How to set up 802.1q trunking and bridging on Linux__linux

Http://net.doit.wisc.edu/~dwcarder/captivator/linux_trunking_bridging.txt

How to set up 802.1q trunking and bridging on Linux, which is the the "the" "the" the "a" to creating a CAPTIVATOR-GW appliance.

This example has eth2 as one side to the bridge (and would be we inside interface) and ETH3 as the outside interface. Both eth2 and Eth3 could use the same VLANs tags (numbers) for each bridge, or optionally we can use different tags for ea  CH side of the bridge. If you are want to connect the CAPTIVATOR-GW appliance to the same switch, you'll need to use different VLANs tags on the In  Ternal and external interfaces.  In our environment under which CAPTIVATOR-GW were developed, the Switch/router used is a Cisco Catalyst 6500  Clear up this VLAN numbing issue for you.

In theory if your use seperate VLAN tags, your could implement CAPTIVATOR-GW all with one interface.  
Dealing with Spanning-tree when hopping VLANs are specific to your environment and left as a excersise for the reader. (The easiest (and perhaps dangerous for you) workaround are shown in the CIsco iOS config example below).  Example:------------------------|     Router |  |
     Router |                ------------     ------------
          |
       |                VLAN 970 VLAN 972 |
          |                |
     |                           -----------------------------
     |
     |     |                           Cisco IOS Switch |----Trunk---> To access Points |    |    971,973 and Public Jacks |  
     GI3/1 GI3/2 |           -----------------------------
            |
            |           |
          |           Trunk Trunk 970,972 971,973 |
        |  -----------------------
        |
        Eth2 Eth3 |                     |
        |    |
        CAPTIVATOR-GW | ------------------------------Linux config--------------------# Disable routing just in Case:echo 0 >/proc/

Sys/net/ipv4/ip_forward # Setup Vlans:modprobe 8021q/sbin/vconfig add eth2 970/sbin/vconfig add eth2 972/sbin/vconfig add eth3 971/sbin/vconfig add eth3 973 # you should Added vlan with vid = 970 to IF-:eth2:-# Added vlans with vid = 972 to IF-:eth2:-# Added vlans with vid = 9 A to If-:eth3:-# Added VLANs with VID = 973 to If-:eth3:-# bring interfaces up ifconfig eth2 up ifconfig the up if Config eth2.970 up ifconfig eth2.972 up ifconfig eth3.971 up ifconfig eth3.973 up # Setup Bridging # Create a bridge cal Led "br970" and put VLANs 970 and 971 in it brctl ADDBR br970 brctl addif br970 eth2.970 brctl addif br970 eth3.971 # CRE  Ate a bridge called "br972" and put VLANs 972 and 973 in it brctl ADDBR br972 brctl addif br972 eth2.972 brctl the AddIf br972 eth3.973 # Bring the bridge virtual interfaces up on each bridge ifconfig br970 192.168.70.5 netmask 255.255.254.0 up if Config br972 192.168.72.5 netmask 255.255.254.0 Up # Verify-bridging config looks legit:brctl show # you should SE E something like: # # BRidge name Bridge ID STP enabled interfaces # br970 8000.000423AB99D8 No       eth2.970 # eth3.971 # br972 8000.000423ab99d8 No eth2.972 # eth3.973 brctl showmacs br970 # PO       RT No Mac addr is local?                Ageing Timer # 2 00:02:B3:CE:F5:FB no 274.74 # 1 00:04:23:ab:99:d8 Yes 0.00 # 2 00:04:23:ab:99:d9 Yes 0.00 # 1 00:0a:8b:bf:70:40 No 2       8.79 brctl Showmacs br972 # port no Mac addr is local?                Ageing Timer # 2 00:02:b3:ce:f6:0f no 11.69 # 1 00:04:23:ab:99:d8 Yes 0.00 # 2 00:04:23:ab:99:d9 Yes 0.00 # 1 00:0a:8b:bf:70:40 No 1 1.69 # you ' re moreor less done with the Linux side of things.



Now # You can set up your firewall rules.
--------Cisco IOS config bits (in were wondering):----------conf t vlan 970-973! int GI3/1 No IP address switchport switchport trunk encapsulation dot1q switchport trunk allowed VLAN 970,972 SWITCHP
ORT mode trunk no MDIX auto Storm-control broadcast level 10.00 Spanning-tree Bpdufilter Enable no CDP enable! int GI3/2 No IP address switchport switchport trunk encapsulation dot1q switchport trunk allowed VLAN 971,973 SWITCHP
ORT mode trunk no MDIX auto Storm-control broadcast level 10.00 Spanning-tree Bpdufilter Enable no CDP enable!
 End---------------$Id: linux_trunking_bridging.txt,v 1.2 2005/04/06 15:48:08 dwcarder EXP $