Linux Bridge Command Examples

August 10, 2022•530 words

The 'brctl' utility from the bridge-utils package has been deprecated for some time, in favour of the 'bridge' command that comes as part of iproute2.

How to use the commands to get information on Linux bridges is not as clear, so I'm jotting down some quick one liners, mostly to help me remember.

NOTE: The '-br' on the 'ip' commands is for 'brief' output, they can be run without this to show more verbose information. You can use '-br' with all 'ip' commands, it's nothing to do with bridges. The 'br' used in some of the 'bridge' commands is different, however, and used to specify what bridge to perform the operation on.

Show bridges configured on the system

ip -br link show type bridge

me@server:~$ ip -br link show type bridge
private          UP             4c:d9:8f:6d:a9:70 <BROADCAST,MULTICAST,UP,LOWER_UP> 
public           UP             4c:d9:8f:6d:a9:70 <BROADCAST,MULTICAST,UP,LOWER_UP>

Show interfaces that are part of a given bridge

ip -br link show master <bridge_name>

me@server:~$ ip -br link show master private
eno1             UP             4c:d9:8f:6d:a9:70 <BROADCAST,MULTICAST,UP,LOWER_UP> 
tap0             UNKNOWN        fe:d9:bb:17:47:9c <BROADCAST,MULTICAST,UP,LOWER_UP> 
tap2             UNKNOWN        fe:b0:9b:fb:5e:e3 <BROADCAST,MULTICAST,UP,LOWER_UP> 
tap1             UNKNOWN        fe:11:ca:71:89:1e <BROADCAST,MULTICAST,UP,LOWER_UP>

Display MAC address / forwarding table for a given bridge

bridge fdb show br <bridge_name>

me@server:~$ sudo bridge fdb show br private
4c:d9:8f:af:4d:03 dev eno1 master private 
b0:26:28:dc:10:70 dev eno1 master private 
33:33:ff:48:00:51 dev private self permanent
33:33:ff:6d:a9:70 dev private self permanent
aa:00:00:21:66:df dev tap0 master private 
fe:d9:bb:17:47:9c dev tap0 vlan 1 master private permanent
fe:d9:bb:17:47:9c dev tap0 master private permanent
33:33:00:00:00:01 dev tap0 self permanent
01:00:5e:00:00:01 dev tap0 self permanent

Display MAC addresses learnt on a given bridge port

bridge fdb show br <bridge_name> dev <member_interface>

me@server:~$ sudo bridge fdb show br private dev tap1
aa:00:00:85:fe:67 master private 
fe:11:ca:71:89:1e vlan 1 master private permanent
fe:11:ca:71:89:1e master private permanent
33:33:00:00:00:01 self permanent
01:00:5e:00:00:01 self permanent
33:33:ff:71:89:1e self permanent
01:80:c2:00:00:0e self permanent
01:80:c2:00:00:03 self permanent
01:80:c2:00:00:00 self permanent

Create a new bridge device

ip link add name <bridge_name> type bridge

Add a network device to the bridge

ip link set dev <interface_to_add> master <bridge_name>

Create new vlan-aware bridge device with stats on

ip link add br0 type bridge vlan_filtering 1 vlan_protocol 802.1Q vlan_stats_enabled 1 vlan_stats_per_port 1

Add tagged vlan to allowed list on member port of vlan-aware bridge:

bridge vlan add dev eth0 vid 100

Add vlan range to allowed list on member port of vlan-aware bridge:

bridge vlan add dev eth0 vid 100-200

Delete Vlan(s) from a member port of vlan-aware bridge:

bridge vlan del vid 100-200 dev eth0

Show mac-address table for specific Vlan on vlan-aware bridge:

bridge fdb show br <bridge_name> vlan <vlan_id>

root@debiantest:~# bridge fdb show br br0 vlan 1117
aa:c1:ab:48:e1:5c dev ae1 vlan 1117 master br0
aa:c1:ab:72:30:e8 dev ae1 vlan 1117 master br0 permanent
aa:c1:ab:75:f5:f6 dev ae2 vlan 1117 master br0
aa:c1:ab:f2:fb:6f dev ae2 vlan 1117 master br0 permanent```

Show per-port stats for a given vlan on a specific bridge:

bridge -s vlan show br <bridge_name> vid <vlan_id> dev <member_port>

root@debiantest:~# bridge -s vlan show br br0 vid 1117 dev ae1
port              vlan-id
ae1               1117
                    RX: 4900 bytes 61 packets
                    TX: 5384 bytes 65 packets

Linux Bridge Command Examples

Show bridges configured on the system

Show interfaces that are part of a given bridge

Display MAC address / forwarding table for a given bridge

Display MAC addresses learnt on a given bridge port

Create a new bridge device

Add a network device to the bridge

Create new vlan-aware bridge device with stats on

Add tagged vlan to allowed list on member port of vlan-aware bridge:

Add vlan range to allowed list on member port of vlan-aware bridge:

Delete Vlan(s) from a member port of vlan-aware bridge:

Show mac-address table for specific Vlan on vlan-aware bridge:

Show per-port stats for a given vlan on a specific bridge:

More from techtrips
All posts

Linux Bridge Command Examples

IPtables RAW vs FILTER

Linux Bridge Command Examples

Show bridges configured on the system

Show interfaces that are part of a given bridge

Display MAC address / forwarding table for a given bridge

Display MAC addresses learnt on a given bridge port

Create a new bridge device

Add a network device to the bridge

Create new vlan-aware bridge device with stats on

Add tagged vlan to allowed list on member port of vlan-aware bridge:

Add vlan range to allowed list on member port of vlan-aware bridge:

Delete Vlan(s) from a member port of vlan-aware bridge:

Show mac-address table for specific Vlan on vlan-aware bridge:

Show per-port stats for a given vlan on a specific bridge:

More from techtripsAll posts

Linux Bridge Command Examples

IPtables RAW vs FILTER

More from techtrips
All posts