From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail2.tohojo.dk (mail2.tohojo.dk [144.76.141.112]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 7D61021F557 for ; Sat, 9 Aug 2014 11:52:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at mail2.tohojo.dk Received: by alrua-desktop.borgediget.toke.dk (Postfix, from userid 1000) id 2B57625BC2; Sat, 9 Aug 2014 20:52:25 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toke.dk; s=201310; t=1407610345; bh=YNDIi3Qh0Cs5wJd2sqOnRieSDkU/WmRKswi2uPEUsTA=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=T5qmQ3GgeSbtLVgX18jA6t7wubLDPh6nyEm1Rh/hLIVDgYFs2hgxBYGxiB/OvwXfM /ammvy7hQUWxFn2xT6whOuhOF/AN+/SSQblDsVbC08ufwvKu8hIKtffOKWeY7YVzW6 hI6LHQzZFdoXR0xYpAAStC04ztOyDMHcx4xbHOG0= From: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= To: William Katsak References: <53BEA813.8000108@gmail.com> <53BEAF05.8000601@gmail.com> <87pphc8cjz.fsf@toke.dk> <3FF07025-9AE2-4A6F-9E7B-A0AC5CAFD290@gmail.com> Date: Sat, 09 Aug 2014 20:52:23 +0200 In-Reply-To: <3FF07025-9AE2-4A6F-9E7B-A0AC5CAFD290@gmail.com> (William Katsak's message of "Wed, 6 Aug 2014 22:14:10 -0400") Message-ID: <87ha1l8pi0.fsf@toke.dk> Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] Upper routing throughput limit X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Aug 2014 18:52:33 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable William Katsak writes: > Somehow I didn=E2=80=99t see this email the last time I posted about this= . I > was wondering too about how to nicely do the VLANs for the wifi. I > wouldn=E2=80=99t mind checking out your config (this will be relevant on = the > Cero wide no matter what I do for the main router). Right, well I just re-did the setup from a vanilla cerowrt image, so here goes: For the secondary access point, I use the wan port as an 'uplink' port that trunks the vlans for each of the wireless networks (and one for the wired as well). Thus, vlan1 is the wired lan, vlan2 is the first 'internal' network (sw00), vlan3 is sw10, vlan4 is gw00 and vlan5 is gw10. For a vanilla cerowrt box, I shut off all daemons apart from dropbear (for ssh access) and the network config. This includes dnsmasq (DHCP is assumed to be on the upstream server). Going through init scripts to `/etc/init.d/foo stop && /etc/init.d/foo disable` until everything is shut off should do it. After that, it's really only a few modifications to /etc/config/network that is needed to achieve this: 1. Get rid of the config for the wan interface completely (the 'config interface ge00' block and the ipv6 equivalent). 2. For the se00 interface, make sure these lines are present: option 'ifname' 'se00 ge00.1' option 'type' 'bridge' replacing any lines with the same option names. The openwrt network setup automatically configures VLANs from the .N syntax. 3. Similarly, for the wireless interfaces change 'type' from 'none' to 'bridge' and add an 'option ifname ge00.N' line, with N being the vlan number as listed above. 4. Configure the IP addresses of each interface to correspond to the upstream router setup. I just add 1 to each IP and configure the DHCP server to start at (GW ip)+2 rather than (GW ip)+1. 5. Plug in the cerowrt lan port to the upstream router, and make sure that has the appropriate 5 VLANs configured with a DHCP server running on each, etc. I've used this setup for replacing the WNDR box with a beefier device for high-speed routing, as well as for adding a second WNDR for extended wifi range (doing that this way rather than meshing allows clients to roam while keeping their IP and DHCP lease, and gets me a single DNS namespace since there's only one dnsmasq instance). Hope this explanation makes sense. :) =2DToke --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJT5m3nAAoJEENeEGz1+utPKdQH/3qxLAcMg5tVKdy1DEM3p+kf qh8rve4CTKP8KbM69Sk8/1DuHOGZIOSI89O9Bf0Yj7j1mSW5sa2mHcdYQtIDbBAJ rCuGknzB4DCrsN+7BJth9xklM63CCYAcPb3dgudyFDRk6JHb8Q70eaMc5CmSMfA5 rehq43hvxFjS4aUQlJIxWBiPhOCGuVZm9Ydff3hSRriCyj305VIgaafbbfGckfMy Kqjrvz6/brL7J43Dk/TEYcHT9/u/h9I4YU8jIUdHSeeXtEfPYcY1cX/2PhkHzn9n opZz85lksQVDTwLG+IIuLvNSfLLIJezsJ6gXX3/VkVm8HwKrIC0pA7owJs8n4HI= =aT1i -----END PGP SIGNATURE----- --=-=-=--