OpenWrt Forum Archive

Post #1

juni

30 Jan 2015, 09:57

Hi,

though I read this a couple of times I don't fully understand when and how to tag a cpu port.
http://wiki.openwrt.org/doc/uci/network/switch
I have for example a wdr4300 and a ac1750 and both have different default settings when it comes to the CPU ports.
Some devices even seem to have 2 instead of one cpu ports.

I'm planing a more complex setup which the following configuration:

port 0(wan): untagged vlan 3
port 1(port1): untagged vlan 5
port 2(port2): untagged vlan 11
port 3(port3): untagged vlan 12
port 4(port 4): tagged vlan 3,5,11,12

Could someone please enlighten me.
Thank you!

Post #2

juni

30 Jan 2015, 10:44

Sorry for double post. At the first thread I ran into an error, so I thought I didn't went online.

Post #3

eduperez

30 Jan 2015, 12:40

You tag the CPU port when you want to create a vitual ehternet interface on your router for that VLAN.

For example, I have separated my LAN ports into two independent VLAN, so computers on VLAN1 are isolated from computers on VLAN2, but the router has to be on both VLANs at the same time. So, VLAN1 is configured as untagged on Port1 and Port2, and tagged on CPU; VLAN2 is configured as untagged on Port3 and Port4, and tagged on CPU.

Computers connected to the LAN ports are not aware that they are inside a VLAN, because the LAN ports are all untagged; but the router has two virtual interfaces called eth0.1 for VLAN1 and eth0.2 for VLAN2. I can configure each eth0.x interface separately, and have different DHCP and firewall parameters for each VLAN.

In general, the internal switch in your router will treat all ehternet ports equally, so you need to tag your VLANs on the CPU, to create different ethernet interfaces for the LAN and WAN ports.

Post #4

juni

30 Jan 2015, 19:41

Thank you for that good explanation.
I'm just asking because I'm running Chaos Calmer self compiled buildroot image on an Archer C7 (AC1750).
This device has TWO CPU ports. The default setting is having the one CPU port untagged in the vlan were LAN is and the other one untagged in the WAN vlan.
When I add vlan IDs though and then set the cpu port to tagged on all of this vlan, the device is not reachable any more at all. I let the other vlan (wan) as it is.
I thought I was doing something wrong but after reading what you wrote makes me think that it might not even be my fault.
I'll investigate a little further and keep you updated.

Post #5

nebbia88

30 Jan 2015, 19:53

maybe if you post your default config and your modifications someone (not me XD) could give you a hint

Post #6

mk24

30 Jan 2015, 20:02

Routers with two CPU ports usually have one for the dedicated purpose of the WAN ethernet port and the other one connected to the switch (a separate piece of hardware, though it may be integral to the main CPU chip, it is not logically part of the CPU), which then goes to the four LAN ethernet ports. This creates two interfaces eth0 and eth1.

A VLAN is to support different kinds of traffic on the same hardware interface. It generates 'virtual' interfaces such as eth0.12 which is to emit/accept packets tagged with VLAN 12 through the eth0 hardware port. When such a packet is emitted from the CPU, the switch then looks at its VLAN configuration and switches it to one or more of the ethernet cables.

To route or bridge traffic between two interfaces you must use a firewall or bridge configuration. Switch VLAN configuration affects only the interface (eth0) that has a switch. Since the eth1 port (WAN jack) is not connected to the switch-- instead it is directly to the CPU-- you cannot use hardware switching.

(Last edited by mk24 on 30 Jan 2015, 20:06)

Post #7

eduperez

30 Jan 2015, 22:39

As mk24 said, looks like your router has one CPU port for the WAN interface, and another one for the LAN interface.

When you create tagged VLANs on the CPU port, then all VLANs must be tagged on the CPU port. Then, you no longer have a ethx interface to connect to your LAN; you must adapt your configuration to use one of the ethx.y interfaces that corresponds with a VLAN; for example:

* In my router, eth0 corresponds with the internal switch that connects all LAN ports.
* I can configure my network on the eth0 interface, use a static IP address, and set up a DHCP server on the eth0 interface.
* Now I create two VLANs: VLAN1 is untagged on LAN ports 1 and 2, and tagged on CPU port; VLAN2 is untagged on LAN ports 3 and 4, and tagged on CPU port.
* I now have two separate networks, one comprises all computers connected to ports 1 and 2, plus the router; the other network comprises all computers connected to ports 3 and 4, plus the router.
* In my router, I can no longer use the eth0 interface: it would correspond to untagged packets on the CPU port, but there are no untagged VLANs on the CPU port now.
* Instead, I must configure two LANs, one on the eth0.1 interface, and the other one on the eth0.2 interface; each one can have a different IP address, and a separate DHCP server.

Post #8

juni

30 Jan 2015, 23:06

Sorry for holding information back.
This is how it works tested on vlan 5. Basically default config only vlan id changed doing all configs via luci
config interface 'lan'
option ifname 'eth1'
option type 'bridge'
option _orig_ifname 'eth1 wlan0'
option _orig_bridge 'true'
option proto 'dhcp'

config interface 'mesh_radio0'
option ifname 'adhoc0'
option mtu '1528'
option proto 'batadv'
option mesh 'bat0'

config interface 'wan'
option proto 'dhcp'
option type 'bridge'
option _orig_ifname 'eth0'
option _orig_bridge 'true'
option ifname 'eth0'

config interface 'wan6'
option ifname 'eth0'
option proto 'dhcpv6'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
option mirror_source_port '0'
option mirror_monitor_port '0'

config switch_vlan
option device 'switch0'
option vlan '3'
option vid '3'
option ports '1 5t 6'

config switch_vlan
option device 'switch0'
option vlan '5'
option vid '5'
option ports '0 2 5t'
config switch_vlan
option device 'switch0'
option vlan '7'
option ports '3 5t'
option vid '6'

config switch_vlan
option device 'switch0'
option vlan '8'
option ports '4 5t'
option vid '7'

config interface 'mesh_cable'
option proto 'batadv'
option ifname 'eth0.11'
option mesh 'bat0'
option mtu '1528'

This is how I save and apply it after which vlan 5 is not longer operational.
config interface 'lan'
option ifname 'eth1'
option type 'bridge'
option _orig_ifname 'eth1 wlan0'
option _orig_bridge 'true'
option proto 'dhcp'

config interface 'mesh_radio0'
option ifname 'adhoc0'
option mtu '1528'
option proto 'batadv'
option mesh 'bat0'

config interface 'wan'
option proto 'dhcp'
option type 'bridge'
option _orig_ifname 'eth0'
option _orig_bridge 'true'
option ifname 'eth0'

config interface 'wan6'
option ifname 'eth0'
option proto 'dhcpv6'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
option mirror_source_port '0'
option mirror_monitor_port '0'

config switch_vlan
option device 'switch0'
option vlan '1'
option vid '3'
option ports '1 5t 6t'

config switch_vlan
option device 'switch0'
option vlan '2'
option vid '5'
option ports '0t 2 5t'

config interface 'mesh_radio1'
option type 'bridge'
option _orig_ifname 'wlan1-1'
option _orig_bridge 'true'
option proto 'static'
option ip6addr 'fd5e:d3d9:ec93:3c4d::1'
option ifname 'eth0.12'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '11'
option ports '0t 3 5t'

config switch_vlan
option device 'switch0'
option vlan '4'
option vid '12'
option ports '0t 4 5t'

config interface 'mesh_cable'
option proto 'batadv'
option ifname 'eth0.11'
option mesh 'bat0'
option mtu '1528'

(Last edited by juni on 30 Jan 2015, 23:07)

Post #9

juni

30 Jan 2015, 23:10

Even when I s/eth0.1/eth1.1 I can't connect on a tagged switch port on vlan 5.

Post #10

juni

31 Jan 2015, 20:34

I actually did s/eth0.1/eth1.1 but also change: interface lan from eth1 to eth1.5.
Sorry, this was probably all my fault.
May my thread at least help someone in the future.

(Last edited by juni on 31 Jan 2015, 20:35)