Creating a Bridge with a Span Port on OpenBSD 5.6

Since OpenBSD moved the bridge commands into ifconfig(8) I hadn’t been able to find quick info on creating a bridge(4). Presuming you’ve got some em(4) interfaces (for naming purposes) here’s all you need to do:

ifconfig em0 up
ifconfig em1 up
ifconfig em2 up
ifconfig bridge0 create
ifconfig bridge0 add em0
ifconfig bridge0 add em1
ifconfig bridge0 addspan em2
ifconfig bridge0 up

This will result in em0 and em1 bridged together, and a copy of all frames that it sees going out to em2 for monitoring.

After this, if you want it to come up every time you boot the machine, do this:

Create three files, /etc/hostname.em0, /etc/hostname.em1, and /etc/hostname.em2 all containing the single line:

up

Create one file, /etc/hostname.bridge0, containing the following lines:

add em0
add em1
addspan em2
up

Reboot the computer and netstart(8) will use these files to create the bridge for you.

One very important point to note if using this to troubleshoot 802.1x: this sort of bridge cannot be used to troubleshoot 802.1x because it does not pass LLDP frames, nor does it drop/raise the link, which switches commonly use as a trigger for initiating client authentication. For situations like this a tap such as the NetOptics TP-CU3 is much more useful.

Leave a comment