From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail2.tohojo.dk (mail2.tohojo.dk [77.235.48.147]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 45CFB21F3F8 for ; Sun, 12 Apr 2015 07:29:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at mail2.tohojo.dk Received: by alrua-karlstad.karlstad.toke.dk (Postfix, from userid 1000) id A2FFB30CB31; Sun, 12 Apr 2015 16:29:47 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toke.dk; s=201310; t=1428848988; bh=EBL4XdzKjRfPpP9sQ2o2kuhIQv06sJV3+0PlHWFl3eY=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=s76yLaFpTt1z0v/eRTd8JR1FhR4627rxTCBLfAbXPNrZSFu9ui2k4DYImWItly236 8jnQ/QjyAGayjGelAHlvhvItAtn5GsyY/hx/oFZowotCWq0xqWByr1pz/fAjeRdZSG dhgP7UHUkL18dJOn4yQCdlZ1T/HPZVKEdp9vmUO8= From: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= To: Kevin Darbyshire-Bryant In-Reply-To: (Kevin Darbyshire-Bryant's message of "Sun, 12 Apr 2015 12:40:17 +0000") References: <55295373.507@darbyshire-bryant.me.uk> <876191o8yp.fsf@toke.dk> Date: Sun, 12 Apr 2015 16:29:47 +0200 X-Clacks-Overhead: GNU Terry Pratchett Message-ID: <87zj6dmnc4.fsf@toke.dk> MIME-Version: 1.0 Content-Type: text/plain Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] Routed LANs vs WOL & Windows troubles X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Apr 2015 14:30:28 -0000 Kevin Darbyshire-Bryant writes: > Yes please! Right, well you can do it in two ways - depending on whether you want to use the switch VLAN functionality (this is on the WNDR3800 - no idea what the Archer has). I happen to have one box use the switch VLANs and the other not, so both are included below: This is all in /etc/config/network: On the gateway device, I changed each of the sw* and gw* interfaces so they use the VLANs: config interface sw00 option 'type' 'bridge' option 'ifname' 'se00.2' option 'proto' 'static' The 'bridge' turns the interface into a bridge connected to the 'se00.2' interface. The '.2' means 'use VLAN 2' on that interface, so in this case, use VLAN 2 on the se00 interface. You need to use separate VLANS for each of the interfaces you want to bridge in this way. On this box, I then activate the switch VLAN functionality as follows: config switch option name rtl8366s option reset 1 option enable_vlan 1 option enable_vlan4k 1 # Blinkrate: 0=43ms; 1=84ms; 2=120ms; 3=170ms; 4=340ms; 5=670ms option blinkrate 2 option max_length 3 Note the 'enable_vlan' and 'enable_vlan4k' options - both are needed! Then, modify the existing switch_vlan section: config switch_vlan option device rtl8366s option vlan 1 option ports "0 1 2t 3t 5t" # option ports "0 1 2 3 5t" The commented out option was the original setting. The 't' is for 'tagged', meaning that in this case, ports 0 and 1 are on VLAN 1 untagged (so traffic is considered to be part of VLAN 1, but no tags go out on the wire), while ports 2 and 3 have VLAN tags on them (so the equipment at the other end need to understand them). Port 5 is the internal port that the WNDR itself sees all the traffic on, so should always be tagged. Now, add a section for each additional VLAN that you want to use: config switch_vlan option device rtl8366s option vlan 2 option ports "2t 3t 5t" Here I define VLAN 2 active on ports 2 and 3 with VLAN tags. I have identical sections for VLANs 3, 4 and 5. Finally, I have sections: config switch_port option port 0 option pvid 1 Which basically tells the switch that the default VLAN for port 0 is vlan 1. I have those for ports 0 and 1, but not entirely sure they're absolutely needed. The above config (repeated appropriately for all the wireless interfaces you want this to work for) should get your wireless interfaces setup to be bridged with a VLAN each. No changes are needed in /etc/config/wireless, as long as you keep the 'config interface sw00' part the same. Now, on the secondary AP, I use the WAN port as the VLAN-aware 'uplink' port to the primary gateway, and I don't use the switch VLAN support. So this config is a bit simpler, and may be applicable to your setup if you don't have a hardware switch in your device (or just don't want to use it). So what I do on the secondary AP is just, in /etc/config/network, set up the bridging similar to on the primary AP: config interface sw00 option 'type' 'bridge' option 'ifname' 'ge00.2' (again, repeat for all the sw* and gw* interfaces). Make sure to match the VLAN number with what you had at the other end. Also, I bridge the LAN ports with VLAN1: config interface se00 option 'ifname' 'se00 ge00.1' option 'type' 'bridge' so anything connecting to the other side of the secondary AP will work as though they're just on the LAN. Also, on the secondary AP, I turn off all services (only ntpd, dropbear and hostapd are running), and assign different IPs to the interfaces (just add one to the last octet). The wireless config on the secondary AP is identical to the primary, except I change the wireless channels to minimise interference. If you're using PSKs for encrypted wifi, just use the same key. If you're using WPA enterprise-type setups, just point the secondary AP at the primary in the auth_server directive. Hope the above explanation makes sense; if not, feel free to ask more questions :P -Toke