Bridge Vlan
The following scenario shows how to configure the hardware switch to work in bridge mode.
Test Switch Bridge Untagged To Untagged Port
Description
In this scenario, the hardware switch is configured as a bridge between eth0 and eth0p0 in untagged mode, allowing all traffic through the switch.
Scenario
Step 1: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set interfaces ethernet eth0 vrf A set system vrf A
Step 2: Set the following configuration in DUT0:
set interfaces bridge br0 vlan 101 pvid set interfaces bridge br0 vlan 101 untagged set interfaces bridge br0 address 192.168.100.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group vlan 101 pvid set interfaces ethernet eth0p0 bridge-group vlan 101 untagged
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf A count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than A. PING 192.168.100.1 (192.168.100.1) from 192.168.100.2 A: 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=369 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 369.460/369.460/369.460/0.000 ms
Step 4: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+br0\s+101\s+PVID, Egress Untagged\s+(?!0)\d+\s+(?!0)\d+Show output
-------------------------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes -------------------------------------------------------------------------------------- br0 br0 101 PVID, Egress Untagged 7 7 546 546 br0 eth0p0 101 PVID, Egress Untagged 7 7 546 546
Step 5: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+eth0p0\s+101\s+PVID, Egress Untagged\s+(?!0)\d+\s+(?!0)\d+Show output
-------------------------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes -------------------------------------------------------------------------------------- br0 br0 101 PVID, Egress Untagged 7 8 546 592 br0 eth0p0 101 PVID, Egress Untagged 7 8 546 592
Test Switch Bridge Untagged To Tagged Port
Description
In this scenario the hardware switch is configured to bridge between eth0 in untagged mode and eth0p0 in tagged mode, which only allows traffic from eth0p0 sent on VLAN 101 and tags all traffic coming from eth0p0.
Scenario
Step 1: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set interfaces ethernet eth0 vrf A set system vrf A set interfaces ethernet eth0 vif 101 address 192.168.100.3/24 set interfaces ethernet eth0 vif 101 vrf B set system vrf B
Step 2: Set the following configuration in DUT0:
set interfaces bridge br0 vlan 101 pvid set interfaces bridge br0 vlan 101 untagged set interfaces bridge br0 address 192.168.100.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group vlan 101
Step 3: Expect a failure in the following command:
Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf A count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than A. PING 192.168.100.1 (192.168.100.1) from 192.168.100.2 A: 56(84) bytes of data. --- 192.168.100.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf B count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than B. PING 192.168.100.1 (192.168.100.1) from 192.168.100.3 B: 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.722 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.722/0.722/0.722/0.000 ms
Step 5: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+br0\s+101\s+PVID, Egress Untagged\s+(?!0)\d+\s+(?!0)\d+Show output
-------------------------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes -------------------------------------------------------------------------------------- br0 br0 101 PVID, Egress Untagged 8 10 678 866 br0 eth0p0 101 8 10 678 866
Step 6: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+eth0p0\s+101\s+(?!0)\d+\s+(?!0)\d+Show output
-------------------------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes -------------------------------------------------------------------------------------- br0 br0 101 PVID, Egress Untagged 8 10 678 866 br0 eth0p0 101 8 10 678 866
Test Switch Bridge Tagged To Untagged Port
Description
In this scenario, the hardware switch is configured to bridge eth0p0 in untagged mode and eth0 in tagged mode, only allowing traffic from eth0 sent on VLAN 101 to go through and tagging all traffic coming from eth0.
Scenario
Step 1: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set interfaces ethernet eth0 vrf A set system vrf A
Step 2: Set the following configuration in DUT0:
set interfaces bridge br0 vlan 101 set interfaces bridge br0 vif 101 address 192.168.100.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group vlan 101 pvid set interfaces ethernet eth0p0 bridge-group vlan 101 untagged
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf A count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than A. PING 192.168.100.1 (192.168.100.1) from 192.168.100.2 A: 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=392 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 391.965/391.965/391.965/0.000 ms
Step 4: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+br0\s+101\s+(?!0)\d+\s+(?!0)\d+Show output
-------------------------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes -------------------------------------------------------------------------------------- br0 br0 101 8 8 578 578 br0 eth0p0 101 PVID, Egress Untagged 8 8 578 578
Step 5: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+eth0p0\s+101\s+PVID, Egress Untagged\s+(?!0)\d+\s+(?!0)\d+Show output
-------------------------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes -------------------------------------------------------------------------------------- br0 br0 101 8 9 578 624 br0 eth0p0 101 PVID, Egress Untagged 8 9 578 624
Test Switch Bridge Tagged To Tagged Port
Description
In this scenario, the hardware switch is configured as a bridge between eth0 and eth0p0 in tagged mode, only allowing traffic sent on VLAN 101.
Scenario
Step 1: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set interfaces ethernet eth0 vrf A set system vrf A set interfaces ethernet eth0 vif 101 address 192.168.100.3/24 set interfaces ethernet eth0 vif 101 vrf B set system vrf B
Step 2: Set the following configuration in DUT0:
set interfaces bridge br0 vlan 101 set interfaces bridge br0 vif 101 address 192.168.100.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group vlan 101
Step 3: Expect a failure in the following command:
Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf A count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than A. PING 192.168.100.1 (192.168.100.1) from 192.168.100.2 A: 56(84) bytes of data. --- 192.168.100.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf B count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than B. PING 192.168.100.1 (192.168.100.1) from 192.168.100.3 B: 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.652 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.652/0.652/0.652/0.000 ms
Step 5: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+br0\s+101\s+(?!0)\d+\s+(?!0)\d+Show output
---------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes ---------------------------------------------------------------------- br0 br0 101 12 12 978 978 br0 eth0p0 101 12 12 978 978
Step 6: Run command interfaces bridge br0 show vlan statistics at DUT0 and check if output matches the following regular expressions:
br0\s+eth0p0\s+101\s+(?!0)\d+\s+(?!0)\d+Show output
---------------------------------------------------------------------- bridge port vid flags tx packets rx packets tx bytes rx bytes ---------------------------------------------------------------------- br0 br0 101 12 12 978 978 br0 eth0p0 101 12 12 978 978
Test Switch Allowed Macs
Description
In this scenario, the hardware switch is configured so that it only allows incoming traffic from a specific MAC address on port eth0p0.
Scenario
Step 1: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set interfaces ethernet eth0 vrf A set system vrf A set interfaces ethernet eth1 address 192.168.100.3/24 set interfaces ethernet eth1 vrf C set system vrf C
Step 2: Set the following configuration in DUT0:
set interfaces bridge br0 vlan 101 pvid set interfaces bridge br0 vlan 101 untagged set interfaces bridge br0 address 192.168.100.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group allowed-macs DE:AD:BE:EF:6C:20 set interfaces ethernet eth0p0 bridge-group vlan 101 pvid set interfaces ethernet eth0p0 bridge-group vlan 101 untagged
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf A count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than A. PING 192.168.100.1 (192.168.100.1) from 192.168.100.2 A: 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.48 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.482/1.482/1.482/0.000 ms
Step 4: Expect a failure in the following command:
Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 vrf C count 1 size 56 timeout 1Show output
ping: Warning: source address might be selected on device other than C. PING 192.168.100.1 (192.168.100.1) from 192.168.100.3 C: 56(84) bytes of data. --- 192.168.100.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms