1BRIDGE(8) Linux BRIDGE(8)
2
6 bridge - show / manipulate bridge addresses and devices
7
9 bridge [ OPTIONS ] OBJECT { COMMAND | help }
10 OBJECT := { link | fdb | mdb | vlan | monitor }
13 OPTIONS := { -V[ersion] | -s[tatistics] }
16 bridge link set dev DEV [ cost COST ] [ priority PRIO ] [ state
18 STATE] [ guard { on | off } ] [ hairpin { on | off } ] [
19 fastleave { on | off } ] [ root_block { on | off } ] [ hwmode {
20 vepa | veb } ]
21 bridge link [ show ] [ dev DEV ]
23 bridge fdb { add | append | del | replace } LLADDR dev DEV { local |
25 temp } { self } { router } [ dst IPADDR ] [ vni VNI ] [ port
26 PORT ] [ via DEVICE ]
27 bridge fdb [ show ] [ dev DEV ]
29 bridge mdb { add | del } dev DEV port PORT grp GROUP [ permanent | temp
31 ]
32 bridge mdb show [ dev DEV ]
34 bridge vlan { add | del } dev DEV vid VID [ pvid ] [ untagged ] [ self
36 ] [ master ]
37 bridge vlan [ show ] [ dev DEV ]
39 bridge monitor [ all | neigh | link | mdb ]
41
44 -V, -Version
45 print the version of the bridge utility and exit.
46 -s, -stats, -statistics
49 output more information. If this option is given multiple times,
50 the amount of information increases. As a rule, the information
51 is statistics or some time values.
52
56 OBJECT
57 link - Bridge port.
58 fdb - Forwarding Database entry.
61 mdb - Multicast group database entry.
64 vlan - VLAN filter list.
67 COMMAND
70 Specifies the action to perform on the object. The set of possible
71 actions depends on the object type. As a rule, it is possible to add,
72 delete and show (or list ) objects, but some objects do not allow all
73 of these operations or have some additional commands. The help command
74 is available for all objects. It prints out a list of available com‐
75 mands and argument syntax conventions.
76 If no command is given, some default command is assumed. Usually it is
78 list or, if the objects of this class cannot be listed, help.
79
82 link objects correspond to the port devices of the bridge.
83 The corresponding commands set and display port status and bridge spe‐
86 cific attributes.
87 bridge link set - set bridge specific attributes on a port
90 dev NAME
91 interface name of the bridge port
92 cost COST
95 the STP path cost of the specified port.
96 priority PRIO
99 the STP port priority. The priority value is an unsigned 8-bit
100 quantity (number between 0 and 255). This metric is used in the
101 designated port an droot port selectio algorithms.
102 state STATE
105 the operation state of the port. This is primarily used by user
106 space STP/RSTP implementation. The following is a list of valid
107 values:
108 0 - port is DISABLED. Make this port completely inactive.
110 1 - STP LISTENING state. Only valid if STP is enabled on the
113 brige. In this state the port for list for STP BPDUs and drop
114 all other traffic.
115 2 - STP LEARNING state. Only valid if STP is enabled on the
118 bridge. In this state the port will accept traffic only for the
119 purpose of updating MAC adress tables.
120 3 - STP FORWARDING state. Port is fully active.
123 4 - STP BLOCKING state. Only valid if STP is enabled on the
126 bridge. This state is used during the STP election process. In
127 this state, port will only process STP BPDUs.
128 guard on or guard off
132 Controls whether STP BPUDs will be processed by the bridge port.
133 By default, the flag is turned off allowed BPDU processing.
134 Turning this flag on will cause the port to stop processing STP
135 BPDUs.
136 hairpin on or hairpin off
139 Controls whether traffic may be send back out of the port on
140 which it was received. By default, this flag is turned off and
141 the bridge will not forward traffic back out of the receiving
142 port.
143 fastleave on or fastleave off
146 This flag allows the bridge to immediately stop multicast traf‐
147 fic on a port that receives IGMP Leave message. It is only used
148 with IGMP snooping is enabled on the bridge. By default the flag
149 is off.
150 root_block on or root_block off
153 Controls whether a given port is allowed to become root port or
154 not. Only used when STP is enabled on the bridge. By default the
155 flag is off.
156 hwmode Some network interface cards support HW bridge functionality and
159 they may be configured in different modes. Currently support
160 modes are:
161 vepa - Data sent between HW ports is sent on the wire to the
163 external switch.
164 veb - bridging happens in hardware.
166 bridge link show - list bridge port configuration.
169 This command displays the current bridge port configuration and flags.
170
173 fdb objects contain known Ethernet addresses on a link.
174 The corresponding commands display fdb entries, add new entries, append
177 entries, and delete old ones.
178 bridge fdb add - add a new fdb entry
181 This command creates a new fdb entry.
182 LLADDR the Ethernet MAC address.
185 dev DEV
188 the interface to which this address is associated.
189 self - the address is associated with a software fdb (default)
191 router - the destination address is associated with a router.
194 Valid if the referenced device is a VXLAN type device and has
195 route shortcircuit enabled.
196 The next command line parameters apply only when the specified device
199 DEV is of type VXLAN.
200 dst IPADDR
202 the IP address of the destination VXLAN tunnel endpoint where
203 the Ethernet MAC ADDRESS resides.
204 vni VNI
207 the VXLAN VNI Network Identifier (or VXLAN Segment ID) to use to
208 connect to the remote VXLAN tunnel endpoint. If omitted the
209 value specified at vxlan device creation will be used.
210 port PORT
213 the UDP destination PORT number to use to connect to the remote
214 VXLAN tunnel endpoint. If omitted the default value is used.
215 via DEVICE
218 device name of the outgoing interface for the VXLAN device
219 driver to reach the remote VXLAN tunnel endpoint.
220 bridge fdb append - append a forwarding database entry
223 This command adds a new fdb entry with an already known LLADDR. Valid
224 only for multicast link layer addresses. The command adds support for
225 broadcast and multicast Ethernet MAC addresses. The Ethernet MAC
226 address is added multiple times into the forwarding database and the
227 vxlan device driver sends a copy of the data packet to each entry
228 found.
229 The arguments are the same as with bridge fdb add,
232 bridge fdb delete - delete a forwarding database entry
235 This command removes an existing fdb entry.
236 The arguments are the same as with bridge fdb add.
239 bridge fdb replace - replace a forwarding database entry
242 This command replaces an already present fdb entry.
243 The arguments are the same as with bridge fdb add,
246 bridge fdb show - list forwarding entries.
249 This command displays the current forwarding table.
250 With the -statistics option, the command becomes verbose. It prints out
253 the last updated and last used time for each entry.
254
257 mdb objects contain known IP multicast group addresses on a link.
258 The corresponding commands display mdb entries, add new entries, and
261 delete old ones.
262 bridge mdb add - add a new multicast group database entry
265 This command creates a new mdb entry.
266 dev DEV
269 the interface where this group address is associated.
270 port PORT
273 the port whose link is known to have members of this multicast
274 group.
275 grp GROUP
278 the IP multicast group address whose members reside on the link
279 connected to the port.
280 permanent - the mdb entry is permanent
282 temp - the mdb entry is temporary (default)
285 bridge mdb delete - delete a multicast group database entry
289 This command removes an existing mdb entry.
290 The arguments are the same as with bridge mdb add.
293 bridge mdb show - list multicast group database entries
296 This command displays the current multicast group membership table. The
297 table is populated by IGMP and MLD snooping in the bridge driver auto‐
298 matically. It can be altered by bridge mdb add and bridge mdb del com‐
299 mands manually too.
300 dev DEV
303 the interface only whose entries should be listed. Default is to
304 list all bridge interfaces.
305 With the -details option, the command becomes verbose. It prints out
308 the ports known to have a connected router.
309
312 vlan objects contain known VLAN IDs for a link.
313 The corresponding commands display vlan filter entries, add new
316 entries, and delete old ones.
317 bridge vlan add - add a new vlan filter entry
320 This command creates a new vlan filter entry.
321 dev NAME
324 the interface with which this vlan is associated.
325 vid VID
328 the VLAN ID that identifies the vlan.
329 pvid the vlan specified is to be considered a PVID at ingress. Any
332 untagged frames will be assigned to this VLAN.
333 untagged
336 the vlan specified is to be treated as untagged on egress.
337 self the vlan is configured on the specified physical device.
340 Required if the device is the bridge device.
341 master the vlan is configured on the software bridge (default).
344 bridge vlan delete - delete a forwarding database entry
347 This command removes an existing fdb entry.
348 The arguments are the same as with bridge vlan add. The pvid and
351 untagged flags are ignored.
352 bridge vlan show - list vlan configuration.
355 This command displays the current VLAN filter table.
356
359 The bridge utility can monitor the state of devices and addresses con‐
360 tinuously. This option has a slightly different format. Namely, the
361 monitor command is the first in the command line and then the object
362 list follows:
363 bridge monitor [ all | OBJECT-LIST ]
365 OBJECT-LIST is the list of object types that we want to monitor. It
367 may contain link, fdb, and mdb. If no file argument is given, bridge
368 opens RTNETLINK, listens on it and dumps state changes in the format
369 described in previous sections.
370 If a file name is given, it does not listen on RTNETLINK, but opens the
373 file containing RTNETLINK messages saved in binary format and dumps
374 them. Such a history file can be generated with the
375
379 This command uses facilities added in Linux 3.0.
380 Although the forwarding table is maintained on a per-bridge device
382 basis the bridge device is not part of the syntax. This is a limitation
383 of the underlying netlink neighbour message protocol. When displaying
384 the forwarding table, entries for all bridges are displayed.
385 Add/delete/modify commands determine the underlying bridge device based
386 on the bridge to which the corresponding ethernet device is attached.
387 The Red Hat Enterprise Linux 6 kernel does not support changing bridge
389 ports (bridge link set), and listing or changing VLAN filter lists
390 (bridge vlan). Forwarding database management is supported on VXLAN
391 ports only (bridge fdb).
392
396 ip(8)
397
399 Please direct bugreports and patches to: <netdev@vger.kernel.org>
400
403 Original Manpage by Stephen Hemminger
404iproute2 1 August 2012 BRIDGE(8)