Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:network:vlan:extend_router_ports_managed_switch [2018/08/23 15:01] – [Prerequired knowledge] Small typo apparaat | docs:guide-user:network:vlan:managed_switch [2020/08/06 22:44] – [Explanation of the need] vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== | + | ====== |
| ===== Prerequired knowledge ===== | ===== Prerequired knowledge ===== | ||
| See //Switch documentation// | See //Switch documentation// | ||
| Line 6: | Line 5: | ||
| ===== Explanation of the need ===== | ===== Explanation of the need ===== | ||
| You have a powerful machine running OpenWrt. | You have a powerful machine running OpenWrt. | ||
| - | // | + | // |
| - | network packets created by your activities by a big margin. | + | Like you create a flow of 50 Mbit and your device is able to process until 800 Mbit. |
| - | Like you create a flow of 50 Mbit and your device is able to | + | |
| - | process until 800 Mbit. | + | |
| - | The problem is: somehow you have several | + | The problem is: somehow you have several |
| - | using mwan3), or several internal connections for whatever reasons | + | |
| - | and the device does not have enough | + | |
| - | You can extend the eternet | + | You can extend the Ethernet |
| - | (and it means that you have a bit of money/ | + | |
| - | or small office scenario), | + | |
| ===== Configuring a managed switch with VLANs ===== | ===== Configuring a managed switch with VLANs ===== | ||
| - | The technology that enables an OpenWrt based device to be | + | The technology that enables an OpenWrt based device to be extended in terms of ports is VLAN. |
| - | extended in terms of ports is VLAN. | + | |
| - | ==== VLAN tips ==== | + | ==== Notes ==== |
| - | Some tips (normally a decent explanation of how the VLAN | + | * Most devices only use one VLAN by default (VLAN ID 1). The instructions that follow assume this is the case. Double check before proceeding. |
| - | works is included in the switch' | + | * VLAN IDs match the virtual interfaces listed by ifconfig, i.e. a VLAN with ID 3 will show as ethX.3 (where X is your real interface, e.g. eth0). |
| + | * VLAN IDs should be identical across all network devices. | ||
| + | * A port can have three states: Off (not part of a specific VLAN), Untagged (when part of the default VLAN, or of more than one VLAN), Tagged (when part of two or more VLANs). | ||
| + | * For a lot of switches, a port that is part of multiple VLANs needs to be set to Tagged in every single VLAN it is part of. Make sure to check whether your hardware supports mixing tagged/ | ||
| + | * Every VLAN should also include the CPU (tagged by default). | ||
| + | * The VLAN definitions use **internal port numbers**. Make sure you have identified the ports correctly. Quite a few devices (e.g. the [[toh: | ||
| + | * Creating a new VLAN with port X already part of another VLAN means port X should be set to tagged **in all the existing VLAN(s) it is part of. Failure to do so may render your switch inoperable.** We cannot stress this enough! Only certain switches support ports being untagged in one and tagged in another VLAN at the same time. | ||
| + | * For a guest WLAN, only the port(s) connecting a network device to another one should be part of the VLAN. In practice, this means that in a router - access point setup, on each device only the port connecting to the other network device goes into the VLAN. | ||
| + | |||
| + | Some tips (normally a decent explanation of how the VLAN works is included in the switch' | ||
| An **untagged** port, with VID X, in a switch assign the VLAN tag X to incoming packets. | An **untagged** port, with VID X, in a switch assign the VLAN tag X to incoming packets. | ||
| - | When the packet is leaving the untagged port, | + | When the packet is leaving the untagged port, and was tagged with the VID X, the VLAN tag is removed. |
| - | and was tagged with the VID X, the VLAN tag is removed. | + | |
| This helps, for example, to communicate between tagged and untagged ports. | This helps, for example, to communicate between tagged and untagged ports. | ||
| - | A packet without VID, going inside an untagged port, | + | A packet without VID, going inside an untagged port, gets the VID X and can be routed out other ports belonging to the same VID (apart from bridged ports). |
| - | gets the VID X and can be routed out other ports | + | |
| - | belonging to the same VID (apart from bridged ports). | + | |
| - | A **tagged** port, with VID Y, accepts only packets tagged | + | A **tagged** port, with VID Y, accepts only packets tagged with the VID Y in input, while let packets tagged with VID Y going out to the port. Note that one port could be untagged only once, while can be tagged with several VID. |
| - | with the VID Y in input, while let packets tagged with VID Y | + | |
| - | going out to the port. Note that one port could be untagged only | + | |
| - | once, while can be tagged with several VID. | + | |
| With a brief schema you have: | With a brief schema you have: | ||
| - | <file> | + | <code> |
| internal stack of the switch | internal stack of the switch | ||
| | | | | ||
| Line 80: | Line 75: | ||
| + XX | + XX | ||
| - | </file> | + | </code> |
| ==== Configuration ==== | ==== Configuration ==== | ||
| Line 87: | Line 82: | ||
| So the ports 9-16 of the switch will retain the VID 1, and be untagged, with the VID 1 used also for management. | So the ports 9-16 of the switch will retain the VID 1, and be untagged, with the VID 1 used also for management. | ||
| - | Then we create the VID 100 to assign it to trunks or hybrid ports (a **trunk** is a port that is assigned to all the VLAN IDs, and **hybrid** port is a port assigned to some VIDs) | + | Then we create the VID 100 to assign it to trunks or hybrid ports (a **trunk** is a port that is assigned to all the VLAN IDs, and **hybrid** port is a port assigned to some VIDs). |
| - | '' | + | Then we assign: |
| - | The port 2 to the VID 102 untagged. | + | - The port 1 to the VID 101 untagged. |
| - | The port 3 to the VID 103 untagged. | + | |
| - | The port 4 to the VID 104 untagged. | + | |
| - | The port 5 to the VID 105 untagged. | + | |
| - | The port 6 to the VID 106 untagged. | + | |
| - | The port 7 to the VID 107 untagged. | + | |
| - | The port 8 to the VID 100 untagged and VID 101 to 107 tagged.'' | + | |
| - | This because we want that the packets coming from the port 1 to the port 107 | + | This because we want that the packets coming from the port 1 to the port 107 can pass through the port 8, and the **tagged** packets coming from the port 8 can pass through the ports 1 to 7, without tag (because other devices could not recognize the tag or reject the packet if tagged). |
| - | can pass through the port 8, and the **tagged** packets coming from the port 8 | + | |
| - | can pass through the ports 1 to 7, without tag (because other devices could | + | |
| - | not recognize the tag or reject the packet if tagged). | + | |
| ===== Configuring an OpenWrt router ===== | ===== Configuring an OpenWrt router ===== | ||
| Line 108: | Line 98: | ||
| ==== With programmable switch ==== | ==== With programmable switch ==== | ||
| On a TP-Link [[toh: | On a TP-Link [[toh: | ||
| - | < | ||
| - | #/ | ||
| - | ...lines... | + | <code bash> |
| + | # / | ||
| + | |||
| + | ... | ||
| config switch | config switch | ||
| Line 138: | Line 129: | ||
| list comment | list comment | ||
| | | ||
| - | ...lines... | + | ... |
| config interface ' | config interface ' | ||
| Line 156: | Line 147: | ||
| option metric | option metric | ||
| - | ...lines... | + | ... |
| - | </file> | + | </code> |
| ==== Without programmable switch ==== | ==== Without programmable switch ==== | ||
| On a routerOS metarouter or a x86 device with have something similar to this. | On a routerOS metarouter or a x86 device with have something similar to this. | ||
| - | <file> | + | <code bash> |
| - | #/ | + | # / |
| - | ...lines... | + | ... |
| config interface ' | config interface ' | ||
| Line 183: | Line 174: | ||
| option metric | option metric | ||
| - | ...lines... | + | ... |
| - | </file> | + | </code> |
| ===== Conclusion ===== | ===== Conclusion ===== | ||
| - | In this way you have your extended router with way more ports, overcoming the limits | + | In this way you have your extended router with way more ports, overcoming the limits of the table of hardware that actually does not offer any device with more than 5 gigabit ports easy to install (the Mikrotik |
| - | of the table of hardware that actually does not offer any device with more than 5 gigabit | + | |
| - | ports easy to install (the mikrotik | + | |
| - | The limits to take care of are: how much traffic will pass through a port, | + | The limits to take care of are: how much traffic will pass through a port, normally for SOHO even combining multiple |
| - | normally for SOHO even combining multiple | + | |
| - | and the processing power of the device itself (that will be under stress already for checking the vlan tag) | + | |
| - | with OpenWrt (that sometimes cannot use hardware acceleration), | + | |
| But this could enable the usage of very powerful devices with just 2 ports, for example. | But this could enable the usage of very powerful devices with just 2 ports, for example. | ||
| ===== Practical applications for productive work ===== | ===== Practical applications for productive work ===== | ||
| - | + | ==== How to configure the managed switch with VLAN allowed ==== | |
| - | == How to configure the managed switch with VLAN allowed == | + | |
| === Reserving and grouping ports in rows or ' | === Reserving and grouping ports in rows or ' | ||
| - | So the idea is to reserve some ports in a managed switch with VLANs | + | So the idea is to reserve some ports in a managed switch with VLANs to configure them as extension for a OpenWrt based gateway. |
| - | to configure them as extension for a OpenWrt based gateway. | + | A point that should not be underestimated is how to choose and reserve ports for specific roles. For now we can decide to divide the role of the ports in two main groups: //external connection// |
| - | A point that should not be underestimated is how to choose and reserve ports | + | This because if we do not reserve enough ports, in case of small expansion of the network needs, we end up on a switch that has a minefield (and no clear structure) of VLANs. Furthermore consider that we are going to use one gigabit port as connection to the router, therefore we expect that the traffic on every port is way less than one gigabit, else we have congestion. |
| - | for specific roles. For now we can decide to divide the role of the ports | + | In our case the traffic generated between logical networks is less than 50 Mbit on average, even if a gigabit port has to channel several logical networks |
| - | in two main groups: //external connection// | + | |
| - | This because if we do not reserve enough ports, in case of small expansion | + | |
| - | of the network needs, we end up on a switch that has a minefield (and no | + | |
| - | clear structure) of Vlans. Furthermore consider that we are going to use | + | |
| - | one gigabit port as connection to the router, therefore we expect that the | + | |
| - | traffic on every port is way less than one gigabit, else we have congestion. | + | |
| - | In our case the traffic generated between logical networks is less than 50 Mbit on | + | |
| - | average, even if a gigabit port has to channel several logical networks | + | |
| it will be enough. | it will be enough. | ||
| - | Of course the solution is not extremely scalable but for small networks | + | Of course the solution is not extremely scalable but for small networks (the ones covered by us), it is way enough. |
| - | (the ones covered by us), it is way enough. | + | |
| - | So for example ' | + | So for example ' |
| - | and currently we can assume that is unlikely | + | |
| - | that we will deploy more than 3 wan connections (mostly we deploy 2 wan, and in the case we | + | |
| - | upgrade the single wan connection). | + | |
| Therefore we can define 4 ports for the wan connections. | Therefore we can define 4 ports for the wan connections. | ||
| - | Why 4? Three ports are needed for connecting | + | Why 4? Three ports are needed for connecting |
| - | modem provided by the ISP, one port will be the port that will send | + | |
| - | the data to the gateway, the port will be either a trunk or a hybrid port. | + | |
| - | The same applies for internal connections. We should see the port on the | + | The same applies for internal connections. We should see the port on the switch as ' |
| - | switch as ' | + | |
| - | even internal network ports should be defined. For internal networks | + | |
| - | the number of assigned port should be a bit ' | + | |
| - | since internal necessities can arise and we want to have a standard that | + | |
| - | does not change every moment. | + | |
| - | The internal logical network that is likely that could be covered are: | + | The internal logical network that is likely that could be covered are: voip, lan, lan2 (another company or an old network), wifi. So mostly 4. |
| - | voip, lan, lan2 (another company or an old network), wifi. So mostly 4. | + | We can put a bit of margin, because creating an internal need is way more cheap than creating another contract for wan connection, so let's extend to 7, so we have 8 port used (one has to go to the router). |
| - | We can put a bit of margin, because creating an internal need is way | + | |
| - | more cheap than creating another contract for wan connection, so let's | + | |
| - | extend to 7, so we have 8 port used (one has to go to the router). | + | |
| - | Now it is about grouping. Mostly we will use switches with 16 ports until 48, | + | Now it is about grouping. Mostly we will use switches with 16 ports until 48, and those normally have 2 rows of Ethernet |
| - | and those normally have 2 rows of ethernet | + | |
| One way is to use rows, one way is to use nibbles (that are rectangular grouping). | One way is to use rows, one way is to use nibbles (that are rectangular grouping). | ||
| - | We will see later how to use nibbles, because using a row of N contiguous ports | + | We will see later how to use nibbles, because using a row of N contiguous ports it is the simpler way. |
| - | it is the simpler way. | + | |
| === Assigning VLANS === | === Assigning VLANS === | ||
| We decide to assign to external ports VLAN PVID starting from 101 to 199 (consider that we have until 4095), | We decide to assign to external ports VLAN PVID starting from 101 to 199 (consider that we have until 4095), | ||
| - | while we can assign 201 to 299 for internal ports. While the hybrid/ | + | while we can assign 201 to 299 for internal ports. While the hybrid/ |
| - | 100 or 200. | + | |
| - | + | ||
| - | With a 24 port switch like an **hp 1810-24 j9803A** we can use 12 ports like this | + | |
| - | (note that we assign the logical network numbers following the numbers of the device | + | |
| - | for easy of maintenance. This is one of the small factor in our | + | |
| - | ' | + | |
| + | With a 24 port switch like an **hp 1810-24 j9803A** we can use 12 ports like this (note that we assign the logical network numbers following the numbers of the device for easy of maintenance. This is one of the small factor in our ' | ||
| | @FFFF00: | | @FFFF00: | ||
| - | | @FFFF00: | + | | @FFFF00: |
| You can see the rectangular grouping called also ' | You can see the rectangular grouping called also ' | ||
| - | An advantage of not using ' | + | An advantage of not using ' |
| - | and we do not risk that a port is sending data also to an unwanted port. | + | |
| === Example configuration === | === Example configuration === | ||
| + | An example of configuration to use part of the managed switch configuration. | ||
| - | An example of configuration to use part of the managed switch configuration | + | < |
| - | + | ||
| - | < | + | |
| # Copyright (C) 2006 OpenWrt.org | # Copyright (C) 2006 OpenWrt.org | ||
| Line 394: | Line 346: | ||
| config route | config route | ||
| - | list comment ' | + | list comment ' |
| list comment 'with different metric' | list comment 'with different metric' | ||
| option interface | option interface | ||
| Line 403: | Line 355: | ||
| config route | config route | ||
| - | list comment ' | + | list comment ' |
| list comment 'with different metric' | list comment 'with different metric' | ||
| option interface | option interface | ||
| Line 412: | Line 364: | ||
| config route | config route | ||
| - | list comment ' | + | list comment ' |
| list comment 'with different metric' | list comment 'with different metric' | ||
| option interface | option interface | ||