Page MenuHomeVyOS Platform
Create Task
Maniphest T3534

VLAN cannot be both `allowd-vlan` and `native-vlan`
Closed, InvalidPublicBUG
Actions

Description

Due to the lack of validation logic, when the following illegal command is executed

set interfaces ethernet eth0
set interfaces bridge br0 enable-vlan
set interfaces bridge br0 member interface eth0 allow-vlan 1
set interfaces bridge br0 member interface eth0 native-vlan 1
commit

图片.png (620×963 px, 11 KB)

This is not allowed, because a VLAN on the same port can only be specific to one of allowed-vlan or native-vlan.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

jack9603301 changed the task status from Open to In progress.May 11 2021, 5:34 AM
jack9603301 triaged this task as Normal priority.
jack9603301 created this task.
jack9603301 moved this task from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
runar added a subscriber: runar.EditedMay 11 2021, 5:55 AM

Please make it so when both are present the native-vlan command is used.. do not throw an exception as this would make configuration much harder, as a eg. allow-vlan 1-4096, native-vlan 50 will be impossible to configure... Splitting up the allow-vlan and redoing it just to change native-vlan is work that the scripts should do in the backend and not have the user do it

pasik added a subscriber: pasik.May 11 2021, 6:24 AM
jack9603301 renamed this task from VLAN can be `allow-vlan` and `native-vlan` at the same time to VLAN cannot be both `allow-vlan` and `native-vlan`.May 11 2021, 6:53 AM
jack9603301 added a comment.May 11 2021, 11:25 AM

@runar I just checked the current implementation. It seems that the current configuration is replacing "allowed VLAN" with "native VLAN", but there is no warning. I add a warning!

jack9603301 added a comment.May 11 2021, 2:51 PM

PR: https://github.com/vyos/vyos-1x/pull/835

jack9603301 renamed this task from VLAN cannot be both `allow-vlan` and `native-vlan` to VLAN cannot be both `allowd-vlan` and `native-vlan`.May 11 2021, 3:06 PM
jack9603301 updated the task description. (Show Details)
c-po added a subscriber: c-po.May 11 2021, 5:13 PM

Why should a warning be printed?

Silicon Switches from A or C flavor support the follwoing:

switchport trunk allowed vlan 100-1000
switchport trunk native vlan 200
switchport mode trunk

So I see no reason to not have this supported. IN my opinion we do not need a warning printed here.

runar added a comment.May 11 2021, 5:18 PM

I agree with @c-po, no warning is needed inbthis case

jack9603301 added a comment.May 11 2021, 5:27 PM

OK, it seems that this problem doesn't need any repair and will be closed

jack9603301 closed this task as Invalid.May 11 2021, 5:27 PM
jack9603301 moved this task from In Progress to Finished on the VyOS 1.4 Sagitta board.