[Cerowrt-devel] breaking off a port off the vlan correctly?

[Cerowrt-devel] breaking off a port off the vlan correctly?

[Dave Taht]

One of the things I've long ignored, despite the popularity of it, is
vlan stuff.

I care, like everything else, it's just not currently a high priority
for me to deal with high rate vlan traffic.

But: I just had a need to connect two entirely separate networks
together. Being me I just slammed a routed dreamplug between the two
lans (which just worked five minutes after I compiled babeld and
turned off getting default gateways from dhcp), but it seems saner to
just remap one of the ports on a wndr3800 to be its own ethernet
device (and keep hacking BQL onto the dreamplug, which is what I have
it for)

current config:

default gw box <-> cerowrt <-> dreamplug <-> other network

desired config:

default gw box <-> cerowrt <-> dedicated port <-> other network

However, in trying to do that, several ways, I made bricks.

Wrong way #1: turn on vlan support, create an untagged vlan #2 on port
#3 from the switch, disable port #3 from vlan 1, create an interface
for it (I did all this via the gui), rebooted...

The box stopped serving dhcp entirely. IPv4 stopped too. I did see
ipv6 traffic...

Left off vlan support, never saw any traffic on the broken out port,
dhcp stopped working on ethernet entirely but stayed up on wifi... I
tried various combinations of using se00.1 and se00.2 to similar
non-effect...

Sigh. In reading up on this on openwrt's web site I'm even more
confused than i was before.

I seem to recall that other parties have tried this and went through
hell, too...

Anybody got this to work?

Secondly: My assumption is that you run fq_codel on the underlying
interface, not the vlan, am I correct in this?




-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] breaking off a port off the vlan correctly?

[William Katsak]

Dave,

I didn't get really far into this, but I recently did the following with 
Sugarland:

DSL Modem -> Cero router -> Trunk two VLANS through port 1 -> Managed 
switch.

On the managed switch, I made some of the ports part of VLAN 100, and 
others part of VLAN 200.

VLAN 100 lets a Windows server do DHCP/DNS, and VLAN 200 lets dnsmasq do 
it (its like a "guest" network).

I can route between the networks with no issues, and set firewall rules 
as I wish. I did this by splitting the LAN port into two VLANs in the 
GUI, setting rules for DHCP, etc. accordingly, and then passing both 
VLANS tagged through port 1 on the switch.

This is a little different than what you propose, but should work 
exactly the same if you were to break the VLANs onto two individual 
ports of the switch. Is there some fundamental difference that I am missing?

-Bill Katsak



On 01/03/2013 03:31 PM, Dave Taht wrote:
> One of the things I've long ignored, despite the popularity of it, is
> vlan stuff.
>
> I care, like everything else, it's just not currently a high priority
> for me to deal with high rate vlan traffic.
>
> But: I just had a need to connect two entirely separate networks
> together. Being me I just slammed a routed dreamplug between the two
> lans (which just worked five minutes after I compiled babeld and
> turned off getting default gateways from dhcp), but it seems saner to
> just remap one of the ports on a wndr3800 to be its own ethernet
> device (and keep hacking BQL onto the dreamplug, which is what I have
> it for)
>
> current config:
>
> default gw box<->  cerowrt<->  dreamplug<->  other network
>
> desired config:
>
> default gw box<->  cerowrt<->  dedicated port<->  other network
>
> However, in trying to do that, several ways, I made bricks.
>
> Wrong way #1: turn on vlan support, create an untagged vlan #2 on port
> #3 from the switch, disable port #3 from vlan 1, create an interface
> for it (I did all this via the gui), rebooted...
>
> The box stopped serving dhcp entirely. IPv4 stopped too. I did see
> ipv6 traffic...
>
> Left off vlan support, never saw any traffic on the broken out port,
> dhcp stopped working on ethernet entirely but stayed up on wifi... I
> tried various combinations of using se00.1 and se00.2 to similar
> non-effect...
>
> Sigh. In reading up on this on openwrt's web site I'm even more
> confused than i was before.
>
> I seem to recall that other parties have tried this and went through
> hell, too...
>
> Anybody got this to work?
>
> Secondly: My assumption is that you run fq_codel on the underlying
> interface, not the vlan, am I correct in this?
>
>
>
>

Re: [Cerowrt-devel] breaking off a port off the vlan correctly?

[Michael Richardson]

>>>>> "Dave" == Dave Taht <dave.taht@gmail.com> writes:
    Dave> One of the things I've long ignored, despite the popularity of it, is
    Dave> vlan stuff.

    Dave> I care, like everything else, it's just not currently a high priority
    Dave> for me to deal with high rate vlan traffic.

    Dave> But: I just had a need to connect two entirely separate networks
    Dave> together. Being me I just slammed a routed dreamplug between the two
    Dave> lans (which just worked five minutes after I compiled babeld and
    Dave> turned off getting default gateways from dhcp), but it seems saner to
    Dave> just remap one of the ports on a wndr3800 to be its own ethernet
    Dave> device (and keep hacking BQL onto the dreamplug, which is what I have
    Dave> it for)

sorry, do you want to route between two VLAN tags on a single wire,
or do you want to route between two untagged ports on a WNDR3800 ?

Of course, physical ports on the WNDR3800 can be tagged into the CPU, in
theory, but I didn't get it working.

    Dave> default gw box <-> cerowrt <-> dedicated port <-> other network

    Dave> However, in trying to do that, several ways, I made bricks.

    Dave> Wrong way #1: turn on vlan support, create an untagged vlan #2 on port
    Dave> #3 from the switch, disable port #3 from vlan 1, create an interface
    Dave> for it (I did all this via the gui), rebooted...

so, you used the vlan port stuff.

    Dave> Secondly: My assumption is that you run fq_codel on the underlying
    Dave> interface, not the vlan, am I correct in this?

I don't know.

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition. 

Re: [Cerowrt-devel] breaking off a port off the vlan correctly?

[David Lang]

On Thu, 3 Jan 2013, Dave Taht wrote:

> One of the things I've long ignored, despite the popularity of it, is
> vlan stuff.
>
> I care, like everything else, it's just not currently a high priority
> for me to deal with high rate vlan traffic.
>
> But: I just had a need to connect two entirely separate networks
> together. Being me I just slammed a routed dreamplug between the two
> lans (which just worked five minutes after I compiled babeld and
> turned off getting default gateways from dhcp), but it seems saner to
> just remap one of the ports on a wndr3800 to be its own ethernet
> device (and keep hacking BQL onto the dreamplug, which is what I have
> it for)
>
> current config:
>
> default gw box <-> cerowrt <-> dreamplug <-> other network
>
> desired config:
>
> default gw box <-> cerowrt <-> dedicated port <-> other network
>
> However, in trying to do that, several ways, I made bricks.

I've used VLANs a bit on my 3700 and 3800 routers.

First thing is that the switch in these routers needs special handling to deal 
with VLAN numbers >15, Depending on your build you may or may not have that 
support compiled in.

To do this, you will want to have the eth0 interface configured to use VLANs, in 
the default openwrt this is already the case with eth0.1 being defined.

define a new interface (eth0.2 for example)

Then configure the switch to put VLAN 2 on a particular port.

Unless you have a managed switch connected to that port, you want it to be 
untagged on that port

As an example, here is the config of the 3800 I'm using right now

remember that the logical number of the switch ports is backwards from the 
physical number (I like to use ports 1/4 on one vlan and 2/3 on a different one 
so that I don't have to keep track)

Let me know if you need more help on this.

David Lang

/etc/config/networks

config interface 'loopback'
         option ifname 'lo'
         option proto 'static'
         option ipaddr '127.0.0.1'
         option netmask '255.0.0.0'

config interface 'lan'
         option type 'bridge'
         option proto 'static'
         option ipaddr '192.168.255.1'
         option netmask '255.255.255.0'
         option _orig_ifname 'wlan0 wlan1'
         option _orig_bridge 'true'
         option ifname 'eth0.1'

config switch
         option name 'rtl8366s'
         option reset '1'
         option blinkrate '2'
         option enable_vlan '1'
         option enable_vlan4k '1'

config switch_vlan
         option device 'rtl8366s'
         option vlan '1'
         option ports '0 2 3 5t'

config switch_port
         option device 'rtl8366s'
         option port '1'
         option led '6'

config switch_port
         option device 'rtl8366s'
         option port '2'
         option led '9'

config switch_port
         option device 'rtl8366s'
         option port '5'
         option led '2'

config interface 'wan'
         option proto 'dhcp'
         option ifname 'eth1'

config interface 'wwan'
         option proto 'dhcp'

config switch_vlan
         option device 'rtl8366s'
         option vlan '2'
         option ports '1 5t'

config interface 'lan2'
         option proto 'static'
         option ifname 'eth0.2'
         option ipaddr '192.168.254.1'
         option netmask '255.255.255.0'