Hello,
To set a WiFi solution relying on 150 personal VLANs, I'm looking for an elegant way to edit 150 VLANs on OpenWRT-enabled PoE switches (Teltonika TSW202).
I can use a script to edit and copy my /etc/config/network file content.
Is there a better way to do this ?
Regards
no idea what editing means in this case, however ...
It appears you are using firmware that is not from the official OpenWrt project.
When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.
You may find that the best options are:
If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.
Use a UCI script.
My question is about /etc/config/network semantic. Could it be possible to have something like:
config vlan-list 'foobar'
list vlans '100'
list vlans '101'
list vlan-range '201-300' step '1'
config bridge-vlan 'guest'
option device 'br0'
option vlan-list 'foobar'
list ports 'port1:t'
list ports 'port2:t'
list ports 'port3:t'
list ports 'port4:t'
list ports 'port5:t'
list ports 'port6:t'
list ports 'port7:t'
list ports 'port8:t'
list ports 'sfp1:t'
list ports 'sfp2:t'
This would be helpful when the same VLAN set is to applied on the same (tagged or untagged) ports.
since you're not running an official openwrt firmware, how would we know ?
What is the end goal? Is seems a bit off to have 150 vlans for a personal Wifi solution.
You could make a uCode script that does this but if you share your setup there might be a better design.
Could please anyone just skip the chatter and stays on the topic?
The question is clear: how to script x vlans? The answer is with UCI and as we wait for feedback from OP it does not matter why or why not there is a need for 150 vlans.
The end goal is important in this case. I don't like answering vague questions blindly.
No it's not. If the dudes wants to setup 2048 vlans it does not matter. Let him. The important part of the question is how to do it. With scripting.
Why or why not does not matter at all and it has zero impact on answering the question.
How to script UCI is covered and if he has specific issues he still can ask about that.
This device doesn't appear to be supported by the official OpenWrt project (as was referenced in the first reply in this thread). Where did the firmware come from?
The reason the origin of the firmware is so critical is that a fork (vs the official version) may be considerably different in terms of how the system actually functions... answers here are likely only going to be relevant to the official project.
No. The config files cannot be used as a scripting language. If anything, you'd need to do this with shell scripting and UCI commands.
While only tangential, I am also curious why you have 150 personal VLANs? This is really unusual. As also referenced, there may be a more effective topology for you to use if we understand your actual environment/use-case.
One local example a few blocks away:
There is a local leftish project providing kind of ISP service for multiple private homes and business in their neighborhood via WiFi links.
I think such an ISP would isolate each network segment from each other.
I've meet these guys a few times and they -- for reason -- are running OpenWrt as their NOS... You can easily get more then 150 vlans in such a network...
I'm not saying it's an invalid use case, but it is is unusual when someone has that many VLANs that they have even said are for "personal" use (what you mentioned is clearly a business). It suggests that they might be trying to isolate every single device on their network using VLANs, something that may or may not be necessary, although we do not yet know the reasoning, thus the questions. It may be that the OP's use case really does need 150 VLANs, but it is also plausible that there is a better topology.
But why should we even care? Not my circus, not my monkeys; as they say in Poland.
Part of that sentiment is valid -- their network, their choice.
On the other hand, I personally subscribe to the idea that if we can better understand the user's goals, we can help them configure their network to best serve their needs. Making a silly analogy, if someone is asking how they can make their TV louder, we could answer "there are volume controls on the remote and on the TV." But if we ask what the problem is in a bit more detail, we might learn that the issue is not really that it isn't "loud" enough, but rather that the dialog is really hard to understand... with that insight, we might have other suggestions like adjusting the EQ, using external speakers/soundbar, turning on captions, or maybe even having a hearing test to determine if the problem is hearing-loss related instead.... when we understand more about the "experience" we can offer solutions that improve the overall situation, rather than just answering a "simple" question.
I suffer from this and the German French coop TV station arte.tv nowadays offers audio channel with increased voice loudness and decreased other audio sizzle and I can enjoy television again 
K now we finally reached off topic... But why isn't OP replying?
I was away from my desk, last afternoon. I'm sorry I couldn't reply earlier.
I mentioned I worked on a project involving Teltonika devices. While this reamins true, my question has a more general target and it's about OpenWRT in general.
To better describe why this need for 150 VLAN arose, it came from a WiFi setup in hospitality. For a 150 rooms building, I want to provide each room tenant with a private VLAN : each private VLAN can communicate with the Internet but a device from one VLAN can't communicate with a VLAN from another one. Devices within a VLAN can communicate. This requires one (or several) gateway(s) with an interface in each VLAN.
I hope this better explains where this need for this amount of VLAN come from.
I'm also working on projects with higher room counts (up to 300).
I would actually suggest the use of a proper business or enterprise managed switch with port isolation. This would enable you to use a many fewer VLANs (maybe even just one) and would isolate each room from the others, while still allowing each room to reach the gateway and internet.
I have a TP-Link T1600G-28PS that has a port isolation feature and it works well.
That said, if you really want to go down the route of creating 150-300 individual VLANs, you would probably want to simply script (with shell scripts) the uci syntax to loop over a variable and use that variable to define each vlan and subnet.
"Enterprise" Grade Hardware is maybe not necessary.
Sure if you need 802.1x support an the like. But normal vlan termination on an aggregate or core switch is not that of an issue because all the switching happens on the chip anyway and a 4core router can easily push 10 gigabit. The only important part is not to mix up duties so the switch should do no routing at all.
Sure if you need something with warranty and stuff then ubnt or the Soho tp link product line, or mikrotek. But I would be interested in how this story develops and if OpenWrt only suites the need...
How do you plan and design the network?
I'd look into something like generating the configuration from data, think netbox + a template + a script to deploy it (maybe using Ansible)
I'm planning to use Ansible to generate a /etc/config/network file that I intend to copy on OpenWRT hosts (ie switches).
I'll also configure the linux box acting as gateway for all those VLAN with Ansible.