How to use 02_network generate vlan0?

cppcoffee · December 4, 2023, 7:32am

The OpenWrt configuration file /etc/board.d/02_network generates the /etc/config/network.

My 02_network configuration file has the following contents:

# cat /etc/board.d/02_network
ramips_setup_interfaces()
{
        local board="$1"

        case $board in
        strong-4g)
                ucidef_add_switch "switch0" \
                        "1:lan:3" "2:lan:2" "3:lan:5" "4:lan:1" "0:wan:4" "6@eth0"
                ;;
        .....
}

The contents of the generated /etc/config/network are as follows:

# cat /etc/config/network
...
config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 6t'

I want option vlan to generated to 0, the expectations are as follows:

# cat /etc/config/network
config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '0'        # generate vlan 0, the previous value was 1
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '1'        # generate vlan 1， the previous value was 2
        option ports '0 6t'

The desired effect is: LAN does not set vlan, WAN sets vlan

How should it be modified to generate the expected values?

flygarn12 · December 4, 2023, 7:58am

To begin with, Vlan0 is not a allowed vlan number. It can only be between 1-4096.

I don’t think what you want to do is generated in the network file, the network file only link device ports to program connections that is defined in the above code that call the network file somewhere.

You could use uci-defaults.

cppcoffee · December 4, 2023, 8:16am

HI @flygarn12 ,Thank you for your reply.

I want to disable VLAN on LANx port, is there any other way?

flygarn12 · December 4, 2023, 8:30am

You can’t disable vlan as a function, the easiest way is to remove the port from the port list for that vlan, than it becomes pretty unusable.

cppcoffee · December 4, 2023, 8:41am

I want to change it to vlan0 because vlan0 means not use VLAN tag.

Or is there any way to vlan untag?

cppcoffee · December 4, 2023, 8:50am

Like this vlan1 and vlan0:

Image from: https://openwrt.org/docs/guide-user/network/vlan/switch

vlan0 is the default vlan, meaning if a packet is untagged, it will be treated a vlan0 packet

Description from: https://openwrt.org/docs/guide-user/network/vlan/switch#assumptions

The expected effect is as shown above, with LANs all untagged, i.e. vlan0.

cppcoffee · December 4, 2023, 9:53am

There is no good way to do this but to modify /bin/config_generate.

cppcoffee · December 4, 2023, 10:51am

Or can I use vlan1 without the vlan tag?

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6'     # no config vlan tag, just use '6'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 6t'          # default use vlan tag '6t'

cppcoffee · December 4, 2023, 11:22am

How use ucidef_add_switch function to generate option ports '1 2 3 4 6'?

lleachii · December 4, 2023, 11:35am

This is not done in practice. The most simple reason is: how does a switch react to a VLAN tag of: 0 or otherwise - if it doesn't handle VLAN tags?

Yes:

If you don't want to use a tag, configure whatever interface on the underlying PHY. This is common for most Ethernet-based interfaces. From your picture, that's eth0.

I'm not sure this will offer what you desire, given you also configure the switch and make it VLAN-aware.*

This would be a specific tag. It's not clear how the WAN sets the VLAN if the device is not configured. What protocol will be initially sending Ethernet frames, etc. to establish it?

Lastly there's the ability to QinQ (i.e. carry another VLAN tag over a VLAN), renumbering (and tagging) of VLANs, etc.

*- I'm not saying you should unconfigure the switch, as it's not clear.

andyboeh · December 4, 2023, 12:02pm

Why would you want to do that, i.e. what is your use-case? Maybe it's then clear what your goal is...
From the perspective of the connected devices, all ports are untagged. From the perspective of OpenWrt, you need the tags to be able to separate LAN and WAN traffic. While you can have tagged and untagged traffic on the same port (that would be your CPU port), AFAIK it's not recommended.

cppcoffee · December 5, 2023, 3:04am

I encountered a problem with vlan, I used the OpenWrt gateway to connect a PLC device to the LAN network port, the PLC device uses PROFINET protocol-DCP. the OpenWrt gateway broadcasts can be sent to the device, but the OpenWrt gateway could not receive the PLC device's broadcast response packets.

The PROFINET protocol-DCP use Layer 2 network broadcasts.

If use vlan0 for all LANs, the PLC device's broadcasts will respond normally.

lleachii · December 5, 2023, 9:26am

I'm curious, how have you tested this?

As noted, this is how you usually configure "VLAN 0" in a VLAN unaware environment (* - see note below):

Have you tested binding whatever software to this interface?
If your deice is now DSA, you may try upgrading, as you can use ports on a hardware switch as interfaces

Given your picture is an example and that the Wiki it was copied from is outdated, what device is this?

I also want to note something you missed (I did as well):

screen640

This VLAN is a member of a bridge. So in this example, "LAN" appears to be br0. WAN is VLAN 1. This would seem like you want some kind of QinQ.

Nonetheless - we need to know the device in your real use case.

Lastly, this sadly is a poor example to place on the general switch Wiki page. This device is from circa 2004 - the device is approximately 20 years old as of now. On OpenWrt, it was then, and even today, poorly supported. Adding to this point, most other devices use:

VLAN 1 (or br-lan and eth0 on a non-switch) - LAN
VLAN 2 (eth1, etc.) - WAN

Basically - I can find no reference proving the accuracy of the screenshot you posted - circa 2023.

cppcoffee · December 5, 2023, 10:04am

I used board CPU is MT7628, It does not yet support DSA.

Here's how I tested it:

Prepare an openwrt gateway, it has 4 LAN ports, then prepare a Siemens S7 PLC device and Windows PC, connect the Siemens S7 PLC device and Windows PC to the LAN ports of the openwrt gateway. then run the Siemens S7 PLC program on the PC for scanning devices, and no PLC device is scanned.

Then I changed the /etc/config/network file as follow:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option default_ps '0'
        option ula_prefix 'fd1d:2a95:8108::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.0'		# The previous value was 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device 'lan_dev'
        option name 'eth0.0'		# The previous value was 'eth0.1'
        option macaddr 'd2:b1:94:03:f1:34'

config interface 'wan'
        option ifname 'eth0.1'		# the previous value was 'eth0.2'
        option proto 'dhcp'
        option metric '1'

config device 'wan_dev'
        option name 'eth0.1'		# The previous value was 'eth0.2'
        option macaddr 'd2:b1:94:03:f1:35'

config interface 'wan6'
        option ifname 'eth0.1'		# The previous value was 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '0'				# The previous value was '1'
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '1'				# The previous value was '2'
        option ports '0 6t'

And finally, reboot the network:

# /etc/init.d/network restart

The Siemens S7 PLC program of a windows PC can scan for PLC devices.

I'll capture the packets and analyze them further.

Is ucidef_add_switch function possible to configure it without a vlan? link this :

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6'		# just 6 without the t

flygarn12 · December 5, 2023, 11:39am

The thing is that the S7 can’t know what internal vlan you have in the router as long as the ports aren’t tagged.

So then comes the question, does the S7 have it’s own dhcp server or or router or some static IP setting since it is searching the network or did it even have a IP address in the router with vlan1?

Vlan0 is by standard a reserved vlan so it is forbidden to use, in practical terms you have turned of the control of the switch with vlan0 and all packages goes everywhere and therefor you see the effect as ”it works”.

What you want is probably a simple switch without routing capabilities, dhcp server or firewall connected to the S7.

system · February 1, 2024, 10:34am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.