Hi Andrew, On 02/26/2016 04:35 PM, Andrew Lunn wrote: > On Fri, Feb 26, 2016 at 10:12:28PM +0000, Kevin Smith wrote: >> Hi Vivien, Andrew, >> >> On 02/26/2016 03:37 PM, Vivien Didelot wrote: >>> Here, 5 is the CPU port and 6 is a DSA port. >>> >>> After joining ports 0, 1, 2 in the same bridge, we end up with: >>> >>> Port 0 1 2 3 4 5 6 >>> 0 - * * - - * * >>> 1 * - * - - * * >>> 2 * * - - - * * >>> 3 - - - - - * * >>> 4 - - - - - * * >>> 5 * * * * * - * >>> 6 * * * * * * - >> The case I am concerned about is if the switch connected over DSA in >> this example has a WAN port on it, which can legitimately route to the >> CPU on port 5 but should not route to the LAN ports 0, 1, and 2. Does >> this VLAN allow direct communication between the WAN and LAN? Or is >> this prevented by DSA or some other mechanism? > A typical WIFI access point with a connection to a cable modem. > > So in linux you have interfaces like > > lan0, lan1, lan2, lan3, wan0 > > DSA provides you these interface. And by default they are all > separated. There is no path between them. You can consider them as > being separate physical ethernet cards, just like all other interfaces > in linux. > > What you would typically do is: > > brctl addbr br0 > brctl addif br0 lan0 > brctl addif br0 lan1 > brctl addif br0 lan2 > brctl addif br0 lan3 > > to create a bridge between the lan ports. The linux kernel will then > push this bridge configuration down into the hardware, so the switch > can forward frames between these ports. > > The wan port is not part of the bridge, so there is no L2 path to the > WAN port. You need to do IP routing on the CPU. > > Linux takes the stance that switch ports interfaces should act just > like any other linux interface and you configure them in the normal > linux way. > > Andrew
Thanks for the explanation. I am a bit befuddled by the combination of all the possible configurations of the switch and how they interact with Linux. :) I think I understand what is happening now. Kevin
