Bridge Port VLAN Membership (brvlan)

This example configures a bridge with VLAN filtering enabled and per-port VLAN membership:

enable VLAN filtering on the bridge
configure two physical ports with different VLAN admission modes
port enp0s20f0u8u2: tagged only (drops untagged)
port enp0s20f0u7u2: untagged VLAN 1 + tagged VLAN 200

ifstate.yamlCLI

interfaces:
  br0:
    link:
      kind: bridge
      br_vlan_filtering: true
      br_vlan_default_pvid: 0
      state: up

  enp0s20f0u8u2:
    link:
      master: br0
      kind: physical
      state: up
    brvlan:
      - vid: 100
      - vid: 200

  enp0s20f0u7u2:
    link:
      master: br0
      kind: physical
      state: up
    brvlan:
      - vid: 1
        pvid: true
        untagged: true
      - vid: 200

# enable VLAN filtering on bridge
ip link add name br0 type bridge vlan_filtering 1 vlan_default_pvid 0
ip link set dev br0 up

# enp0s20f0u8u2: admit only tagged VLANs 100, 200
ip link set dev enp0s20f0u8u2 master br0 up
bridge vlan add dev enp0s20f0u8u2 vid 100
bridge vlan add dev enp0s20f0u8u2 vid 200

# enp0s20f0u7u2: admit untagged (VLAN 1) + tagged VLAN 200
ip link set dev enp0s20f0u7u2 master br0 up
bridge vlan add dev enp0s20f0u7u2 vid 1 pvid untagged
bridge vlan add dev enp0s20f0u7u2 vid 200