Hello to all,

I have a on questions that, an I will be glade to hear opinions about it.
It is possible to have one SSID with two or more VLAN's for example:

/etc/config/network:
config switch    "eth0"
    option vlan0 "1 2 3 4 5*"
    option vlan1 "0 5"

config interface lan
        option type     bridge
        option ifname   "eth0.0"
        option proto    static
        option ipaddr   192.168.1.1
        option netmask  255.255.255.0

config interface lan1
        option type     bridge
        option ifname   "eth0.1"
        option proto    static
        option ipaddr   192.168.2.1
        option netmask  255.255.255.0

config interface loopback
        option ifname   "lo"
        option proto    static
        option ipaddr   127.0.0.1
        option netmask  255.0.0.0

------- /etc/config/wireless -------------------
config wifi-device      wl0
        option type     broadcom
        option channel  5

config wifi-iface
        option device   wl0
        option mode     ap
        option ssid     myNet
        option hidden   0
        option encryption wep
        option key   XXXXXXXXXXXXXXX
        option network   lan  lan1     -> I have tested with the two interfaces hear and this do not work

If some one can give me an advice or an example I will appreciate.

Thanks in advanced!
Regards to all
CMarco

Hello,

Somebody can give me an advice, please?

Regards to all
CMarco

your wireless config cannot work like this.
Check with brctl, you will see the "option bridge" in network config builds a bridge with the name "br-lan" and the interfaces as members.
So "brctl show" shws what happened in detail.

To add a second interface to the bridge just declare it as member of a bridge i.d.  option network lan .

You can script this also with : brctl addif br-lan <your 2nd interface>

Check it with "brctl show" ...& read/learn  more about bridging

regards
3zl

(Last edited by 3zl on 2 Dec 2011, 16:17)

what do you want to achieve with this?
why one  SSID with two VLANs? First you create two VLANs and than you brigde this two VLANs?

If you want to do something like VLAN-trunking over Wifi look at https://forum.openwrt.org/viewtopic.php?id=33225 and the link posted there.

if you want something else, describe what do you want to exactly and why do you want to do this. but I don't think you have the right idea how bridging works, and what is possible.

Hello,

What I want is to have one SSID with two vlan's. For example SSID "Guest" with VLAN3 and VLAN2.
Seems simple but...

In the VLAN-trunking over Wifi,  I have one SSID per VLAN, now I'am trying something diferent, one SSID with 2 VLAN's.

Can somebody tell me how can I do this, like a little example.

Regards to all
CMarco

check the link in the post!

this guy is using the dynamic VLAN capabilities of hostapd. So you can have multiple VLANs on one SSID.
The Radius-Server stores the VLAN for every user and if he connects his client get his VLAN assigned. So you run muliple VLANs over one SSID, but only one VLAN per client. I'm not sure if you can run more than on VLAN per Client and I don't get the point either (except for trunking).

what you want to do isn't a standard setup, so please don't expect that someone will tell you exactly what to do. You will have to get your hands dirty

(Last edited by eleon216 on 2 Dec 2011, 23:42)

Ok, thanks for the opinions...
I'm going to go to the bottom of this question... and I will give feedback soon...

Regards to all
CMarco

Hi,

How I said where I'm...
I have a working scenario, where I have one access point and two stations. Each station is on it's own VLAN trunk'ed out only one ethernet interface at the AP side and let the switch behind handle the VLAN separation.
This is done as widely explained via WDS and VLANs assigned to Bridges.
However, one of the stations need another VLAN added, i.e. the WDS to that station now needs to be a trunk and the Station needs to be VLAN transparent, i.e. the only ethernet interface will act as trunk and so shall the wireless interface.

The picture is not mine but the scenario that I'm facing is the same as the picture...
The purpose is to provide 3 different type of services/different circuits to the equipment behind the stations.
the wireless links are WDS and whether or not i use VirtualAP's on the AP end, does not seem to matter so far, when having a dedicated VLAN per WDS link. However, now that I need two VLANs over one WDS I seem to struggle.
When I have only VLAN 66 and 3 was easy, but now with VLAN 5...

So can someone give advises how to solve this question

Regards
CMarco

as  eleon216 stated, you have to dig  for madwifi hostapd dynamic vlan configuration.

example config explained here somehow

http://dev.laptop.org/pub/firmware/libe … onf.sample

it seems to go a very long way to accomplish your task.

Maybe you should consider a different approach for your application or is it more academic ?

good luck

regards
3zl

Hi,

@3zl
The picture is not academic, is a real scenario. The approach that eleon216 stated I still have my doubt about is application in this WDS Scenario...

My first approach was what I show in the picture. Is an approach similar to what we all do, when configure Wired Trunk, where we have more than one VLAN in the same connection. My mistake was thinking that was a simple thing in Wireless...
I was searching in the Internet and of all the manufacturers no one, form what I saw, have do an approach like what I mentioned... They all do:

Create another WDS LINK, one WDS link per VLAN that you want to pass.
A WDS LINK1 to VLAN 66
A WDS LINK2 to VLAN 5
Both under the same radio, i.e. MAC80211...

Of course this is not equal to my first approach...
Have someone tested this approach and can give me feedback about is functionality with OpenWRT. And what you, that work with OpenWRT longer time than I
and have more experience, think about this second approach.

Regards,
CMarco

Sorry, i'm not a specialist in VLAN, but it seems to me, that its an intresting field to work on.

As far as i  have gathered, madwifi drivers with hostpapd should be able to accomplish this, at least its in the configuration of the Link i did send.

# VLAN interface list for dynamic VLAN mode is read from a separate text file.
# This list is used to map VLAN ID from the RADIUS server to a network
# interface. Each station is bound to one interface in the same way as with
# multiple BSSIDs or SSIDs. Each line in this text file is defining a new
# interface and the line must include VLAN ID and interface name separated by
# white space (space or tab).
#vlan_file=/etc/hostapd.vlan

# Interface where 802.1q tagged packets should appear when a RADIUS server is
# used to determine which VLAN a station is on.  hostapd creates a bridge for
# each VLAN.  Then hostapd adds a VLAN interface (associated with the interface
# indicated by 'vlan_tagged_interface') and the appropriate wireless interface
# to the bridge.
#vlan_tagged_interface=eth0

Have a look around http://www.zeroshell.net/eng/wireless-access-point seems  to have VLAN on WIFI

Basics academic.csuohio.edu/yuc/papers/VLAN.pdf

Interesting discussion on http://www.tomshardware.co.uk/forum/200 … t-bridging

MikroTIK http://wiki.mikrotik.com/wiki/802.1q_Tr … s_P2P_Link

http://jcostom.wordpress.com/2010/07/03 … in-openwrt

As we do use L2-AWDS-Mesh i might test if it passes VLAN tagged packages.

Are you willing to dig further and find a solution ?. I do think it can be done.
At least there a some infos on the internet.

regards
3zl

(Last edited by 3zl on 13 Dec 2011, 23:52)

Hello,

@3zl
I have look to the links that you mentioned, thanks for them, and much more...

The link, MikroTIK http://wiki.mikrotik.com/wiki/802.1q_Tr … s_P2P_Link is the second approach that I have mentioned.

Starting with this approach...

In this picture http://wiki.mikrotik.com/images/f/f3/Vlan.jpg they basically create one VAP and one WDS link per VLAN that they want to pass through 802.11Q wireless trunk
WDS LINK1 - VAP10 - to VLAN 10
WDS LINK2 - VAP20 - to VLAN 20
WDS LINK3 - VAP30 - to VLAN 30

I'm thinking to test this under the same radio, MAC80211, in 802.11an...

As you said:"As we do use L2-AWDS-Mesh i might test if it passes VLAN tagged packages."
I ask you can if you can test this, because I do not have still the equipment to test. And I'm still searching what the best equipments for a scenario like L2-AWDS-Mesh.
If you can tell me what the wireless equipments that you use with OpenWRT I will appreciate very much.
Below is the configuration for device 1

Are you willing to dig further and find a solution ?. I do think it can be done.
R:Yes, my intention is to go further.

Device 1
/etc/config/wireless
config wifi-device  Wlan1
    option type     mac80211
              option hwmode   11na
    option htmode    HT20
    option channel  36   
       option txpower    20
    option disabled 0

config wifi-iface
    option device        wlan1
    option network     vlan10
    option ssid           VLAN10
    option wds       1
    option mode       sta
    option hidden       0
    option encryption  psk2
    option key         'secret_key'
   
config wifi-iface
    option device      wlan1
    option network     vlan20
    option ssid       VLAN20
    option wds       1
    option mode       sta
    option hidden       0
    option encryption  psk2
    option key         'secret_key'

config wifi-iface
    option device      wlan1
    option network     vlan30
    option ssid       VLAN30
    option wds       1
    option mode       ap
    option hidden       0
    option encryption  psk2
    option key         'secret_key'

#ETH0 - port 0 the uplink trunk port
config 'switch' 'eth0'
        option 'reset' '1'
        option 'enable_vlan' '1'

config 'switch_vlan'
        option 'device' 'eth0'               
        option 'vlan' '10'               
        option 'ports' '0t 5t'        

config 'switch_vlan'
        option 'device' 'eth0'               
        option 'vlan' '20'            
        option 'ports' '0t 2 3 5t'    

config 'switch_vlan'       
        option 'device' 'eth0'               
        option 'vlan' '30'
        option 'ports' '0t 4 5t'    

config interface loopback           
    option ifname      lo
    option proto       static
    option ipaddr      127.0.0.1
    option netmask     255.0.0.0

config interface vlan10
    option type        bridge       
    option stp        1
    option ifname        eth0.10
    option proto        static
    option ipaddr        192.168.3.1   
    option netmask        255.255.255.0
    option defaultroute    0
    option peerdns        0

config interface vlan20
    option type        bridge
    option stp        1
    option ifname          eth0.20

config interface vlan30
    option type        bridge
    option stp        1
    option ifname          eth0.30

In the Device 2 the configuration is equal, if you want I can send you also the configuration, no problem... If you need something else...
All developers contribution will be very appreciated.

Regards,
CMarco

Hello CMarco

i've decided to have a deeper look at OpenWrt implementation of VLAN.

Scope is to build a setup with several virtual routers and Debian on VMware.

I will let you know any news / ideas i'get out of this

regards
3zl

i did promise to respond if there are news...here they are:  success with trunking over wifi

  Router        : DIR-300 A1 (switch phy IC175C)
  openwrt 8.09 r18808 / 10.03 trunk on DIR-300A1
  wifi-if       : awds0  AWDS-L2 Mesh adhoc
  trunk-if      : veth0  setup by vethd on eth0
  eth0.1.eth0.4 :  vlan-if set to respective ports 0..3

phy eth0 carries traffic from all ports but cannot assigned directly
to a bridge (kills switch ) , so use virtual interface attached via tun (' vethd eth0 ') .

The resulting interface veth0 can be briged with to a wireless interface (athx, wlan0..)
transporting 'raw' ethernet stream thus mirrors vlan/ports to either side.

interface veth0 / br can be monitored with tcpdump
(take care to filter local ssh traffic, it causes loop)

[phy port0..portx]->[switch.eth0]->veth0->br<-wif~~wif->br->veth0->[eth0.switch]...[phy port0..portx]
           
maybe same setup applies to WS or similiar WIFI-bridging on layer 3 , but did not  test

if someone plays with this kind of setup, please report

regards
3zl

(Last edited by 3zl on 7 Jan 2012, 00:35)

Hi,

@3zl: After read this post, i think the topic is very interesting and I will be glade in participate in the test, and I have the conditions to test this in a WDS link between Router AP's. And if is there, also, others, developers of openwrt also, with the possibility to also try this, please join us.

In your message there are things that, maybe because of my lack of experience i do not understand.
like "so use virtual interface attached via tun (' vethd eth0 ')". I'm not understanding the transition [switch.eth0]->veth0.

Can you help me by, if it is not too much to ask, give same sample configurations.

@CMarco: I will test also your approach, after test 3zl approach, that I think summarizes a WDS P2P connection (wds+ap to wds+sta). But in this case, we have one WDS P2P connection for each VLAN transfered between router AP's, all above the same Radio, this is sharing the same characteristic, like frequency, channel, etc... With this your intention is to pass the VLAN's from one AP to another... like MikroTIK http://wiki.mikrotik.com/wiki/802.1q_Tr … s_P2P_Link

Best Regards.
Craig Davids

(Last edited by craigdavids on 6 Jan 2012, 19:08)

i wil try to give some hints about whats going on:

1. Veth
   Veth stands for Virtual ETHernet. It is a simple tunnel driver that works at the link layer and looks like a pair of ethernet devices interconnected with each other.
   Simply speaking its a two-leg virtual device with one leg in the phy ethx and the other created by the driver , hence  [ethx]<->tun-driver<->[vethx]
   It can litterally be used like a phy ethernet device  http://wiki.openvz.org/Virtual_Ethernet_device
   The verthd driver is available as ipkg package and as kernel driver (kernel_menuconfig..experimental)

2. eth0
    as the VLAN interfaces eth0.x are created by kernel-driver, the 'parent' eth can be accessed if not directly (because of driver issues) or by binding a veth to it and use the
   vethx interface instead.

3. picture to clarify

i will be happy to assist on further questions
3zl

(Last edited by 3zl on 7 Jan 2012, 20:52)

Hi,

@3zl: Thanks for the explanation, this is new for me.

I have  Installed the packet "veth -1.0-1-VETH is a daemon that virtualizes a ethernet card in Linux" like you said.
I have done the command "vethd eth0" to bind veth0 into eth0
It says that "Attached veth0 into eth0". So seems all ok.

After on /etc/config/network where I have:

config interface lan
        option ifname   eth0
        option type     bridge
        option proto    static
        option ipaddr   192.168.1.110
        option netmask  255.255.255.0
        option network 192.168.1.0
        option gateway 192.168.1.1

I have changed to:
config interface lan
        option ifname   veth0
        option type     bridge
        option proto    static
        option ipaddr   192.168.1.110
        option netmask  255.255.255.0
        option network 192.168.1.0
        option gateway 192.168.1.1

And when i do "brctl show" it says that bridge br-lan is created with veth0.
But I do not know why now i can not access or ping to the interface lan with ip 192.168.1.110. Without all the veth0 setup, I was always abel to ping to 192.168.1.110.

what I'm forgetting, can you help me.

Regards,
Craig Davids

(Last edited by craigdavids on 12 Jan 2012, 13:49)

Hi craigdavids ,  so wee'l see what we can to checking out :

I suppose you are connected to the CPE via LAN ? what IP ip ?

logread ?
dmesg ?
ps  .. vethd?

ifconfig eth0..veth0  ..up ?
ifconfig br-lan ..up ?

i never had problems  with veth though, might be something simple.

regards
3zl

Hi,

I start my router with this configuration in /etc/config/network, and the loopback also of course.
config interface lan
        option ifname   eth0
        option type     bridge
        option proto    static
        option ipaddr   192.168.1.110
        option netmask  255.255.255.0
        option network 192.168.1.0
        option gateway 192.168.1.1

At this point eth0 is up , and br-lan bridge with interface eth0 are up to. And all is ok, from my PC with IP 192.168.1.3 I can ping and access to 192.168.1.110.
After this i do: "vethd eth0" and appears a message "Attached veth0 to eth0".
I do a "ps -e | grep veth" and it is all ok.

After this I go to /etc/config/network, and I only change "option ifname eth0" to "option ifname veth0"
config interface lan
        option ifname   veth0
        option type     bridge
        option proto    static
        option ipaddr   192.168.1.110
        option netmask  255.255.255.0
        option network 192.168.1.0
        option gateway 192.168.1.1

After this I save the configuration and i do /etc/init.d/network restart.  And after this restart eth0 goes down and do not goes up again even if i do "ifconfig eth0 up".

Do you see some mistake on this steps.

Regards
Craig Davids

The time eth0 is down , how are you connected to the CPE ?
Do you have still access to OpenWrt ?
Have a look at logread  & dmesg about eth0 / veth0 / br-lan
Start with network config eth0 off the bridge and build bridge manually.

I do not have a Routerboard at hand so i'll test on atheros hardware D-Link and VMWare x86 build

regards

3zl

(Last edited by 3zl on 17 Jan 2012, 07:43)

just did a test in VMWare to check for your prblems.
To do step vy ste manually check for :

1.reconfig network eth0 NO bridge ..static IP
2.reboot & check connetion

3. set bridge manually
vethd -v veth0 -e eth0  # create interface
check if still connected to eth0

brctl addbr br-lan  # create bridge
brctl addif br-lan veth0  #add veth to bridge

ifconfig veth0 add >some-ip i nyour lan segment<
ifconfig veth  up
ifconfig bv up
#
brctl show

set has effect immidiatley
do NOT network restart

try to connect to to veth0 IP  # should be ok
try to connect to eth0 IP  # should be ok

i.e. both interfaces should be accessible

logread  # get infos whars going on
dmesg

did work for me in VMWare x86  / DIR-300  Kamikaze & Backfire & trunk

pse report what you find

regards
3zl

Hello,

Sorry for the delay on answer (and for this big post), but i have an accident and I was out of office for a few days. But here I'm again..
So, first thanks 3zl and congratulations for the success with trunking over wifi. Also I'm glade that Craig Davids join us and is interested in doing some test's.

@craigdavids you said:
"@CMarco: I think summarizes a WDS P2P connection (wds+ap to wds+sta). But in this case, we have one WDS P2P connection for each VLAN transfered between router AP's, all above the same Radio, this is sharing the same characteristic, like frequency, channel, etc... With this your intention is to pass the VLAN's from one AP to another... like MikroTIK http://wiki.mikrotik.com/wiki/802.1q_Tr … s_P2P_Link"

@craigdavid: yes your are correct. I have already test this approach and it works. The configuration example that I have put in a comment above, works but do not forget to use the same type of encryption in the wifi-iface under the same wifi-device, and the first AP, where I have "option mode sta" put "option mode ap", and do not use eth0 in a bridge after VLAN interface declaration, thinks don't work.
Why if we use eth0 in a bridge after vlan interface declaration this don't work? I do not know if I'm the first facing those difficulties.

I think your problem with veth0 may be resolved if instead doing /etc/init.d/network restart in the final step, do "brctl addif br-lan veth0" and "brctl delif br-lan eth0" and ifconfig veth0 up. I think may solve the problem. And other thing is that in older version of backfire vethd do no work well, but maybe some developer can answer better to this question.

@3zl if the vlan-if (eth0.1.eth0.4 ) that you create, that you said that are set to respective ports 0..3, that are in the wireless trunk, if you also put, for example eth0.4, under other a wifi-device in a wifi-iface on mode AP can you connect clients. In other words is possible to have the VLAN 4 in the wifi trunk and in other wifi in mode ap for client connections all under the same wifi-device with diferent SSID's. I'm asking this because I'm with some problems in doing that.
The wireless wifi trunk was ok with a WDS link.

Best Regards,
CMarco

Hello CMarco,

i'm glad to see you back and had success in the WDS-vlan trunking.
I do think using eth0-veth is a very general approach to get a trunk line.
Problem is ,except the radio, you dont have a phy-port if alll ports are controlled by the internal switch vi a vlan-tagging.
If i do remember well, the WRT54 CPE do have a phy-WAN-port, maybe other CPE's have similiar design.

Port-mirror:
If all CPE's do have same vlan configuration for their switch, the ports are like "mirrored" over the trunk-line.
You can cofigure individual ports though to belong to a different vlan and tag the output of the CPE having that vlan processed afterward.
The key idea is , that the kernel-driver generates the vlan-tagged packets and the switch is programmed to act on behalf  you want to do with the vlan-packets.

Split trunk-line :
One approach to split the trunk-line would be forwarding though iptables ( firewall setup) to different zones. Much like std. LAN / WAN zone.
I've been thinking about this and found it a natural way to have control over the trunk-line.

Some documentation would be very nice to end up in a "howto", but my time is quite limited to work this out and document in detail for WDS and such.
Anyway a starting point would be to decribe your setup for others to understand too

keep on good work and let me know if i can help

http://cdn.randomfunnypicture.com/pictu … r-work.jpg

regards
3zl

(Last edited by 3zl on 16 Jan 2012, 16:58)

Hi,

Thanks to both, and veth0 problem solved. Will be carried, still testing and dealing with other problems.

I think CMarco was rise up a interesting question, that was "In other words is possible to have the VLAN 4 in the wifi trunk and in other wifi in mode AP for client connections all under the same wifi-device with diferent SSID's."
Under the same Wifi-device i do not know, but under other wifi-device I'm not seeing why not. In the veth0 that have all the vlan bridge (vlan 1,2,3,4) to wlan0 you do not do nothing, it stay like 3zl have descrive. What is new is that you have to put "option type bridge" under the config interface VLAN 4, that you mentioned, and bridge this interface vlan to the new wifi-iface under other wifi-device, for example wlan1. I Think in this way the traffic with vlan tag 4 will go througth the wifi trunk(wlan0) or for clients connected(wlan1) according to the mac address table.
I'm guessing a little, 3zl what you think about this approach?

I agree in some documentation maybe one on AWDS-L2 Mesh adhoc and other about wds. I think about mesh only exist this howto http://wiki.openwrt.org/inbox/mesh.olsr, a little poor, I think we can do better, and about wds only exists for broadcom a good example. I think is important to do one for mac80211 and atheros.

Best Regards,
Craig Davids

Interesting topic. We discussed a similar concept before.
https://forum.openwrt.org/viewtopic.php … 11#p135111

As you gays probably know, IEEE 802.11 standard does not support Vlan trunking generically. Simply 802.11 data frame has no Vlan tag field and all you can do is to use a workaround solution as you are talking here - using the Vlan capabilities of the wired switched Ethernet infrastructure.
So generic L2 Vlan trunking is not possible, however the topic is really useful duscussing different manners to acheive something similar.