This translation is older than the original page and might be outdated. See what has changed.

FIXME This page is not fully translated, yet. Please help completing the translation.
(remove this paragraph once the translation is finished)

网络基础知识 /etc/config/network

  • 这是一个典型家庭路由器的默认OpenWrt网络堆栈
  • 您的设备可能在功能或方案数值上略有不同
  • 注意,标签“WAN”和“LAN”的含义可能不同,这取决于它们的上下文
LuCi web GUI 说明
“Firewall” zones之间的通行规则 转发规则,流量规则,自定义规则
“Firewall”, “Interfaces” Network zone 配置 WAN (Zone) LAN (Zone)
“Interfaces” TCP配置和网桥配置 WAN WAN6 LAN (TCP and Bridge config)
“Switch”, “Wireless” VLANs 和 wireless SSIDs VLAN 2 (eth 0.2) VLAN 1 (eth 0.1) LEDE 5 LEDE 2.4
“Switch”, “Wireless” 内部网口标签和无线网卡标签 WAN (Interface) LAN 1 LAN 2 LAN 3 LAN 4 radio0 radio1
- 设备背面常见的厂商标签 “Internet” “1” “2” “3” “4” “n/ac” “b/g/n”

中央网络配置由uci network 子系统处理, 存储在文件 /etc/config/network中. uci子系统负责定义 switch VLANs, interface configurationsnetwork routes.

在任何网络配置更改(通过uci或其他方式)之后,你需要输入以下内容来重载网络配置:

service network reload

如果您安装的版本没有提供service命令,则可以使用:

/etc/init.d/network reload

多亏了netifd (网络接口守护进程), 更改后的接口将自动重启生效。 重启路由器不是必须的,但这也是强制配置重载的另一种方式。

这是一个TL-WR1043ND的默认network uci子系统配置示例

# uci show network
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd27:70fa:5c1d::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.1.1'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 3 4 5t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0 5t'

会生成如下配置在文件 /etc/config/network

# cat /etc/config/network
 
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
 
config globals 'globals'
        option ula_prefix 'fd27:70fa:5c1d::/48'
 
config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.1'
 
config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'
 
config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'
 
config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
 
config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 5t'
 
config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 5t'

执行以下操作查看接口列表:

ubus list network.interface.*

要查看关于特定接口(UCI名称而不是物理接口)的所有信息,输入:

ifstatus lan

路由器的最小网络配置通常包括至少两个 interfaces (lanwan) 和一个 switch 节(如果适用的话).

globals 节包含了影响一般网络配置的接口独立选项。

名称 类型 是否必须 默认 描述
ula_prefix IPv6-prefix no (none) IPv6 ULA-Prefix for this device
packet_steering Packet-Steering no (none) Use every cpu to handle packet traffic

interface类型的节声明逻辑网络作为IP地址配置的容器, aliases, routes, 物理接口名和 startfirewall_rules - 它们在OpenWrt配置概念中起着核心作用。

一个最小的接口声明由以下几行组成:

uci:

network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'

config file:

config 'interface' 'wan'
        option 'proto' 'dhcp'
        option 'ifname' 'eth0.2'
  • wan是唯一的logical interface name
  • dhcp表示interface protocol, DHCP是一种例子
  • eth0.2是与本节相关联的physical interface

Linux内核对physical interface name的长度限制为15个字符,包括为某些协议自动添加的前缀(例如6in4, pppoa-, pppoe-, gre4t-) or with bridges (br-).

根据协议类型, logical interface name因此可能被限制为9个字符。 例如'abcde67890'是使用dhcp的正常接口的有效接口名, 而最终名称为'pppoe-abcde67890'的pppoe接口不是, 它是 >15 个字符.

如果使用 .VLAN 记法, 可能需要额外的5个字符, 对于GRE这样的协议,“parent”接口名称限制为4个字符。 abcd.NNNNgre4t-abcd.NNNN for 15 characters.

使用太长的名称会导致静默错误,interface创建或修改不成功。

接口协议可能是以下之一:

协议 描述 程序
static 固定地址和子网掩码的静态配置 ip/ifconfig
dhcp 地址和子网掩码由DHCP分配 udhcpc (Busybox)
dhcpv6 地址和子网掩码由DHCPv6分配 odhcpc6c
ppp PPP协议-拨号调制解调器连接 pppd
pppoe 以太网上的PPP - DSL宽带连接 pppd + plugin rp-pppoe.so
pppoa 在ATM上的PPP -使用内置调制解调器的DSL连接 pppd + plugin ...
3g 使用at风格的3G调制解调器的CDMA, UMTS或GPRS连接 comgt
qmi 使用QMI协议的USB调制解调器 uqmi
ncm 使用NCM协议的USB调制解调器 comgt-ncm + ?
wwan 带有协议自动检测的USB调制解调器 wwan
hnet 自我管理家庭网络(HNCP) hnet-full
pptp 通过PPTP VPN连接 ?
6in4 IPv6-in-IPv4隧道,用于像HE.net这样的隧道代理 ?
aiccu Anything-in-anything隧道 aiccu
6to4 无状态IPv6 over IPv4传输 ?
6rd IPv6快速部署 6rd
dslite Dual-Stack Lite ds-lite
l2tp PPP通过L2TP伪线隧道 xl2tpd
relay relayd pseudo-bridge relayd
gre, gretap GRE over IPv4 gre + kmod-gre
grev6, grev6tap GRE over IPv6 gre + kmod-gre6
vti VTI over IPv4 vti + kmod-ip_vti
vtiv6 VTI over IPv6 vti + kmod-ip6_vti
vxlan 用于layer 2虚拟化的VXLAN协议, 参考here获取更多信息和配置示例 vxlan + kmod-vxlan + ip-full
none 未指定的协议, 因此所有其他接口设置将被忽略(如disabling配置) -

基于已使用的 interface protocol 可能还需要其他几个选项配合,来构成一个完整的接口声明. 下面列出了每种协议的相应选项。 如果使用了相应的协议,在 “是否必须” 列中标记为 “是” 的选项 必须 在接口部分中定义, 标记为 “否” 的选项 可以 定义也可以省略。

:!: 如果一个接口部分没有定义协议(或者定义为 none ), 其他设置将被完全忽略。 结果就是,如果接口部分提到一个物理网络接口 (例如 eth0), 即使连接了电缆这个接口也将是down的 (配置 proto 为 'none' 接口是 up 的)。

名称 类型 是否必须 默认值 描述
ifname 接口名称(们) 是(*) (none) 分配如 eth0.1, eth2, 或 tun0这样的物理接口名称到这一节,若type设置为bridge类型,则列出接口列表。
(*) 如果只有wireless interface引用了该网络,或者protocol type 为 pptp, pppoa or 6in4,则该选项可能为空或缺失
由于 WLAN(无线局域网,WLAN是Wireless Local Area Network的简称)接口名称可能是动态的或不可预测的,强烈建议 通过配置UCI wireless 配置中的 network 选项来分配桥接组关系1)
type string no (none) If set to “bridge”, a bridge containing the given ifnames, and any wireless networks assigned using the network option in UCI wireless configuration, is created
stp boolean no 0 Only valid for type “bridge”, enables the Spanning Tree Protocol
bridge_empty boolean no 0 Only valid for type “bridge”, enables creating empty bridges
igmp_snooping boolean no 0 Only valid for type “bridge”, sets the multicast_snooping kernel setting for a bridge
multicast_querier boolean no (takes over the value of igmp_snooping) Only valid for type “bridge”, sets the multicast_querier kernel setting for a bridge
macaddr mac address no (none) Override MAC address of this interface. Example: 62:11:22:aa:bb:cc
mtu number no (none) Override the default MTU on this interface
auto boolean no 0 for proto none, else 1 Specifies whether to bring up interface on boot
ipv6 boolean no 1 Specifies whether to enable (1) or disable (0) IPv6 on this interface (Barrier Breaker and later only)
accept_ra boolean no 1 for protocol dhcp, else 0 Specifies whether to accept IPv6 Router Advertisements on this interface deprecated:
send_rs boolean no 1 for protocol static, else 0 Specifies whether to send Router Solicitations on this interface deprecated:
force_link boolean no 1 for protocol static, else 0 Specifies whether ip address, route, and optionally gateway are assigned to the interface regardless of the link being active ('1') or only after the link has become active ('0'); when set to '1', carrier sense events do not invoke hotplug handlers
disabled boolean no 0 enable or disable the interface section
ip4table string no (none) IPv4 routing table for routes of this interface. E.g., when proto = dhcp, the dhcp client will add routes to that table
ip6table string no (none) IPv6 routing table for routes of this interface. E.g., when proto = dhcp6, the dhcp6 client will add routes to that table

See wan_interface_protocols for documentation on the protocol-specific options available for each WAN protocol.

The options _orig_ifname and _orig_bridge may be seen in /etc/config/network when managed by LuCI and were used to keep previous information across edits. They were moved out of ''/etc/config/network'' in March, 2018.

For many users, the default switch configuration is sufficient. Should the user need to configure the switch differently, LuCI, UCI, or direct editing of /etc/config/network may be used to achieve different configurations. Prior to any reconfiguration of the switch, an understanding of the default configuration is important. As an example, some devices have a single switch-connected interface, and other have two or more.

See also:

The identifier for the switch(es) may be obtained using

# swconfig list
Found: switch0 - ag71xx-mdio.0

With the identifier known, the configuration can be viewed

# swconfig dev switch0 show
Global attributes:
	enable_vlan: 1
	enable_mirror_rx: 0
	enable_mirror_tx: 0
	mirror_monitor_port: 0
	mirror_source_port: 0
	arl_age_time: 300
	arl_table: address resolution table
[...]

There are three types of switch-related configuration stanzas, switch, switch_vlan, and switch_port.

Not all options are available on all hardware. Some limitations may be found with swconfig dev <dev> help. After making changes, check the output of swconfig to determine if the configuration was accepted by the switch hardware.

FIXME: The list of options may be incomplete. The details of each option need additional discovery and documentation, including checking of the underlying code. The source of restrictions on value ranges has yet to be identified. Valid values should be confirmed in the code.

选项名称 类型 是否必须 默认值 效果 说明
name string (none) defines which switch to configure
reset boolean
enable_vlan boolean
enable_mirror_rx boolean 0 Mirror received packets from the mirror_source_port to the mirror_monitor_port
enable_mirror_tx boolean 0 Mirror transmitted packets from the mirror_source_port to the mirror_monitor_port
mirror_monitor_port integer 0 Switch port to which packets are mirrored
mirror_source_port integer 0 Switch port from which packets are mirrored
arl_age_time integer 否 300 Adjust the address-resolution (MAC) table's aging time (seconds) Default may differ by hardware
igmp_snooping boolean 0 Enable IGMP snooping Unconfirmed if can be set. Unknown how it interacts with interface- or port-level IGMP snooping.
igmp_v3 boolean 0 Unconfirmed if can be set. Unknown how it interacts with interface- or port-level IGMP snooping.
选项名称 类型 是否必须 默认值 效果 说明
device string (none) defines which switch to configure
vlan integer (none) The vlan “table index” to configure May be limited to 127 or another number. See the output of swconfig dev <dev> help for limit. Sets defaults for VLAN tag and PVID.
vid integer vlan The VLAN tag number to use See the output of swconfig dev <dev> help for limit. VLANs 0 and 4095 are often considered “special use”.
ports string (none) A string of space-separated port indicies that should be associated with the VLAN. Adding the suffix t to a port indicates that egress packets should be tagged, for example '0 1 3t 5t' The suffixes * and u are referred to in docs:guide-user:network:switch with reference to certain Broadcom switches in the context of older releases.
选项名称 类型 是否必须 默认值 效果 说明
device string (none) defines which switch to configure
port integer (none) The port index to configure
pvid integer Port PVID; the VLAN tag†† to assign to untagged ingress packets †Typically defaults one of the VLAN tags associated with the port. Logic not clear when there are multiple VLANs on the port. '0' can occur. Certain values have been rejected; logic not clear on limitations. ††May refer to the VLAN “index” rather than the VLAN tag itself (unconfirmed).
enable_eee boolean 0 Enable “energy saving” features
igmp_snooping boolean 0 Enable IGMP snooping Unconfirmed if can be set. Unknown how it interacts with interface- or switch-level IGMP snooping.
igmp_v3 boolean 0 Unconfirmed if can be set. Unknown how it interacts with interface- or switch-level IGMP snooping.

Network配置可以通过运行/etc/init.d/network restart重新生效。

单个接口可以用 ifup name启动 或者用 ifdown name 关闭,其中name对应于config interface节的logical interface name. ifup暗含了先调用ifdown 所以在重载interface时不需要同时调用这两个。

请注意,wireless interfaces是由外部管理的,而ifup可能会破坏与现有bridges的关系. 在这种情况下,为了重新建立网桥连接,需要在ifup之后运行wifi up

参见: Scripting interface


1)
要桥接无线接口和物理接口,因为无线接口名称是动态的,用当前查到的无线接口名称(例如wlan0-1)和物理接口名称(例如eth0),在/etc/config/network中配置桥接关系,随着路由重启,很可能会出问题,当然如果你在/etc/config/wireless中,指定了ifname选项也就是无线接口名称的值(例如为wlan0),然后在/etc/config/network中配置桥接关系
ifname 'eth0 wlan0'
type 'bridge'
这就不会有问题了。但是另一种更为常见的做法是在无线配置中来配置桥接组合关系,方法是:如果/etc/config/network配置的接口名称为lan
config interface 'lan'
则配置/etc/config/wireless中的network选项为lan,这就建立了一个比较可靠的桥接关系,这种关系可能不是特别直观,可以通过
brctl show
命令来查看
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2021/10/15 08:10
  • by bobafetthotmail