Difference between revisions of "OpenWRT: VLAN"

From OnnoWiki
Jump to navigation Jump to search
(New page: Sumber: https://www.lanis.nl/twiki/bin/view/Main/CreatingVLANsInOpenWRT Creating and using VLANs in OpenWRT Backfire Introduction I have been struggling to create VLANs in OpenWRT Back...)
 
 
(One intermediate revision by the same user not shown)
Line 52: Line 52:
 
         option 'ports' '0* 1 2 3 4'
 
         option 'ports' '0* 1 2 3 4'
  
A picture will help explain this setup: rspro-switch.png
+
A picture will help explain this setup:  
 +
 
 +
[[Image:Rspro-switch.png|center|200px|thumb]]
 +
 
  
 
This is a simplified schematic of the inner workings of the RS Pro. As you can see eth0 connects to the internal switch. As far as I can tell the WAN port is not connected to the internal switch, but to a separate interface, eth1. Port 0 of the switch is connected to eth0. Port 1 of the switch is not connected and cannot be used. Ports 2 through 4 are connected to the LAN ports.
 
This is a simplified schematic of the inner workings of the RS Pro. As you can see eth0 connects to the internal switch. As far as I can tell the WAN port is not connected to the internal switch, but to a separate interface, eth1. Port 0 of the switch is connected to eth0. Port 1 of the switch is not connected and cannot be used. Ports 2 through 4 are connected to the LAN ports.
Line 106: Line 109:
 
The interface name (dmz in this case) can be used with the config_get utility, to dynamically determine the interface, for example:
 
The interface name (dmz in this case) can be used with the config_get utility, to dynamically determine the interface, for example:
  
config_get DMZ dmz ifname
+
config_get DMZ dmz ifname
  
 
Adding this line to a script will set the variable $DMZ to the interfacename of the dmz interface, eth1.2 in our setup.
 
Adding this line to a script will set the variable $DMZ to the interfacename of the dmz interface, eth1.2 in our setup.
Line 166: Line 169:
  
 
* https://www.lanis.nl/twiki/bin/view/Main/CreatingVLANsInOpenWRT
 
* https://www.lanis.nl/twiki/bin/view/Main/CreatingVLANsInOpenWRT
 +
 +
==Pranala Menarik==
 +
 +
* [[OpenWRT]]
 +
* [[OpenWRT: Download Firmware yang sudah jadi]]
 +
* [[OpenWRT: Source Repository Download]]
 +
* [[OpenWRT: Melihat Daftar Package]]
 +
* [[OpenWRT: Mengembalikan setting default Config.in]]
 +
 +
===Build Firmware===
 +
 +
* [[OpenWRT: Build Firmware]]
 +
* [[OpenWRT: Build Firmware Download Source Pendukung]]
 +
* [[OpenWRT: Build Firmware Buffalo WZRHPG450H]]
 +
* [[OpenWRT: Build Firmware Buffalo WZRHPG300N]]
 +
* [[OpenWRT: Build Firmware Buffalo WZRHPG300NH2]]
 +
* [[Buffalo]]
 +
* [[Buffalo: WZRHPG450H Cara Recovery]]
 +
* [[Buffalo: WZRHPG450H OpenWRT mengaktifkan setelah di flash]]
 +
* '''[[Buffalo: WZRHPG450H Membuat Firmware OpenWRT Sendiri]]''' '''RECOMMENDED'''
 +
* [[Buffalo: WZRHPG450H OpenWRT instalasi aplikasi Pendukung OLSRD]]
 +
* [[OpenWRT: Build Firmware Ubiquiti NanoStation2]] '''RECOMMENDED'''
 +
* [[OpenWRT: Build Firmware Ubiquiti NanoStationM2]] '''RECOMMENDED'''
 +
* [[OpenWRT: Build Firmware Mikrotik RB433]]
 +
* [[OpenWRT: Build Firmware Linksys WRT160NL]]
 +
* [[OpenWRT: Build Firmware Linksys WRT54GL]]
 +
 +
===APRX===
 +
 +
 +
* [[OpenWRT: Build Firmware Buffalo WZRHPG300NH2 untuk APRX]]
 +
* [[OpenWRT: Setup APRX]]
 +
 +
===IPv6===
 +
 +
* [[OpenWRT: IPv6]]
 +
* [[OpenWRT IPv6: Build Firmware Linksys WRT160NL]]
 +
* [[OpenWRT IPv6: Build Firmware Linksys WRT160NL Tanpa WebGUI]]
 +
* [[OpenWRT IPv6: Build Firmware Buffalo WZRHPG450H]]
 +
* [[OpenWRT IPv6: Build Firmware Buffalo WZRHPG300NH2]]
 +
* [[OpenWRT IPv6: Setup tunnel ke tunnelbroker]]
 +
* [[OpenWRT IPv6: Konfigurasi]]
 +
* [[OpenWRT IPv6: Konfigurasi WAN6 dengan radvd]]
 +
 +
===Flash Firmware===
 +
 +
* [[OpenWRT: Flash Linksys WRT54GL]]
 +
* [[OpenWRT: Flash Linksys WRT160NL]]
 +
* [[OpenWRT: Flash Buffalo WZRHP450H]] '''RECOMMENDED'''
 +
* [[OpenWRT: Flash Buffalo WZRHP300N]]
 +
* [[OpenWRT: Flash UBNT NanoStation2]] '''RECOMMENDED'''
 +
* [[OpenWRT: Flash UBNT NanoStation M2]] '''RECOMMENDED'''
 +
* [[OpenWRT: Flash UBNT NanoStation Loco M2]]
 +
* [[OpenWRT: Flash UBNT Bullet M2]] '''RECOMMENDED'''
 +
* [[OpenWRT: Flash Mikrotik RB433]] '''RECOMMENDED'''
 +
* [[OpenWRT: Flash Mikrotik RB450]]
 +
 +
===Misc===
 +
 +
* [[OpenWRT: CLI]]
 +
* [[OpenWRT: Setup WiFi]]
 +
* [[OpenWRT: Setup PPTP VPN Server]]
 +
* [[OpenWRT: Setup OLSR di UBNT via CLI]] '''RECOMMENDED'''
 +
* [[OpenWRT: Mikrotik RB433]] '''RECOMMENDED'''
 +
* [[OpenWRT: Setup OLSR Sederhana]]
 +
* [[OpenWRT: Setup OLSR via Web]] '''RECOMMENDED'''
 +
* [[OLSR - di OpenWRT]]
 +
* [[OpenWRT: 3G modem]]
 +
* [[OpenWRT: Build Firmware dengan 3G Modem Support]]
 +
* [[OpenWRT: Setup Firewall]]
 +
* [[OpenWRT: Konfigurasi UBNT NanoStation2 tanpa WebGUI]]
 +
* [[OpenWRT: OLSR nameservice plugin]]
 +
* [[OpenWRT: VLAN]]
 +
 +
===UBNT===
 +
 +
* [[UBNT]]
 +
* [[UBNT: Teknik Recovery]]
 +
* [[UBNT: Upload Firmware]]
 +
* [[UBNT: Rebuild Firmware]]
 +
* [[UBNT: firmware dengan OLSR]]25
 +
* [[UBNT: openwrt]]
 +
* [[UBNT: olsr dengan openwrt]]
 +
* [[UBNT: olsr dengan kamikaze openwrt]]
 +
* [[UBNT: olsr dengan backfire openwrt]]
 +
* [[UBNT: UniFi]]
 +
* [[UBNT: UniFi Konfigurasi Awal]]
 +
* [[UBNT: UniFi Manajemen HotSpot]]
 +
* [[UBNT: OLSR Pembuatan Firmware]]
 +
* [[UBNT: OLSR Konfigurasi]]
 +
* [[OLSR - di UBNT]]
 +
* [[OLSR - di Ubuntu]]
 +
* [[OpenWRT]]
 +
* [[OLSR: NAT di UBNT dengan OLSR]]

Latest revision as of 05:52, 27 February 2014

Sumber: https://www.lanis.nl/twiki/bin/view/Main/CreatingVLANsInOpenWRT


Creating and using VLANs in OpenWRT Backfire

Introduction

I have been struggling to create VLANs in OpenWRT Backfire (10.3) and couldn't really find the information I needed on the web. So I decided to write a brief summary of steps you need to take to set it up properly.

I personally own a Ubiquiti RouterStation Pro (I can recommend buying one, see http://www.ubnt.com/rspro), so this guide is written with a RouterStation Pro in mind. It might work on other hardware as well.

Configuration

The file you need to change to setup the VLANs for you is /etc/config/network. The default file looks something like this:

config interface loopback
        option ifname   lo
        option proto    static
        option ipaddr   127.0.0.1
        option netmask  255.0.0.0

config interface lan
        option ifname   eth1
        option type     bridge
        option proto    static
        option ipaddr   192.168.1.1
        option netmask  255.255.255.0

config interface wan
        option ifname   eth0
        option proto    dhcp

config switch
        option name     eth1
        option reset    1
        option enable_vlan 1

config switch_vlan
        option device   eth1
        option vlan     1
        option ports    "0 1 2 3 4"

The internal switch is configured to use only 1 VLAN (vlan 1) on all ports (0 through 4). None of the ports on the switch is tagged, since there is no * or t after any of the ports in the switch_vlan configuration.

Tagging the internal interface

The first thing we need to do is activate tagging on the internal network port, connected to the CPU, port 0. Change the switch_vlan section to read:

config 'switch_vlan'
        option 'device' 'eth1'
        option 'vlan' '1'
        option 'ports' '0* 1 2 3 4'

A picture will help explain this setup:

Rspro-switch.png


This is a simplified schematic of the inner workings of the RS Pro. As you can see eth0 connects to the internal switch. As far as I can tell the WAN port is not connected to the internal switch, but to a separate interface, eth1. Port 0 of the switch is connected to eth0. Port 1 of the switch is not connected and cannot be used. Ports 2 through 4 are connected to the LAN ports.

To be able to use separate VLANs, the switch needs to know which VLAN each port is on. This is accomplished by adding some extra information to each network packet leaving the CPU, the VLAN tag. The VLAN tag specifies which VLAN a packet belongs to (VLAN ID). Adding a VLAN tag to a network packets is called tagging. Adding a * after switchport 0 in the configuration file enables tagging and sets this port as the default VLAN (if no VLAN tag is present). The switch recognises the VLAN tag and uses the information in it to be able to send the packet to the right interface(s).

When booting with the above configuration, a new interface is created, named eth1.1, This is VLAN 1 on interface eth1. Use this interface in your network configuration:

config interface lan
        option ifname   eth1.1
        option type     bridge
        option proto    static
        option ipaddr   192.168.1.1
        option netmask  255.255.255.0

Creating a new VLAN

To create a new VLAN, we need to add a new section to the network configuration file, for example:

config 'switch_vlan'
        option 'device' 'eth1'
        option 'vlan' '2'
        option 'ports' '0t'

This section adds a new interface to the router, named eth1.2, VLAN 2 on interface eth1. This VLAN is connected to port 0, the CPU, but not to any other ports. You will not be able to access this VLAN yet. You will also notice this VLAN is tagged, as specified by the t after port 0. Using a t instead of a *, enables tagging, but does not set the port to be the default VLAN (which is VLAN 1 in our configuration).

Assigning a VLAN to a port

To be able to access other VLANs we need to move ports from the default VLAN to another VLAN. For example:

config 'switch_vlan'
        option 'device' 'eth1'
        option 'vlan' '1'
        option 'ports' '0* 1 3 4'

config 'switch_vlan'
        option 'device' 'eth1'
        option 'vlan' '2'
        option 'ports' '0t 2'

Port 2 has been removed from the VLAN 1 configuration and added to the VLAN 2 configuration. Since port 2 is not tagged, the switch will remove any VLAN tags before sending out packets to port(s). Since no tagging is done on port 2, you can attach any computer to it and access the network like you normally would, without any regards for VLANs or VLAN tags.

Configuring the new VLAN interface

Having configured port 2 to connect to VLAN 2, we still need to configure an IP address on it. Add the following section to the network configuration file:

config 'interface' 'dmz'
        option 'ifname' 'eth1.2'
        option 'proto' 'static'
        option 'netmask' '255.255.255.0'
        option 'ipaddr' '192.168.2.1'

The interface name (dmz in this case) can be used with the config_get utility, to dynamically determine the interface, for example:

config_get DMZ dmz ifname

Adding this line to a script will set the variable $DMZ to the interfacename of the dmz interface, eth1.2 in our setup.

Configuring a port with multiple, tagged VLANs

I would recommend against using multiple VLANs on 1 machine, because it can become a routing nightmare.

It is also possible to assign more than 1 VLAN to a switch port. This port will need to be tagged and any computer connected to this port will need to be able to handle the VLAN tag. Lets change our setup, so port 2 is connected to VLAN 1 and VLAN 2:

config 'switch_vlan'
        option 'device' 'eth1'
        option 'vlan' '1'
        option 'ports' '0* 1 2t 3 4'

config 'switch_vlan'
        option 'device' 'eth1'
        option 'vlan' '2'
        option 'ports' '0t 2t'

As you can see port 2 is present in both VLAN configurations and is tagged in both places. To connect a Linux machine to this port and be able to access both VLANs, you need to install a packges called vconfig or vlan and set up multiple network configuration files, 1 for each VLAN you want to access. For example:

Gentoo (/etc/conf.d/net)

lans_eth0="1 2"
config_eth0=( "null" )
vconfig_eth0=( "set_name_type VLAN_PLUS_VID_NO_PAD" )
config_vlan1=( "192.168.1.2/24" )
config_vlan2=( "192.168.2.2/24" )

Red Hat ES 5 / CentOS 5 (/etc/sysconfig/network-scripts/ifcfg-vlan2)

VLAN=yes
VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD
DEVICE=vlan2
PHYSDEV=eth0
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
IPADDR=192.168.2.2
NETMASK=255.255.255.0

Debian / Ububtu (/etc/network/interfaces)

auto vlan2

iface vlan2 inet static
address 192.168.2.2
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
mtu 1500
vlan_raw_device eth0



Referensi

Pranala Menarik

Build Firmware

APRX

IPv6

Flash Firmware

Misc

UBNT