10.6. Bridge¶

You can find the Bridge Settings at Interfaces → Assign → Bridge.

Bridges are VLAN aware meaning that you can define VLANs on them and assign them to ports as either tagged or one of them as untagged.

A VLAN aware Bridge works like a switch.

Bridge can only be configured on top of:

Physical Interfaces

Bond

OpenVPN Interface

You can pick and change the interfaces in a Bridge on the Edit or Add option of the Bridge.

10.6.1. Create New Bridge¶

In order to create a Bridge between two or more Interfaces, the corresponding Interfaces need to be enabled in their settings page (see Configure Interfaces).

10.6.2. Bridge VLAN¶

The bridge must have a default (non tagged) VLAN defined. The bridge will not be active and enabled unless you assign the Bridge to an interface and enable it.

You can then define additional VLANs either single VLANs or a range (e.g. 100-200). Only defined VLANs will be forwarded on the Bridge.

In Order to use IP Addresses or firewall rules on the Bridge you have to create a VLAN on the bridge under VLAN and assign it to an Interface.

You can not filter traffic on the bridge itself but only on VLAN interfaces on the bridge. The bridge automatically passes all other traffic through the firewall.

10.6.3. STP/RSTP¶

VT AIR supports RSTP which works with STP and MSTP. You can enable RSTP and also set the STP Treepriority.

Assign to new Interface is an option shown when you create a new VLAN and it will automatically assign the Interfaces as described in Assign Interfaces.

10.6.4. Bridge Port Settings¶

After you saved the Bridge, you an also configure settings for each individual bridge port.

MTU can be set on a per port basis

Speed and Duplex can be set on a per port basis

Enable Untagged VLAN if you want an untagged VLAN on the port. You can also have only tagged VLANs by disabling this option.

Untagged Port VLAN sets the untagged VLAN.

Bridgevlans can be enabled individually when they are defined on the Bridge. Be aware that you can not enable a subset of the defined VLANS. You would need to define each VLAN or VLAN range that you want to enable individually and enable them on the corresponding ports.

10.6.5. Bridging Scenarios¶

Bridging multiple sites together

In order to create a single network out of multiple physical networks, Tunnels and Bridging can be used. First create a GRETAP Tunnel Interface as described in Tunnel.

Create a new Bridge (as described above) that bridges the local Interface to the GRETAP Tunnel Interface.

Note

Pay special attention that none of the selected Interfaces has a local IP address assigned to it! For physical Interfaces set the IPvX Type to None. For the GRETAP Tunnel Interface leave the Local Tunnel IP Address empty.

Next, create a VLAN under Interfaces → Assign → VLANs as described in VLAN on the Bidge’s Interface (e.g. br0), and assign an ID.

Enter the VLAN’s ID in the VLAN settings of the Bridge under Interfaces → Assign → Bridge.

Go to Interfaces → Assign and change your LAN Interface’s settings to the VLAN on the Bridge’s Interface (e.g. br0.1 for Bridge br0 and VLAN 1). Alternatively you can create a new Interface.

Configure your LAN/Interface with your desired IPvX Type and activate the Interface.

In order for traffic to move through the Tunnel you need to create a set of Firewall rules.

If your GRETAP Tunnel Interface was configured with the WAN address as the Tunnel endpoint go to Firewall → Rules → WAN and click Add.

Select GRE as the Protocol, enter the Remote Public IP address of your GRETAP Tunnel as the Source IP and select WAN address as the destination.

Save the new Firewall Rule. You may wish to encrypt your site-to-site traffic with an IPsec VPN on top of your GRETAP tunnel. See GRE over IPSec for further details.