bridge

List all bridges and their interfaces

$ bridge [[l|link]]

$ bridge [[v|vlan]]

$ sudo bridge [[v|vlan]] [[a|add]] dev [lanX] vid [vlan_id] pvid [tagged|untagged]

$ sudo bridge [[v|vlan]] [[d|delete]] dev [lanX] vid [vlan_id]

$ bridge [[mo|monitor]]

$ bridge [[h|help]]

bridge [ OPTIONS ] OBJECT { COMMAND | help }

OBJECT can be: link, fdb, mdb, vlan, monitor

link
    Manages bridge port attributes. Use to set administrative state, path cost, priority, and other properties for individual network interfaces added to a bridge.

fdb
    Manages the Forwarding Database (FDB), also known as the MAC address table. Allows adding, deleting, or showing static or dynamic MAC address entries associated with bridge ports.

mdb
    Manages the Multicast Database (MDB). Used for configuring multicast snooping, which optimizes multicast traffic forwarding by preventing it from being broadcast to all bridge ports.

vlan
    Configures VLAN filtering on bridge ports. Allows specifying which VLANs are allowed on a port, and whether a port operates as an access port or a trunk port for tagged traffic.

monitor
    Provides real-time monitoring of bridge events, such as new MAC addresses being learned or port state changes.

The bridge command is part of the iproute2 utility suite, used for advanced configuration and management of Linux Ethernet bridge devices. A Linux bridge functions like a network switch, connecting multiple network segments (interfaces) into a single logical network. While the bridge device itself is primarily created using ip link add type bridge, the bridge command is essential for configuring its internal workings, such as managing bridge port settings, forwarding database (FDB) entries, multicast database (MDB) entries, and VLAN filtering rules. It provides granular control over how traffic is handled and forwarded across the bridged interfaces.

The bridge command does not create the bridge device itself; that operation is performed using ip link add type bridge.
Most bridge commands require root privileges to execute.
Its syntax can be complex due to the nested nature of objects and commands, requiring familiarity with underlying networking concepts.

A Linux bridge functions as a software-defined Layer 2 switch. It forwards Ethernet frames between its attached interfaces based on MAC addresses. The bridge command allows administrators to precisely control this forwarding behavior (e.g., through static FDB entries), manage multicast efficiency (MDB), and implement VLAN segmentation at the bridge port level, enabling sophisticated network configurations.

It's crucial to understand the distinction between creating a bridge device and configuring its ports. The bridge device itself is created using ip link add name br0 type bridge. Subsequently, network interfaces are added to the bridge using commands like ip link set dev eth0 master br0. Once an interface becomes a bridge port, the bridge command is then used to configure its specific properties within the bridge context, such as its state, VLAN membership, or path cost.

The bridge command is an integral part of the modern iproute2 utility suite, which has largely superseded older network configuration tools like net-tools and, specifically, the brctl command for bridge management. iproute2 offers a more comprehensive, unified, and powerful interface for managing various aspects of Linux networking. The bridge sub-command was developed to provide finer-grained control over bridge device properties and features, integrating bridge management seamlessly into the broader iproute2 framework and leveraging its consistent syntax.

ip(8), ip-link(8), brctl(8)