Egress behavior when tag matches PVID

  • 24 March 2020
  • 3 replies



I have a question about Cumulus vlan awared brige egress behavior. Assume I have my switch configured as below, if I send below 3 frames from `swp1`, what does the 1q vlan tag look like on the `swp2` egress (when frames leave swp2)?

  1. Send untagged frame from swp1 to swp2
  2. Send .1q tag=1 frame from swp1 to swp2
  3. Send .1q tag=2 frame from swp1 to swp2

auto br

iface br0

    bridge-ports swp1 swp2

    bridge-pvid 1

    bridge-vids 1 2

    bridge-allow-untagged yes

    bridge-vlan-aware yes

OK, no one answer my question in an hour. Let me answer it myself. The answer is:

  1. untagged
  2. untagged
  3. tag=2

The answer for 1 and 3 are obvious. The problem is for 2. I’d expect it to be “tag=1”. Why? Because unlike 1, the tags for frames in case 2 are not added by the bridge. So to be symmetric, the bridge should also not remove them. However this is what we have today in Linux kernel bridge code. See for details. I think it is more like “easier to implement” than “what it should be”. Thoughts?

Userlevel 4

Thanks for providing the answer to your own question @chuyee !

No problem. But I’d like to know more about this behavior for other vendors if any one knows. For example, what does Cisco do for this case? Reading 802.1Q standard doesn’t provide much useful information except it mentions PVID is not recommended to match any legitimate traffic… So it’s totally vendor specific?