[solved] VLANs on ipq40xx alternative config (for Fritzbox 4040)

Installing and Using OpenWrt Network and Wireless Configuration
4

At least in my experience, LuCI just doesn't "understand" the IPQ40xx switch and its driver.

I don't know if the EA6350v3 is a dual-interface or single-interface device. My experience is with the EA8300 which presents eth0 and eth1 both.

The guiding principles I use are based on looking at the code and coming to the conclusions that

  • VLAN 1 and VLAN 2 are "special" -- avoid them
  • The "Internet" port is "hard wired" to eth1 by the driver
  • The "Ethernet" ports are "hard wired" to eth0 by the driver

First, I set up the switch itself

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

Now, I need to trunk VLANs over the Internet port in my situation. So I have several stanzas like

config switch_vlan
        option device 'switch0'
        option vlan '100'
        option vid '100'
        option ports '0t 5t'

Since the driver supports 128 VLANs from

jeff@office:~$ sudo swconfig dev switch0 help
switch0: 90000.mdio(QCA AR40xx), ports: 6 (cpu @ 0), vlans: 128
[...]

if it is a high-numbered VLAN, you need to remember that it is the vid that specifies the tag, and that it would be the vlan that needs to be referred to in a pvid line. So far, I haven't had to declare the pvid in my config.

config switch_vlan
        option device 'switch0'
        option vlan '101'
        option vid '1000'
        option ports '0t 5t'

This will get tagged traffic from the Internet port to and from eth1.100 and eth1.1000.

Now, if I want to have that VLAN's traffic appear on the "Ethernet" ports, it seems that it needs to be bridged. Changing the switch definition to span the ports and adding the bridge now looks like

config switch_vlan
        option device 'switch0'
        option vlan '101'
        option vid '1000'
        option ports '0t 1 2 3 4 5t'

config interface 'vlan1000'
        option type 'bridge'
        option stp '1'
        option ifname 'eth0.1000 eth1.1000'

I did not have to explicitly define the PVID for the ports. Checking the PVID returned by swconfig dev switch0 show is probably worthwhile.

Without knowing the intent of your bridging and firewalling, it's hard to define the bridges (and I don't use OpenWrt's in-built firewall scheme for my applications).

My guess is something like the following would be close

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '101'
        option vid '101'
        option ports '0t 1'

config switch_vlan
        option device 'switch0'
        option vlan '102'
        option vid '102'
        option ports '0t 2 3 4'

then look at the output of swconfig and see what might need adjustment.

7 Likes