In both configurations your vlan and bridge logic is wrong.
In the first config
In the first config
- ether9 has a vlan interface (id 66)
- WAN ether1 has a vlan interface (id 66)
- then you add ether2-13 and both of these vlans in a bridge
Up till here the only issue is that you cannot use "VLAN66 Private" in the bridge because the parent interface ether9 is also in the bridge.
When an interface is "slave" to a bridge(master) all settings on that interface are irrelevant and the bridge should be addressed instead(ip/vlan/etc) - Then you instruct the bridge to tag vlan 66 on all ports
ether2-13 are ok
VLAN66 Private is disabled because the parent is a "slave"(ether9) thus being ignored
VLAN66 Public will have all untagged traffic and tagged vlan 66
But VlanId 66 will not work in VlanId66(VLAN66 Public) as this is not how you setup Q-in-Q vlan - Ip 192.168.100.1/24 should be set on the master port(bridge1) not on the slave(ether9)
Logically you have WAN ether1- tagged 66 traffic(VLAN66 Public)
- untagged traffic(basically your lan)
- tagged 66 traffic(from all other ports in the bridge, more likely discarded because of the badly formed packed)
- untagged traffic(internet)
- tagged 66 traffic(VLAN66 Public)
- bridge1 has a vlan interface (id 66)
- WAN ether1 has a vlan interface (id 66)
- then you add ether2-13 and both of these vlans in a bridge
Logically you cannot have a subinterface of the bridge(VLAN66 Private) in the same bridge
VLAN66 Public suffers from the same issue as the first config
Statistics: Posted by RhoAius — Fri Mar 08, 2024 4:55 pm