count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than C. PING 192.168.100.1 (192.168.100.1) from 192.168.100.3 C: 56(84) bytes of data. --- 192.168.100.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms