Is it possible to VLAN tag all LAN traffic on the Raspberry Pi's single Ethernet port running LEDE/OpenWRT?
I have several outdoor cellular Internet setups using RPi's, but only a single Ethernet connection to my indoor Cradlepoint router. The Cradlepoint appears to support VLAN tags on the WAN port, and the outdoor PoE switch I'm using to run both RPi's will pass VLAN tags.
My idea is to put a second switch (that will also pass VLAN tags) near the Cradlepoint, and have an Ethernet cable running to it from the each of the two WAN ports I've configured (each with a unique VID). This will allow me to take advantage of the failover and load balancing capabilities of this router. I have several USB modems connected to its USB ports, and utilize its "WiFi as WAN" capabilities from time-to-time as well -- so I'd like to keep it in service.
I've tried doing this several ways using dumb switches and static WAN addresses on the Cradlepoint side with no luck. So -- I'm hoping if I can implement VLAN tags it'll eliminate whatever conflicts are keeping me from utilizing these two cellular WAN devices over a single gigabit Ethernet link.
Should work like a charm. With VLAN-aware switches and devices and proper configuration, it should behave as if there are multiple "physical" cables connecting the devices, each carrying its own VLAN.
Just make sure you have connectivity on a "new" VLAN before you change the config to remove "connection" to the untagged packets on the interface!
Perfect! So it's pretty obvious on the Cradlepoint side how to set things up -- not so much on the LEDE/OpenWRT side. I suspect I need to install a package or two, and if there's LuCI support I'd like to add that as well. Since the RPi is just a single Ethernet port device, does that make a difference from a "how to" standpoint compared to a router with a built-in switch?
Any hints on how to get rolling with the configuration on the LEDE/OpenWRT side would be appreciated!
You should be able to configure VLANs in LuCI, or you can do it directly in /etc/config/network
You shouldn't need any additional packages.
I use command-line configuration myself, but if you search on "VLAN" or "switch config" here or on the OpenWRT wiki you should find plenty of screenshots and walkthroughs
look at the interface config in luci and the /etc/config/network file.
OpenWRT has supported this well for a long time. It's needed to talk to the
switches in most routers, but linux is linux
So there's no Network - Switch section in LuCI, probably because the RPi doesn't have a switch.
/etc/config/network doesn't have a switch section either. And, if I'm understanding the Wiki correctly this means I need to create a "driver-level VLAN"? Assuming this is even possible on the RPi.
The relevant section of /etc/config/network looks like this now:
The specifics of setting up a VLAN on a router (Raspberry Pi) with a single Ethernet port seem to be quite different than routers with built-in switches. There's mention of it in the VLAN Wiki, but details are thin, and I'm not finding other walk-throughs specifically targeted at this scenario.
Anyone out there with first hand knowledge this type of configuration? See one post above for what I've worked out so far, but i suspect there's more to it.
It's easy to use VLANs on a device without built-in switch. Use eth0.x instead of eth0 in the configuration, where x is the VLAN. But I'm not sure bridging it with eth0 is a good idea.
In general mixing and matching tagged and untagged packets on the same interface of a router/AP/network access device is problematic. Of course, when using VLANs you normally have a managed switch involved. Typically then, you put tags on all your packets entering devices that participate in more than one vlan (infrastructure devices), like your RPi. If a device needs to participate in just ONE VLAN then it typically talks with untagged packets to a managed switch who tags the packets before forwarding them to the infrastructure device.
Thanks everybody for the responses. Using VLAN tags between my Cradlepoint router and 2 different Raspberry Pi's running LEDE/OpenWRT is working!
I now have three different WAN ports on my Cradlepoint MBR1400, the original Blue port which is not connected (but still setup for untagged use) and two re-assigned LAN ports (Orange) that are using VLAN tags with separate VIDs.
Each Orange port is connected to the same unmanaged switch (D-Link DGS-2205 which can handle jumbo frames). A single Ethernet run connects this switch to an outdoor PoE switch (Ubiquiti NanoSwitch which can also pass VLAN tags) via a mid-span 24V PoE power inserter. From there, individual runs power two outdoor Raspberry Pi router/modem setups running the ROOter build of LEDE/OpenWRT. The RPi's run off of 24V to 5V splitters.
The RPi's now have second LAN interfaces using an eth0.x adapter where x is the VID of the VLAN it's assigned. This allows me to easily switch between the two outdoor routers, which are each connected to the Internet via a different cellular provider. I can also take advantage of failover, load balancing and the 'WiFi as WAN' capabilities of the Cradlepoint.
The new LAN interfaces can be created using LuCI by putting whatever VLAN adapter you want to use in the 'Custom Interface' box (e.g. 'eth0.3' to use a VLAN tag of 3) when creating the additional LAN interface. The new LAN can be added to the existing LAN firewall zone. No need to use the CLI unless you want to.
I disagree with the premise that one should not mix tagged and untagged packets on a given physical interface, but it does depend on the hardware being used. Most VLAN aware networking equipment has the ability to define a 'default' untagged VLAN assignment (often PVID or Port VLAN ID) for a given port as well as multiple tagged interfaces (VID or VLAN ID). As such, any non-VLAN aware hardware that is plugged into that port will still be able to get a network connection to the untagged network and will just ignore any tagged frames.
In some cases, this PVID/VID mix is actually required -- The Ubiquiti AP's need an untagged network for the management functions, and they support tagged networks for the wifi networks, if desired (I believe that the UAPs are being updated to handle management on tagged networks).
That said, it is generally considered a bad idea to use an unmanged switch on an interface that has both untagged and tagged networks as the behavior is undefined and could have unexpected results. Otherwise, though, there is no reason that one cannot mix tagged and untagged networks on a given physical interface
In my experience using raw and tagged frames on the same interface can easily lead to configuration issues that can cause bugs and security issues. For example misconfiguration between a switch and your interface. It's not that it doesn't work, it's that it might not be advisable in the real world.
