Hi all,
thanks for all your answers!
I think I found the solution:
all bridge parameters must go into the first iface stanza.
Subsequent stanzas configure IPs and/or DHCP.
Using allow-hotplug instead of auto, the bridge is not bought up
at boot and can be started asynchrously by some script.
Yesterday I was sure that I tested this as one of the options,
even at the very beginning; obviously I made a mistake, sorry.
Working Example:
auto eth1.77
iface eth1.77 inet manual
auto eth2.78
iface eth2.78 inet manual
allow-hotplug br0
iface br0 inet static
bridge_ports eth0 eth1.77 eth2.78
bridge_stp on
bridge_waitport 0
bridge_fd 3
bridge_maxwait 0
address 172.22.9.2
netmask 255.255.0.0
iface br0 inet static
address 10.1.4.1
netmask 255.255.255.248
iface br0 inet dhcp
(works even without any eth0 stanza)
I reply any to Bzzz, Curt and Karl, but in one single mail
to keep list traffic lower. I hope this helps instead of just
adding confusion :)
On Wed, Jun 4, 2014 at 8:17 PM, Bzzz <lazyvi...@gmx.com> wrote:
> ifconfig br0:1 192.168.1.201
Yes, even when replacing this deprecated command by
$ ip addr 192.168.1.201/24 dev br0
it works
(this I meant with "configuring manually with `ip', `brctl' etc.").
On Wed, Jun 4, 2014 at 8:28 PM, Curt <cu...@free.fr> wrote:
> You looked here already?
> https://wiki.debian.org/BridgeNetworkConnections
Yes, I did, similar as the man page, it contains a simple
single-IP example only.
On Wed, Jun 4, 2014 at 10:25 PM, <k...@jorgensen.org.uk> wrote:
>> otherwise no bridge can use it any only gives an error message
>> like "interface eth3.14 does not exist!".
>
> Hm. have you got the "vlan" package installed?
No, I don't have. I know that installing this package breaks VLAN
configuration on Debian 7 (in contrast to the documentation).
See also:
https://lists.debian.org/debian-user/2013/10/msg01069.html
https://lists.debian.org/debian-user/2013/10/msg01065.html
>> auto eth3.10
>> iface eth3.10 inet static
>> address 10.72.9.17
>> netmask 255.255.255.248
>> iface eth3.10 inet static
>> address 10.72.9.25
>> netmask 255.255.255.248
>
> Hm.. it doesn't complain about having multiple stanzas with the name
> iface !? (I'm surprised here, so I may well learn something)
No, it doesn't complain. I think this is the way to set multiple
IP address, am I wrong?
>> The same approach as for Ethernet does not work for Bridges:
>>
>> iface br1 inet static
>> address 10.1.1.1
>> netmask 255.255.255.248
>> bridge_ports eth3.10
>> bridge_maxwait 0
>> iface br1 inet static
>> address 10.1.1.9
>> netmask 255.255.255.248
>> bridge_ports eth3.11
>> bridge_ports eth3.12
>> bridge_maxwait 0
>>
>> This adds all interfaces to br1, but only the IP address from the
>> last block.
>
> And you're bridging VLANs 10,11 and 12. Very unusual. If the VLANs
> should be bridged, this is usually done on the switch...
Yes, this example is artificial; better would be eth1.10, eth2.11, eth3.12.
Background:
I think we can assume this box "is the switch".
Later I'll need to bridge something like
- br0: wlan1 eth2.1 eth3.1 eth4.1
- ...
- brN: wlanN eth2.N eth3.N eth4.N
or such, each with several IP addresses.
> Using a DHCP address on a bridge interface is .. unusual. But I guess
> there must be use cases where it is valid.
Some shall support DHCP to ease some maintenance/testing.
Key factor is that DHCP support shall not get lost when using bridging.
> I'd suggest something like this:
>
> # ---8<-- cut here ---8<---
> auto br0
> iface br0 inet dhcp
> bridge-ports eth3
> post-up ip address add 10.1.1.1/24 dev br0
> post-up ip address add 10.1.1.9/24 dev br0
> # ---8<-- cut here ---8<---
yeah, I so far I hesitated from "scripting inside configs", it looks
to "dangerous" (where does the scripting logs? what about error handling?),
and I think Debian supports multiple IP addresses (without writing an own
script calling ip addr ...).
> or alternatively:
> auto br0:
mmm... I'm afraid using deprecated features may lead into trouble in future?
(With vlan package I already met a few :))
> I assume you only want ONE IP address from DHCP :-)
yes, up to one per VLAN.
> In general, I suspect that you are confusing VLANs with IP aliasing:
Thanks for this nice summary. Yes, it is really easy to confuse that,
but here I hope it didn't happen.
Regards,
Steffen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/caobounn0kgcbexnx1a+het7i69kt5pwr3comsnxucrjjzkm...@mail.gmail.com
