OpenWrt Forum Archive

Topic: VLAN to show port traffic

The content of this topic has been archived on 30 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
RobPBM
23 Feb 2012, 01:22

I'm looking for a way to show port traffic, specifically in cat /proc/net/dev. Should this be done through VLANs or is there an easier way?

I've read several threads and wiki pages on VLANs but I'm unsure of how to set it up properly. Router model is TEW-673GRU.

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'lan'
        option 'ifname' 'eth0.1'
        option 'proto' 'static'
        option 'type' 'bridge'
        option 'ipaddr' '192.168.1.1'
        option 'netmask' '255.255.255.0'

config 'interface' 'wan'
        option 'ifname' 'eth1'
        option 'proto' 'pppoe'
        option 'username' 'foo'
        option 'password' 'bar'

config 'switch' 'rtl8366s'
        option 'enable_vlan' '1'
        option 'enable_vlan4k' '1'
        option 'reset' '1'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '1'
        option 'ports' '0 1 2 3 5t'

I think I understand how to split into multiple VLANs with separate interfaces, like in this guide: http://translate.google.com/translate?s … od-openwrt

I have no idea how bridging works though. Adding multiple interfaces under 'ifname' on the lan appears to break the connection in every VLAN combination I've tried. I'm not sure if I should be replacing VLAN 1 with four VLANs and bridging, or if I should do something like examples 1 or 3 in the link.

(Last edited by RobPBM on 23 Feb 2012, 01:26)

Post #2
snk
23 Feb 2012, 07:12

I think this should work:

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'lan'
        option 'ifname' 'eth0.1 eth0.2 eth0.3 eth0.4'
        option 'proto' 'static'
        option 'type' 'bridge'
        option 'ipaddr' '192.168.1.1'
        option 'netmask' '255.255.255.0'

config 'interface' 'wan'
        option 'ifname' 'eth1'
        option 'proto' 'pppoe'
        option 'username' 'foo'
        option 'password' 'bar'

config 'switch' 'rtl8366s'
        option 'enable_vlan' '1'
        option 'enable_vlan4k' '1'
        option 'reset' '1'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '1'
        option 'ports' '0 5t'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '2'
        option 'ports' '1 5t'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '3'
        option 'ports' '2 5t'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '4'
        option 'ports' '3 5t'

You should be able to monitor the port-based traffic also with swconfig without setting up vlans, but this obviously does not appear under /proc.

Post #3
RobPBM
23 Feb 2012, 09:11

Wow... that script is identical to one I wrote before. It's working now. I guess the problem was it didn't load after doing an /etc/init.d/network restart. I had to do a reboot for it to take. I'm not sure if that's the proper way to reload the config.

Thanks for the help. I needed it to use /proc because I believe a plugin I'm using for the LCD screen parses that file.

Post #4
RobPBM
24 Feb 2012, 00:01

I'm having problems with this again. I think only one port is working at a time with that config. All other computers cannot ping anything on the network, including 192.168.1.1. I think I got lucky when I rebooted this time and my main computer connected first, giving the illusion that it was working; either that, or it's just intermittently deciding whether or not to work after plugging in a cable or rebooting.

Post #5
snk
24 Feb 2012, 06:10

That's mysterious. Which version of OpenWrt are you running? Can you show us the output of ifconfig?

Post #6
RobPBM
24 Feb 2012, 07:17

Firmware: Attitude Adjustment (r30556)
openwrt-ar71xx-generic-tew-673gru-squashfs-factory.bin

After more testing, it does seem like they're competing somehow. I have two machines plugged in and only one runs at a time, even if I walk away for a few minutes and come back. If I unplug one, the other will immediately work. The WAN is connecting fine.

If I go to http://192.168.1.1 from a non-connecting computer, sometimes I can see the LuCI console for a second before the connection times out.

br-lan    Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:300 errors:0 dropped:2 overruns:0 frame:0
          TX packets:219 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:31433 (30.6 KiB)  TX bytes:98570 (96.2 KiB)

eth0      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:335 errors:0 dropped:0 overruns:12 frame:0
          TX packets:240 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:39547 (38.6 KiB)  TX bytes:101789 (99.4 KiB)
          Interrupt:4

eth0.1    Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:308 errors:0 dropped:0 overruns:0 frame:0
          TX packets:223 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:31945 (31.1 KiB)  TX bytes:98834 (96.5 KiB)

eth0.2    Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:306 (306.0 B)

eth0.3    Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:306 (306.0 B)

eth0.4    Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:306 (306.0 B)

eth1      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:238 errors:0 dropped:0 overruns:0 frame:0
          TX packets:251 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:96804 (94.5 KiB)  TX bytes:30078 (29.3 KiB)
          Interrupt:5

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:70 errors:0 dropped:0 overruns:0 frame:0
          TX packets:70 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5222 (5.0 KiB)  TX bytes:5222 (5.0 KiB)

pppoe-wan Link encap:Point-to-Point Protocol
          inet addr:xx.xx.xx.xx  P-t-P:xx.xx.xx.xx  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:199 errors:0 dropped:0 overruns:0 frame:0
          TX packets:214 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:90010 (87.9 KiB)  TX bytes:24184 (23.6 KiB)

(Last edited by RobPBM on 24 Feb 2012, 07:20)

Post #7
snk
24 Feb 2012, 10:34

Just to make sure, the two computers have different IP addresses and MAC addresses?

What if you try to leave the VLANs unbridged, and instead create four separate interfaces (this example leaves WLAN bridged with eth0.1):

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'lan'
        option 'ifname' 'eth0.1'
        option 'proto' 'static'
        option 'type' 'bridge'
        option 'ipaddr' '192.168.1.1'
        option 'netmask' '255.255.255.0'

config 'interface' 'lan2'
        option 'ifname' 'eth0.2'
        option 'proto' 'static'
        option 'ipaddr' '192.168.2.1'
        option 'netmask' '255.255.255.0'

config 'interface' 'lan3'
        option 'ifname' 'eth0.3'
        option 'proto' 'static'
        option 'ipaddr' '192.168.3.1'
        option 'netmask' '255.255.255.0'

config 'interface' 'lan4'
        option 'ifname' 'eth0.4'
        option 'proto' 'static'
        option 'ipaddr' '192.168.4.1'
        option 'netmask' '255.255.255.0'

config 'interface' 'wan'
        option 'ifname' 'eth1'
        option 'proto' 'pppoe'
        option 'username' 'foo'
        option 'password' 'bar'

config 'switch' 'rtl8366s'
        option 'enable_vlan' '1'
        option 'enable_vlan4k' '1'
        option 'reset' '1'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '1'
        option 'ports' '0 5t'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '2'
        option 'ports' '1 5t'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '3'
        option 'ports' '2 5t'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '4'
        option 'ports' '3 5t'

You'll have to assign IP from the correct subnet to clients in lan2...lan4 manually, unless you configure DHCP server for each interface. Try to reach luci from two ports simultaneously. Does it work?

Post #8
RobPBM
26 Feb 2012, 00:29

Yes, I can access LuCI with that config from both machines at once. Internet works on the first port only.

All devices have different MAC/IPs. All IPs are static and the DHCP server is disabled on the router.

First port is connected to a PC, 192.168.1.50.

Second port is connected to another router, 192.168.1.2. DHCP server is disabled there too. It's functioning as a switch, with nothing plugged into the uplink.
The other computers on the second port's network are 192.168.1.51-53.

The setup works fine with the original config I posted. I've been using it for a few months without issue.

(Last edited by RobPBM on 26 Feb 2012, 00:29)

Post #9
snk
26 Feb 2012, 19:46

Then I'm pretty certain that you are hitting a bug somewhere. The first config I posted should work, but for some reason isn't working. If you unplug 192.168.1.50 in the first config, do the 51-53 computers all work at once? Or just one of them? If the latter, the problem could be in the second router/switch as well.

You can make internet work in the second config if you modify the firewall configuration to do forwarding to lan2...lan4, basically just replicating the entries for 'lan' to 'wan' forwarding. Moreover, if you want lans to talk to each other, you need forwarding rules for those as well.

Post #10
RobPBM
27 Feb 2012, 07:51

The 51-53 computers all work at once. I guess I could plug one of the computers in directly to see if it's the second router doing it.

I added them to the default LAN firewall in LuCI. It feels ghetto but it's working.

Post #11
snk
27 Feb 2012, 15:02

Ok. The problem is probably then in the kernel module for the network interface of the SoC in your router. I found some earlier references where the bridging of VLANs led to a loss of connectivity with some Broadcom network adapters due to a driver bug. Do you have any idea which module your router uses? You could open up a bug in the OpenWrt bug tracker.

Post #13
snk
29 Feb 2012, 08:54

It seems to be a switch "feature" after all. See, e.g.

https://forum.openwrt.org/viewtopic.php?id=28218

The last comment at https://dev.openwrt.org/ticket/8701 seems interesting. The switch driver does indeed have fid support. Even without the attached patch it should be possible to set the fid manually using swconfig 

swconfig dev rtl8366s vlan 1 set fid 0
swconfig dev rtl8366s vlan 2 set fid 1

and so on for all four vlans.

(Last edited by snk on 29 Feb 2012, 09:02)

The discussion might have continued from here.