ALIX 2D13 - No Switch for VLAN

My understanding of VLANs is thin. My ALIX 2d13 does not have a switch, but has 3 Ethernet ports. One is WAN and the other 2 are bridged for LAN. I'm looking at IoT devices, and it's been suggested to put them on a seperate VLAN, which I do not think I can do.

Is moving one Ethernet port to another interface "IoT" a valid approach for this hardware?

If so would this be correct
Current

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.111.1'
	option _orig_ifname 'eth0'
	option _orig_bridge 'true'
	option ifname 'eth0 eth2 tap0'

ToBe

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.111.1'
	option ifname 'eth0 tap0'

config interface 'IoT'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.222.1'
	option ifname 'eth2'

I assume I will need additional firewall rules from IoT to WAN and visa versa and a new "IoT" section in the dhcp file. Is that it?

Yes, you need to add a new firewall zone, a new firewall forward entry as the LAN to WAN and duplicate needed firewall rules too, and add the dhcp section too.

1 Like

Thanks for you validation,

My configuration is:

config interface 'lan1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option _orig_ifname 'eth0'
option _orig_bridge 'true'
option ifname 'eth0'

config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'

config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'

config interface 'lan2'
option type 'bridge' option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
option _orig_ifname 'eth2'
option _orig_bridge 'true'
option ifname 'eth2'

Then I added lan1 and lan2 to the lan firewall zone.

The problem is that I am not completely sure how eth0, eth1 and eth2 are assigned physically on boot. After rebooting, eth0, eth1 and eth2 are at the same "place" but I am not sure how it done internally.

Other issues:

  1. I don't know how to set up ALIX 2D13 LEDs. In OpenWRT and Debian, there used to be a kmod-leds-alix package for ALIX2D13.
  2. Hardware acceleration is not available for OpenSSL:

opkg install kmod-crypto-core kmod-crypto-aes kmod-crypto-hw-geode kmod-crypto-ocf
Unknown package 'kmod-crypto-core'.
Unknown package 'kmod-crypto-aes'.
Package kmod-crypto-hw-geode (4.4.71-1) installed in root is up to date.
Unknown package 'kmod-crypto-ocf'.
Collected errors:

  • opkg_install_cmd: Cannot install package kmod-crypto-core.
  • opkg_install_cmd: Cannot install package kmod-crypto-aes.
  • opkg_install_cmd: Cannot install package kmod-crypto-ocf.

This chip supports a temperature sensor:

opkg install kmod-hwmon-lm90 i2c-tools

vim /etc/sysconfig/lm_sensors
BUS_MODULES="scx200_acb"
HWMON_MODULES="lm90"

Then run "sensors" to display temperature:
sensors
lm86-i2c-0-4c
Adapter: CS5535 ACB0
temp1: +41.0°C (low = +0.0°C, high = +70.0°C)
(crit = +85.0°C, hyst = +75.0°C)
temp2: +46.0°C (low = +0.0°C, high = +70.0°C)
(crit = +85.0°C, hyst = +75.0°C)

Removing xxxxxx

Sorry all required packages are already bundled in LEDE.

I have not yet tried this on my router so can not help. Please let me know if you get it working.

While I know the geode image contained the crypto drivers I am not sure they are actually working.
I assume you have seen this page: https://wiki.openwrt.org/toh/pcengines/alix

I bought a crypto card at one point, but it required building my own, and I was not that motivated.

Regarding the LEDS, here is the config from my OpenWrt config file (system)

config led
	option name 'LAN'
	option sysfs 'alix:1'
	option default '1'
	option trigger 'netdev'
	option dev 'br-lan'
	option mode 'tx rx'

config led
    	option default '0'
    	option name 'WiFi'
    	option sysfs 'alix:2'
    	option trigger 'none'

config led
	option default '0'
	option name 'Heartbeat'
	option sysfs 'alix:3'
	option trigger 'heartbeat'