LinuxCommandLibrary

bridge

Create and manage network bridge devices

TLDR

List all bridges and their interfaces

$ bridge [[l|link]]
copy

Show port vlan information
$ bridge [[v|vlan]]
copy

Assign a VLAN to a port
$ sudo bridge [[v|vlan]] [[a|add]] dev [lanX] vid [vlan_id] pvid [tagged|untagged]
copy

Remove a VLAN from a port
$ sudo bridge [[v|vlan]] [[d|delete]] dev [lanX] vid [vlan_id]
copy

Watch for changes in bridge interfaces
$ bridge [[mo|monitor]]
copy

Display help
$ bridge [[h|help]]
copy

SYNOPSIS

bridge [OPTIONS] OBJECT { COMMAND | help }

PARAMETERS

-V, --version
    Print version and exit.

-s, --statistics
    Output more statistics.

-d, --details
    Show detailed information.

-t, --timestamp
    Print timestamps.

-n, --no-nl-pid
    Disable netlink PID reporting.

-c, --config
    Use config mode (experimental).

-a, --all
    Dump information on all objects.

-f, --force
    Force execution.

-4, --ipv4
    IPv4 addresses only.

-6, --ipv6
    IPv6 addresses only.

-F, --fid-netlink
    Use FID netlink protocol.

-j[key], --json[=key]
    JSON output format.

FILE
    Read from configuration file.

DESCRIPTION

The bridge command from the iproute2 suite configures and queries Ethernet bridge devices in the Linux kernel. It handles bridge ports (links), forwarding database (fdb), multicast database (mdb), VLAN filtering, and monitoring. This tool enables creation of virtual layer-2 switches by bridging interfaces, supporting features like Spanning Tree Protocol (STP) options, MAC learning control, flooding, proxy ARP, multicast handling, VLAN tunneling, port isolation, and backlog queues.

Used in virtualization (e.g., KVM, containers), SDN setups, or multi-homed servers, it communicates via netlink for efficient kernel interaction. Output can be in JSON for automation. It largely replaces the older brctl tool, offering more options and better performance.

Requires kernel bridge module loaded (CONFIG_BRIDGE). Common tasks include adding/removing ports, setting costs/priorities, enabling fast-leave for IGMP/MLD, or dumping FDB entries for debugging.

CAVEATS

Requires root privileges or CAP_NET_ADMIN.
Feature availability depends on kernel config (e.g., CONFIG_BRIDGE_VLAN_FILTERING).
Some options experimental or kernel-version specific.

MAIN OBJECTS

link: port management.
fdb: MAC forwarding DB.
mdb: multicast group DB.
vlan: VLAN filtering.
monitor: all events.

EXAMPLES

bridge link show
bridge fdb show
bridge vlan add dev eth1 vid 100 pvid untagged
bridge link set dev eth0 master br0 cost 100 learning off

HISTORY

Added to iproute2 in version 3.16 (2014) for netlink-based bridge control, evolving from ioctl-based brctl (bridge-utils, 2000s). Fully integrated by iproute2 5.x with VLAN/MDB support matching kernel 4.x+ advancements.

SEE ALSO

ip-link(8), brctl(8), bridge(7), rtnetlink(7)

Copied to clipboard