Scenario:
- eth0
- trunk interface with vlans 10 11 12 13 14 15
- native vlan on switch configured to 10
- eth0.11
- vlan interface, sees any traffic that came in on eth0 tagged with vlan 11
- …
- eth0.15
- vlan interface, sees any traffic that came in on eth0 tagged with vlan 15
Here's the problem – I want to be able to do a network capture of all traffic on 'eth0' but see ONLY vlan 10 traffic (anything that wasn't tagged).
Right now, a capture on eth0 will give me untagged frames from vlan 10, and tagged frames from vlans 11 through 15.
The workaround has simply been to reconfigure switch to have an unused native vlan on that port, and tag vlan 10, but this makes that ports configuration special/different from all the others. (Think a normal data+voice network port where you have regular traffic on native vlan and tagged frames for voice.) In that case, I'd want to be able to capture data frames, but no voice.
Another related need is when bridging – if I wanted to bridge JUST vlan0 to another port on the linux box – without also bridging all of the tagged frames – the same need would likely come into play.
Is there any way to configure a vlan interface that explicitly sees only the untagged traffic, and not the tagged frames within it?
Best Answer
Yes, you can use
ebtablesto filter out tagged packets. For example, you can use something similar to that: