{ "content": [ { "type": "text", "text": "# bridge(8) (man)\n\n**Summary:** bridge - show / manipulate bridge addresses and devices\n\n**Synopsis:** bridge [ OPTIONS ] OBJECT { COMMAND | help }\nOBJECT := { link | fdb | mdb | vlan | monitor }\nOPTIONS := { -V[ersion] | -s[tatistics] | -n[etns] name | -b[atch] filename | -c[olor] |\n-p[retty] | -j[son] | -o[neline] }\nbridge link set dev DEV [ cost COST ] [ priority PRIO ] [ state STATE ] [ guard { on | off }\n] [ hairpin { on | off } ] [ fastleave { on | off } ] [ rootblock { on | off } ] [\nlearning { on | off } ] [ learningsync { on | off } ] [ flood { on | off } ] [ hw‐‐\nmode { vepa | veb } ] [ mcastflood { on | off } ] [ mcasttounicast { on | off } ]\n[ neighsuppress { on | off } ] [ vlantunnel { on | off } ] [ isolated { on | off }\n] [ backupport DEVICE ] [ nobackupport ] [ self ] [ master ]\nbridge link [ show ] [ dev DEV ]\nbridge fdb { add | append | del | replace } LLADDR dev DEV { local | static | dynamic } [\nself ] [ master ] [ router ] [ use ] [ externlearn ] [ sticky ] [ srcvni VNI ] { [\ndst IPADDR ] [ vni VNI ] [ port PORT ] [ via DEVICE ] | nhid NHID }\nbridge fdb [ [ show ] [ br BRDEV ] [ brport DEV ] [ vlan VID ] [ state STATE ] [ dynamic ] ]\nbridge fdb get [ to ] LLADDR [ br BRDEV ] { brport | dev } DEV [ vlan VID ] [ vni VNI ] [\nself ] [ master ] [ dynamic ]\nbridge mdb { add | del } dev DEV port PORT grp GROUP [ src SOURCE ] [ permanent | temp ] [\nvid VID ]\nbridge mdb show [ dev DEV ]\nbridge vlan { add | del } dev DEV vid VID [ tunnelinfo TUNNELID ] [ pvid ] [ untagged ] [\nself ] [ master ]\nbridge vlan set dev DEV vid VID [ state STPSTATE ]\nbridge vlan [ show | tunnelshow ] [ dev DEV ]\nbridge monitor [ all | neigh | link | mdb | vlan ]\n\n## Flags\n\n| Flag | Long | Arg | Description |\n|------|------|-----|-------------|\n| -V | — | — | print the version of the bridge utility and exit. |\n| -s | — | — | output more information. If this option is given multiple times, the amount of infor‐ mation increases. As a rule, the i |\n| -d | — | — | print detailed information about bridge vlan filter entries or MDB router ports. |\n| -n | — | — | switches bridge to the specified network namespace NETNS. Actually it just simplifies executing of: ip netns exec NETNS |\n| -b | — | — | Read commands from provided file or standard input and invoke them. First failure will cause termination of bridge comma |\n| — | — | — | ing execution of the commands, the application return code will be non zero. |\n| -c | — | — | Configure color output. If parameter is omitted or always, color output is enabled re‐ gardless of stdout state. If para |\n| -j | — | — | Output results in JavaScript Object Notation (JSON). |\n| -p | — | — | When combined with -j generate a pretty JSON output. |\n| -o | — | — | output each record on a single line, replacing line feeds with the '\\' character. This is convenient when you want to co |\n\n## See Also\n\n- ip(8)\n\n## Section Outline\n\n- **NAME** (2 lines)\n- **SYNOPSIS** (42 lines)\n- **OPTIONS** (1 lines) — 10 subsections\n - -V -Version (3 lines)\n - -s -stats -statistics (4 lines)\n - -d -details (3 lines)\n - -n -net -netns (10 lines)\n - -b -batch (4 lines)\n - -force (3 lines)\n - -c (7 lines)\n - -j -json (3 lines)\n - -p -pretty (3 lines)\n - -o -oneline (5 lines)\n- **BRIDGE - COMMAND SYNTAX** (24 lines) — 23 subsections\n - bridge link - bridge port (6 lines)\n - bridge link set - set bridge specific attributes on a port (161 lines)\n - -t -timestamp (3 lines)\n - bridge link show - list ports configuration for all bridges. (6 lines)\n - bridge fdb - forwarding database management (7 lines)\n - bridge fdb add - add a new fdb entry (88 lines)\n - bridge fdb append - append a forwarding database entry (9 lines)\n - bridge fdb delete - delete a forwarding database entry (6 lines)\n - bridge fdb replace - replace a forwarding database entry (6 lines)\n - bridge fdb show - list forwarding entries. (7 lines)\n - bridge fdb get - get bridge forwarding entry. (24 lines)\n - bridge mdb - multicast group database management (6 lines)\n - bridge mdb add - add a new multicast group database entry (32 lines)\n - bridge mdb delete - delete a multicast group database entry (6 lines)\n - bridge mdb show - list multicast group database entries (18 lines)\n - bridge vlan - VLAN filter list (6 lines)\n - bridge vlan add - add a new vlan filter entry (21 lines)\n - untagged (10 lines)\n - bridge vlan delete - delete a vlan filter entry (6 lines)\n - bridge vlan set - change vlan filter entry's options (39 lines)\n - bridge vlan show - list vlan configuration. (9 lines)\n - bridge vlan tunnelshow - list vlan tunnel mapping. (3 lines)\n - bridge monitor - state monitoring (15 lines)\n- **NOTES** (10 lines)\n- **SEE ALSO** (2 lines)\n- **BUGS** (3 lines)\n- **AUTHOR** (5 lines)\n\n## Full Content\n\n### NAME\n\nbridge - show / manipulate bridge addresses and devices\n\n### SYNOPSIS\n\nbridge [ OPTIONS ] OBJECT { COMMAND | help }\n\n\nOBJECT := { link | fdb | mdb | vlan | monitor }\n\n\nOPTIONS := { -V[ersion] | -s[tatistics] | -n[etns] name | -b[atch] filename | -c[olor] |\n-p[retty] | -j[son] | -o[neline] }\n\nbridge link set dev DEV [ cost COST ] [ priority PRIO ] [ state STATE ] [ guard { on | off }\n] [ hairpin { on | off } ] [ fastleave { on | off } ] [ rootblock { on | off } ] [\nlearning { on | off } ] [ learningsync { on | off } ] [ flood { on | off } ] [ hw‐‐\nmode { vepa | veb } ] [ mcastflood { on | off } ] [ mcasttounicast { on | off } ]\n[ neighsuppress { on | off } ] [ vlantunnel { on | off } ] [ isolated { on | off }\n] [ backupport DEVICE ] [ nobackupport ] [ self ] [ master ]\n\nbridge link [ show ] [ dev DEV ]\n\nbridge fdb { add | append | del | replace } LLADDR dev DEV { local | static | dynamic } [\nself ] [ master ] [ router ] [ use ] [ externlearn ] [ sticky ] [ srcvni VNI ] { [\ndst IPADDR ] [ vni VNI ] [ port PORT ] [ via DEVICE ] | nhid NHID }\n\nbridge fdb [ [ show ] [ br BRDEV ] [ brport DEV ] [ vlan VID ] [ state STATE ] [ dynamic ] ]\n\nbridge fdb get [ to ] LLADDR [ br BRDEV ] { brport | dev } DEV [ vlan VID ] [ vni VNI ] [\nself ] [ master ] [ dynamic ]\n\nbridge mdb { add | del } dev DEV port PORT grp GROUP [ src SOURCE ] [ permanent | temp ] [\nvid VID ]\n\nbridge mdb show [ dev DEV ]\n\nbridge vlan { add | del } dev DEV vid VID [ tunnelinfo TUNNELID ] [ pvid ] [ untagged ] [\nself ] [ master ]\n\nbridge vlan set dev DEV vid VID [ state STPSTATE ]\n\nbridge vlan [ show | tunnelshow ] [ dev DEV ]\n\nbridge monitor [ all | neigh | link | mdb | vlan ]\n\n### OPTIONS\n\n#### -V -Version\n\nprint the version of the bridge utility and exit.\n\n#### -s -stats -statistics\n\noutput more information. If this option is given multiple times, the amount of infor‐\nmation increases. As a rule, the information is statistics or some time values.\n\n#### -d -details\n\nprint detailed information about bridge vlan filter entries or MDB router ports.\n\n#### -n -net -netns\n\nswitches bridge to the specified network namespace NETNS. Actually it just simplifies\nexecuting of:\n\nip netns exec NETNS bridge [ OPTIONS ] OBJECT { COMMAND | help }\n\nto\n\nbridge -n[etns] NETNS [ OPTIONS ] OBJECT { COMMAND | help }\n\n#### -b -batch\n\nRead commands from provided file or standard input and invoke them. First failure\nwill cause termination of bridge command.\n\n#### -force\n\ning execution of the commands, the application return code will be non zero.\n\n#### -c\n\nConfigure color output. If parameter is omitted or always, color output is enabled re‐\ngardless of stdout state. If parameter is auto, stdout is checked to be a terminal be‐\nfore enabling color output. If parameter is never, color output is disabled. If speci‐\nfied multiple times, the last one takes precedence. This flag is ignored if -json is\nalso given.\n\n#### -j -json\n\nOutput results in JavaScript Object Notation (JSON).\n\n#### -p -pretty\n\nWhen combined with -j generate a pretty JSON output.\n\n#### -o -oneline\n\noutput each record on a single line, replacing line feeds with the '\\' character. This\nis convenient when you want to count records with wc(1) or to grep(1) the output.\n\n### BRIDGE - COMMAND SYNTAX\n\nOBJECT\nlink - Bridge port.\n\n\nfdb - Forwarding Database entry.\n\n\nmdb - Multicast group database entry.\n\n\nvlan - VLAN filter list.\n\n\nCOMMAND\nSpecifies the action to perform on the object. The set of possible actions depends on the\nobject type. As a rule, it is possible to add, delete and show (or list ) objects, but some\nobjects do not allow all of these operations or have some additional commands. The help com‐\nmand is available for all objects. It prints out a list of available commands and argument\nsyntax conventions.\n\nIf no command is given, some default command is assumed. Usually it is list or, if the ob‐\njects of this class cannot be listed, help.\n\n#### bridge link - bridge port\n\nlink objects correspond to the port devices of the bridge.\n\n\nThe corresponding commands set and display port status and bridge specific attributes.\n\n#### bridge link set - set bridge specific attributes on a port\n\ndev NAME\ninterface name of the bridge port\n\n\ncost COST\nthe STP path cost of the specified port.\n\n\npriority PRIO\nthe STP port priority. The priority value is an unsigned 8-bit quantity (number be‐\ntween 0 and 255). This metric is used in the designated port an droot port selection\nalgorithms.\n\n\nstate STATE\nthe operation state of the port. Except state 0 (disable STP or BPDU filter feature),\nthis is primarily used by user space STP/RSTP implementation. One may enter port state\nname (case insensitive), or one of the numbers below. Negative inputs are ignored, and\nunrecognized names return an error.\n\n0 - port is in STP DISABLED state. Make this port completely inactive for STP. This is\nalso called BPDU filter and could be used to disable STP on an untrusted port, like a\nleaf virtual devices.\n\n\n1 - port is in STP LISTENING state. Only valid if STP is enabled on the bridge. In\nthis state the port listens for STP BPDUs and drops all other traffic frames.\n\n\n2 - port is in STP LEARNING state. Only valid if STP is enabled on the bridge. In this\nstate the port will accept traffic only for the purpose of updating MAC address ta‐\nbles.\n\n\n3 - port is in STP FORWARDING state. Port is fully active.\n\n\n4 - port is in STP BLOCKING state. Only valid if STP is enabled on the bridge. This\nstate is used during the STP election process. In this state, port will only process\nSTP BPDUs.\n\n\n\nguard on or guard off\nControls whether STP BPDUs will be processed by the bridge port. By default, the flag\nis turned off allowed BPDU processing. Turning this flag on will disables the bridge\nport if a STP BPDU packet is received.\n\nIf running Spanning Tree on bridge, hostile devices on the network may send BPDU on a\nport and cause network failure. Setting guard on will detect and stop this by dis‐\nabling the port. The port will be restarted if link is brought down, or removed and\nreattached. For example if guard is enable on eth0:\n\nip link set dev eth0 down; ip link set dev eth0 up\n\n\nhairpin on or hairpin off\nControls whether traffic may be send back out of the port on which it was received.\nThis option is also called reflective relay mode, and is used to support basic VEPA\n(Virtual Ethernet Port Aggregator) capabilities. By default, this flag is turned off\nand the bridge will not forward traffic back out of the receiving port.\n\n\nfastleave on or fastleave off\nThis flag allows the bridge to immediately stop multicast traffic on a port that re‐\nceives IGMP Leave message. It is only used with IGMP snooping is enabled on the\nbridge. By default the flag is off.\n\n\nrootblock on or rootblock off\nControls whether a given port is allowed to become root port or not. Only used when\nSTP is enabled on the bridge. By default the flag is off.\n\nThis feature is also called root port guard. If BPDU is received from a leaf (edge)\nport, it should not be elected as root port. This could be used if using STP on a\nbridge and the downstream bridges are not fully trusted; this prevents a hostile guest\nfrom rerouting traffic.\n\n\nlearning on or learning off\nControls whether a given port will learn MAC addresses from received traffic or not.\nIf learning if off, the bridge will end up flooding any traffic for which it has no\nFDB entry. By default this flag is on.\n\n\nlearningsync on or learningsync off\nControls whether a given port will sync MAC addresses learned on device port to bridge\nFDB.\n\n\nflood on or flood off\nControls whether unicast traffic for which there is no FDB entry will be flooded to‐\nwards this given port. By default this flag is on.\n\n\nhwmode Some network interface cards support HW bridge functionality and they may be config‐\nured in different modes. Currently support modes are:\n\nvepa - Data sent between HW ports is sent on the wire to the external switch.\n\nveb - bridging happens in hardware.\n\n\nmcastflood on or mcastflood off\nControls whether multicast traffic for which there is no MDB entry will be flooded to‐\nwards this given port. By default this flag is on.\n\n\nmcasttounicast on or mcasttounicast off\nControls whether a given port will replicate packets using unicast instead of multi‐\ncast. By default this flag is off.\n\nThis is done by copying the packet per host and changing the multicast destination MAC\nto a unicast one accordingly.\n\nmcasttounicast works on top of the multicast snooping feature of the bridge. Which\nmeans unicast copies are only delivered to hosts which are interested in it and sig‐\nnalized this via IGMP/MLD reports previously.\n\nThis feature is intended for interface types which have a more reliable and/or effi‐\ncient way to deliver unicast packets than broadcast ones (e.g. WiFi).\n\nHowever, it should only be enabled on interfaces where no IGMPv2/MLDv1 report suppres‐\nsion takes place. IGMP/MLD report suppression issue is usually overcome by the network\ndaemon (supplicant) enabling AP isolation and by that separating all STAs.\n\nDelivery of STA-to-STA IP multicast is made possible again by enabling and utilizing\nthe bridge hairpin mode, which considers the incoming port as a potential outgoing\nport, too (see hairpin option). Hairpin mode is performed after multicast snooping,\ntherefore leading to only deliver reports to STAs running a multicast router.\n\n\nneighsuppress on or neighsuppress off\nControls whether neigh discovery (arp and nd) proxy and suppression is enabled on the\nport. By default this flag is off.\n\n\nvlantunnel on or vlantunnel off\nControls whether vlan to tunnel mapping is enabled on the port. By default this flag\nis off.\n\n\nisolated on or isolated off\nControls whether a given port will be isolated, which means it will be able to commu‐\nnicate with non-isolated ports only. By default this flag is off.\n\n\nbackupport DEVICE\nIf the port loses carrier all traffic will be redirected to the configured backup port\n\n\nnobackupport\nRemoves the currently configured backup port\n\n\nself link setting is configured on specified physical device\n\n\nmaster link setting is configured on the software bridge (default)\n\n#### -t -timestamp\n\ndisplay current time when using monitor option.\n\n#### bridge link show - list ports configuration for all bridges.\n\nThis command displays port configuration and flags for all bridges.\n\nTo display port configuration and flags for a specific bridge, use the \"ip link show master\n\" command.\n\n#### bridge fdb - forwarding database management\n\nfdb objects contain known Ethernet addresses on a link.\n\n\nThe corresponding commands display fdb entries, add new entries, append entries, and delete\nold ones.\n\n#### bridge fdb add - add a new fdb entry\n\nThis command creates a new fdb entry.\n\n\nLLADDR the Ethernet MAC address.\n\n\ndev DEV\nthe interface to which this address is associated.\n\nlocal - is a local permanent fdb entry, which means that the bridge will not forward\nframes with this destination MAC address and VLAN ID, but terminate them locally. This\nflag is default unless \"static\" or \"dynamic\" are explicitly specified.\n\n\npermanent - this is a synonym for \"local\"\n\n\nstatic - is a static (no arp) fdb entry\n\n\ndynamic - is a dynamic reachable age-able fdb entry\n\n\nself - the operation is fulfilled directly by the driver for the specified network de‐\nvice. If the network device belongs to a master like a bridge, then the bridge is by‐\npassed and not notified of this operation (and if the device does notify the bridge,\nit is driver-specific behavior and not mandated by this flag, check the driver for\nmore details). The \"bridge fdb add\" command can also be used on the bridge device it‐\nself, and in this case, the added fdb entries will be locally terminated (not for‐\nwarded). In the latter case, the \"self\" flag is mandatory. The flag is set by default\nif \"master\" is not specified.\n\n\nmaster - if the specified network device is a port that belongs to a master device\nsuch as a bridge, the operation is fulfilled by the master device's driver, which may\nin turn notify the port driver too of the address. If the specified device is a master\nitself, such as a bridge, this flag is invalid.\n\n\nrouter - the destination address is associated with a router. Valid if the referenced\ndevice is a VXLAN type device and has route short circuit enabled.\n\n\nuse - the address is in use. User space can use this option to indicate to the kernel\nthat the fdb entry is in use.\n\n\nexternlearn - this entry was learned externally. This option can be used to indicate\nto the kernel that an entry was hardware or user-space controller learnt dynamic en‐\ntry. Kernel will not age such an entry.\n\n\nsticky - this entry will not change its port due to learning.\n\n\nThe next command line parameters apply only when the specified device DEV is of type VXLAN.\n\ndst IPADDR\nthe IP address of the destination VXLAN tunnel endpoint where the Ethernet MAC ADDRESS\nresides.\n\n\nsrcvni VNI\nthe src VNI Network Identifier (or VXLAN Segment ID) this entry belongs to. Used only\nwhen the vxlan device is in external or collect metadata mode. If omitted the value\nspecified at vxlan device creation will be used.\n\n\nvni VNI\nthe VXLAN VNI Network Identifier (or VXLAN Segment ID) to use to connect to the remote\nVXLAN tunnel endpoint. If omitted the value specified at vxlan device creation will\nbe used.\n\n\nport PORT\nthe UDP destination PORT number to use to connect to the remote VXLAN tunnel endpoint.\nIf omitted the default value is used.\n\n\nvia DEVICE\ndevice name of the outgoing interface for the VXLAN device driver to reach the remote\nVXLAN tunnel endpoint.\n\n\nnhid NHID\necmp nexthop group for the VXLAN device driver to reach remote VXLAN tunnel endpoints.\n\n#### bridge fdb append - append a forwarding database entry\n\nThis command adds a new fdb entry with an already known LLADDR. Valid only for multicast\nlink layer addresses. The command adds support for broadcast and multicast Ethernet MAC ad‐\ndresses. The Ethernet MAC address is added multiple times into the forwarding database and\nthe vxlan device driver sends a copy of the data packet to each entry found.\n\n\nThe arguments are the same as with bridge fdb add.\n\n#### bridge fdb delete - delete a forwarding database entry\n\nThis command removes an existing fdb entry.\n\n\nThe arguments are the same as with bridge fdb add.\n\n#### bridge fdb replace - replace a forwarding database entry\n\nIf no matching entry is found, a new one will be created instead.\n\n\nThe arguments are the same as with bridge fdb add.\n\n#### bridge fdb show - list forwarding entries.\n\nThis command displays the current forwarding table.\n\n\nWith the -statistics option, the command becomes verbose. It prints out the last updated and\nlast used time for each entry.\n\n#### bridge fdb get - get bridge forwarding entry.\n\nlookup a bridge forwarding table entry.\n\n\nLLADDR the Ethernet MAC address.\n\n\ndev DEV\nthe interface to which this address is associated.\n\n\nbrport DEV\nthe bridge port to which this address is associated. same as dev above.\n\n\nbr DEV the bridge to which this address is associated.\n\n\nself - the address is associated with the port drivers fdb. Usually hardware.\n\n\nmaster - the address is associated with master devices fdb. Usually software (default).\n\n#### bridge mdb - multicast group database management\n\nmdb objects contain known IP or L2 multicast group addresses on a link.\n\n\nThe corresponding commands display mdb entries, add new entries, and delete old ones.\n\n#### bridge mdb add - add a new multicast group database entry\n\nThis command creates a new mdb entry.\n\n\ndev DEV\nthe interface where this group address is associated.\n\n\nport PORT\nthe port whose link is known to have members of this multicast group.\n\n\ngrp GROUP\nthe multicast group address (IPv4, IPv6 or L2 multicast) whose members reside on the\nlink connected to the port.\n\npermanent - the mdb entry is permanent. Optional for IPv4 and IPv6, mandatory for L2.\n\n\ntemp - the mdb entry is temporary (default)\n\n\n\nsrc SOURCE\noptional source IP address of a sender for this multicast group. If IGMPv3 for IPv4,\nor MLDv2 for IPv6 respectively, are enabled it will be included in the lookup when\nforwarding multicast traffic.\n\n\nvid VID\nthe VLAN ID which is known to have members of this multicast group.\n\n#### bridge mdb delete - delete a multicast group database entry\n\nThis command removes an existing mdb entry.\n\n\nThe arguments are the same as with bridge mdb add.\n\n#### bridge mdb show - list multicast group database entries\n\nThis command displays the current multicast group membership table. The table is populated by\nIGMP and MLD snooping in the bridge driver automatically. It can be altered by bridge mdb add\nand bridge mdb del commands manually too.\n\n\ndev DEV\nthe interface only whose entries should be listed. Default is to list all bridge in‐\nterfaces.\n\n\nWith the -details option, the command becomes verbose. It prints out the ports known to have\na connected router.\n\n\nWith the -statistics option, the command displays timer values for mdb and router port en‐\ntries.\n\n#### bridge vlan - VLAN filter list\n\nvlan objects contain known VLAN IDs for a link.\n\n\nThe corresponding commands display vlan filter entries, add new entries, and delete old ones.\n\n#### bridge vlan add - add a new vlan filter entry\n\nThis command creates a new vlan filter entry.\n\n\ndev NAME\nthe interface with which this vlan is associated.\n\n\nvid VID\nthe VLAN ID that identifies the vlan.\n\n\ntunnelinfo TUNNELID\nthe TUNNEL ID that maps to this vlan. The tunnel id is set in dstmetadata for every\npacket that belongs to this vlan (applicable to bridge ports with vlantunnel flag\nset).\n\n\npvid the vlan specified is to be considered a PVID at ingress. Any untagged frames will be\nassigned to this VLAN.\n\n#### untagged\n\nthe vlan specified is to be treated as untagged on egress.\n\n\nself the vlan is configured on the specified physical device. Required if the device is the\nbridge device.\n\n\nmaster the vlan is configured on the software bridge (default).\n\n#### bridge vlan delete - delete a vlan filter entry\n\nThis command removes an existing vlan filter entry.\n\n\nThe arguments are the same as with bridge vlan add. The pvid and untagged flags are ignored.\n\n#### bridge vlan set - change vlan filter entry's options\n\nThis command changes vlan filter entry's options.\n\n\ndev NAME\nthe interface with which this vlan is associated.\n\n\nvid VID\nthe VLAN ID that identifies the vlan.\n\n\nstate STPSTATE\nthe operation state of the vlan. One may enter STP state name (case insensitive), or\none of the numbers below. Negative inputs are ignored, and unrecognized names return\nan error. Note that the state is set only for the vlan of the specified device, e.g.\nif it is a bridge port then the state will be set only for the vlan of the port.\n\n0 - vlan is in STP DISABLED state. Make this vlan completely inactive for STP. This is\nalso called BPDU filter and could be used to disable STP on an untrusted vlan.\n\n\n1 - vlan is in STP LISTENING state. Only valid if STP is enabled on the bridge. In\nthis state the vlan listens for STP BPDUs and drops all other traffic frames.\n\n\n2 - vlan is in STP LEARNING state. Only valid if STP is enabled on the bridge. In this\nstate the vlan will accept traffic only for the purpose of updating MAC address ta‐\nbles.\n\n\n3 - vlan is in STP FORWARDING state. This is the default vlan state.\n\n\n4 - vlan is in STP BLOCKING state. Only valid if STP is enabled on the bridge. This\nstate is used during the STP election process. In this state, the vlan will only\nprocess STP BPDUs.\n\n#### bridge vlan show - list vlan configuration.\n\nThis command displays the current VLAN filter table.\n\n\nWith the -details option, the command becomes verbose. It displays the per-vlan options.\n\n\nWith the -statistics option, the command displays per-vlan traffic statistics.\n\n#### bridge vlan tunnelshow - list vlan tunnel mapping.\n\nThis command displays the current vlan tunnel info mapping.\n\n#### bridge monitor - state monitoring\n\nThe bridge utility can monitor the state of devices and addresses continuously. This option\nhas a slightly different format. Namely, the monitor command is the first in the command\nline and then the object list follows:\n\nbridge monitor [ all | OBJECT-LIST ]\n\nOBJECT-LIST is the list of object types that we want to monitor. It may contain link, fdb,\nvlan and mdb. If no file argument is given, bridge opens RTNETLINK, listens on it and dumps\nstate changes in the format described in previous sections.\n\n\nIf a file name is given, it does not listen on RTNETLINK, but opens the file containing RT‐\nNETLINK messages saved in binary format and dumps them.\n\n### NOTES\n\nThis command uses facilities added in Linux 3.0.\n\nAlthough the forwarding table is maintained on a per-bridge device basis the bridge device is\nnot part of the syntax. This is a limitation of the underlying netlink neighbour message pro‐\ntocol. When displaying the forwarding table, entries for all bridges are displayed.\nAdd/delete/modify commands determine the underlying bridge device based on the bridge to\nwhich the corresponding ethernet device is attached.\n\n### SEE ALSO\n\nip(8)\n\n### BUGS\n\nPlease direct bugreports and patches to: \n\n### AUTHOR\n\nOriginal Manpage by Stephen Hemminger\n\n\n\niproute2 1 August 2012 BRIDGE(8)\n\n" } ], "structuredContent": { "command": "bridge", "section": "8", "mode": "man", "summary": "bridge - show / manipulate bridge addresses and devices", "synopsis": "bridge [ OPTIONS ] OBJECT { COMMAND | help }\nOBJECT := { link | fdb | mdb | vlan | monitor }\nOPTIONS := { -V[ersion] | -s[tatistics] | -n[etns] name | -b[atch] filename | -c[olor] |\n-p[retty] | -j[son] | -o[neline] }\nbridge link set dev DEV [ cost COST ] [ priority PRIO ] [ state STATE ] [ guard { on | off }\n] [ hairpin { on | off } ] [ fastleave { on | off } ] [ rootblock { on | off } ] [\nlearning { on | off } ] [ learningsync { on | off } ] [ flood { on | off } ] [ hw‐‐\nmode { vepa | veb } ] [ mcastflood { on | off } ] [ mcasttounicast { on | off } ]\n[ neighsuppress { on | off } ] [ vlantunnel { on | off } ] [ isolated { on | off }\n] [ backupport DEVICE ] [ nobackupport ] [ self ] [ master ]\nbridge link [ show ] [ dev DEV ]\nbridge fdb { add | append | del | replace } LLADDR dev DEV { local | static | dynamic } [\nself ] [ master ] [ router ] [ use ] [ externlearn ] [ sticky ] [ srcvni VNI ] { [\ndst IPADDR ] [ vni VNI ] [ port PORT ] [ via DEVICE ] | nhid NHID }\nbridge fdb [ [ show ] [ br BRDEV ] [ brport DEV ] [ vlan VID ] [ state STATE ] [ dynamic ] ]\nbridge fdb get [ to ] LLADDR [ br BRDEV ] { brport | dev } DEV [ vlan VID ] [ vni VNI ] [\nself ] [ master ] [ dynamic ]\nbridge mdb { add | del } dev DEV port PORT grp GROUP [ src SOURCE ] [ permanent | temp ] [\nvid VID ]\nbridge mdb show [ dev DEV ]\nbridge vlan { add | del } dev DEV vid VID [ tunnelinfo TUNNELID ] [ pvid ] [ untagged ] [\nself ] [ master ]\nbridge vlan set dev DEV vid VID [ state STPSTATE ]\nbridge vlan [ show | tunnelshow ] [ dev DEV ]\nbridge monitor [ all | neigh | link | mdb | vlan ]", "flags": [ { "flag": "-V", "long": null, "arg": null, "description": "print the version of the bridge utility and exit." }, { "flag": "-s", "long": null, "arg": null, "description": "output more information. If this option is given multiple times, the amount of infor‐ mation increases. As a rule, the information is statistics or some time values." }, { "flag": "-d", "long": null, "arg": null, "description": "print detailed information about bridge vlan filter entries or MDB router ports." }, { "flag": "-n", "long": null, "arg": null, "description": "switches bridge to the specified network namespace NETNS. Actually it just simplifies executing of: ip netns exec NETNS bridge [ OPTIONS ] OBJECT { COMMAND | help } to bridge -n[etns] NETNS [ OPTIONS ] OBJECT { COMMAND | help }" }, { "flag": "-b", "long": null, "arg": null, "description": "Read commands from provided file or standard input and invoke them. First failure will cause termination of bridge command." }, { "flag": "", "long": null, "arg": null, "description": "ing execution of the commands, the application return code will be non zero." }, { "flag": "-c", "long": null, "arg": null, "description": "Configure color output. If parameter is omitted or always, color output is enabled re‐ gardless of stdout state. If parameter is auto, stdout is checked to be a terminal be‐ fore enabling color output. If parameter is never, color output is disabled. If speci‐ fied multiple times, the last one takes precedence. This flag is ignored if -json is also given." }, { "flag": "-j", "long": null, "arg": null, "description": "Output results in JavaScript Object Notation (JSON)." }, { "flag": "-p", "long": null, "arg": null, "description": "When combined with -j generate a pretty JSON output." }, { "flag": "-o", "long": null, "arg": null, "description": "output each record on a single line, replacing line feeds with the '\\' character. This is convenient when you want to count records with wc(1) or to grep(1) the output." } ], "examples": [], "see_also": [ { "name": "ip", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/ip/8/json" } ], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 42, "subsections": [] }, { "name": "OPTIONS", "lines": 1, "subsections": [ { "name": "-V -Version", "lines": 3, "flag": "-V" }, { "name": "-s -stats -statistics", "lines": 4, "flag": "-s" }, { "name": "-d -details", "lines": 3, "flag": "-d" }, { "name": "-n -net -netns", "lines": 10, "flag": "-n" }, { "name": "-b -batch", "lines": 4, "flag": "-b" }, { "name": "-force", "lines": 3 }, { "name": "-c", "lines": 7, "flag": "-c" }, { "name": "-j -json", "lines": 3, "flag": "-j" }, { "name": "-p -pretty", "lines": 3, "flag": "-p" }, { "name": "-o -oneline", "lines": 5, "flag": "-o" } ] }, { "name": "BRIDGE - COMMAND SYNTAX", "lines": 24, "subsections": [ { "name": "bridge link - bridge port", "lines": 6 }, { "name": "bridge link set - set bridge specific attributes on a port", "lines": 161 }, { "name": "-t -timestamp", "lines": 3, "flag": "-t" }, { "name": "bridge link show - list ports configuration for all bridges.", "lines": 6 }, { "name": "bridge fdb - forwarding database management", "lines": 7 }, { "name": "bridge fdb add - add a new fdb entry", "lines": 88 }, { "name": "bridge fdb append - append a forwarding database entry", "lines": 9 }, { "name": "bridge fdb delete - delete a forwarding database entry", "lines": 6 }, { "name": "bridge fdb replace - replace a forwarding database entry", "lines": 6 }, { "name": "bridge fdb show - list forwarding entries.", "lines": 7 }, { "name": "bridge fdb get - get bridge forwarding entry.", "lines": 24 }, { "name": "bridge mdb - multicast group database management", "lines": 6 }, { "name": "bridge mdb add - add a new multicast group database entry", "lines": 32 }, { "name": "bridge mdb delete - delete a multicast group database entry", "lines": 6 }, { "name": "bridge mdb show - list multicast group database entries", "lines": 18 }, { "name": "bridge vlan - VLAN filter list", "lines": 6 }, { "name": "bridge vlan add - add a new vlan filter entry", "lines": 21 }, { "name": "untagged", "lines": 10 }, { "name": "bridge vlan delete - delete a vlan filter entry", "lines": 6 }, { "name": "bridge vlan set - change vlan filter entry's options", "lines": 39 }, { "name": "bridge vlan show - list vlan configuration.", "lines": 9 }, { "name": "bridge vlan tunnelshow - list vlan tunnel mapping.", "lines": 3 }, { "name": "bridge monitor - state monitoring", "lines": 15 } ] }, { "name": "NOTES", "lines": 10, "subsections": [] }, { "name": "SEE ALSO", "lines": 2, "subsections": [] }, { "name": "BUGS", "lines": 3, "subsections": [] }, { "name": "AUTHOR", "lines": 5, "subsections": [] } ] } }