How do I forward VLAN-tagged Ethernet frames through a Linux bridge between two physical Ethernet interfaces?

## Background I am currently working on a device that uses a Beaglebone Black as the base board, and has a 3rd-party MAC/PHY attached to the breakout pins. ## Problem The desire is to forward all Ethernet packets received on one interface to the other interface, in both directions. Configuring a bridge between the two interfaces is simple enough:

ip link add name br0 type bridge
        ip link set dev br0 up
        ip link set eth0 up
        ip link set eth1 up
        ip link set dev eth0 master br0
        ip link set dev eth1 master br0

This works great until I start transmitting VLAN-tagged frames. If I tag the frame with VLAN ID 0 or 1, the frames are forwarded. Unfortunately, the VLAN tag is dropped before being transmitted on the other interface. If I tag with any other VLAN ID, the frame is not forwarded. ## Solution Attempt 1 The first thing I tried was to use ebtables: ebtables -A FORWARD -i br0 --vlan-id 2 -j ACCEPT This didn't have any effect. Even if it did, it wouldn't scale very well -- I'd have to add an entry for all VLAN IDs I wish to use. ## Solution Attempt 2 The second thing I tried was bridging sub-interfaces:

ip link add name br0.2 type bridge
ip link set dev br0.2 up
vconfig add eth0 1
vconfig add eth1 2
ip link set dev eth0.2 up
ip link set dev eth1.2 up
ip link set dev eth0.2 master br0.2
ip link set dev eth1.2 master br0.2

This works partially, but suffers from the same scaling problem as solution 1. I say it works partially, because the VLAN tag data is partially lost. Using tcpdump --x -i ethX, I observed the following when transmitting VLAN-tagged frames to the Beaglebone's onboard Ethernet interface (eth0): 1. When the packet arrives on eth0, the entire VLAN tag is present. 2. When the packet arrives on eth0.2, the VLAN tag has been stripped. 3. When the packet arrives on br0.2, the VLAN tag is still not present. 4. When the packet arrives on eth1.2, the VLAN tag is still not present. 5. When the packet arrives on eth1, a VLAN tag with the correct ID is present, but the priority has been lost. **Is there any way to preserve the entire VLAN tag as it passes through this chain of interfaces?** ## Solution Attempt 3 **VLAN-aware bridge**

ip link add name br0 type bridge vlan_filtering 1
ip link set dev br0 up
ip link set eth0 up
ip link set eth1 up
ip link set dev eth0 master br0
ip link set dev eth1 master br0
bridge vlan add vid 2-4094 dev br0 self
bridge vlan add vid 2-4094 dev eth0 master
bridge vlan add vid 2-4094 dev eth1 master

This would be a potentially ideal solution, since it doesn't suffer from the scaling problem of solution 2. However, the driver for the TI Ethernet switch fails to initialize when VLAN forwarding is enabled. The TI CPSW driver reports an error saying it is unable to initialize VLAN forwarding on the interface.