交换机手册(Switch Documentation)
: This page is very outdated and incomplete, from the era of kernel 2.6 or 3 and early UCI-driven configuration. If your device has multiple interfaces, the default configuration of VLANs will likely be very different than that described here.
参见:
Make sure you can safemode or TTL before changing network/switch settings
: 此页面假定您知道这是什么以及您想要它的原因。 (see switch_configuration).
如果你的设备含有不少于1个的LAN接口,那这个设备在不同的接口之间可能有一个被称为交换(switch)的特殊连接。大多数的内部构造如下图所示:
如果你想要更改这些端口如何互相连接的,你需要配置你的switch设备。 (see also network.interfaces)
不同的路由器有不同的交换机布局,因此请查看特定设备的 Wiki。TP-Link Archer C7 具有 eth0 = WAN和 eth1 = LAN(4 个交换机端口)。交换机的端口 0 = eth1(在 Luci 中标记为 CPU),端口 6 = eth0。端口 1在 Luci中标记为WAN 。查看您的路由器的 wiki。每个路由器都不一样。流行的TP-Link WDR4300只有eth0。
UCI config, swconfig style
已知问题
- if a switch interface (for the cpu point of view) is controlling several 'physical interfaces', every time than one physical interface is connected, then all the switch interface result connected (that means all the ports
ethN.Y
are UP) and therefore every rule (routing for example) is applied. This could cause serious problem, for example if one relies on the automatic mechanism of routing metric when one route is not available anymore.- One way to detect this is:
swconfig dev <switch_interface_name> show | grep link
or see swconfig
假设
Some of the assumptions, does not see to add up with the provided diagram. Someone familiar with the matter, should either fix them or add a better explanation.
- 设备运行在kernel 2.6 或 3 的版本
- 设备使用
swconfig
类型的switch配置 - ---------------------------------------------------
- swithc位于eth1上。(有许多是在eth0上,判断方法:/proc/switch目录包含了正确的设备号,请确认)[Howto find out:/proc/switch directory appears to contain the right eth number for the switch. please confirm],例如:rtl8366s的芯片.
- 5个接口的交换设备,其中0-3连接外部,4没有连接,5连接到CPU的eth1接口(which adds up to six ports except that 4 is not counted)
vlan0
仅表示所有的对外接口除了最后的那个。vlan1
仅表示最后的那个对外接口。[Howto find out which Port corresponds:]vlan0
是默认vlan,这意味着如果数据包是未加标签的,它将被视为vlan0的数据包。
配置
The Switch
# /etc/config/network config 'switch' 'eth1' option 'enable' '1' option 'enable_vlan' '1' option 'reset' '1'
VLAN: switch config
Notes
The number of the VLAN is specified on the option vlan
line. The VID (VLAN ID) associated with a VLAN is by default the same as the number of the VLAN. This is overridden by using an option vid
line so, for example, that VLAN 1 could use VID 100. For some hardware, the value of the vlan option may be limited to 127; exceeding this value may result in the VLAN not being configured at all.
In the option ports
line, a number indicates that the specified vlan includes the port with that number. If the number is followed by a “t” then packets transmitted out that port on this VLAN are tagged, and that packets received on that port may be received with this VLAN tag. 5 is generally the CPU or 'internal' port and is most often used as tagged. Other suffixes are ignored on devices using swconfig
but Broadcom kmod-switch style interfaces (/proc/switch/
) use “*” and “u” to indicate PVID and untagged ports respectively (as they have the CPU port implicitly tagged one needs to use “u” to untag it).
So, '0 1 2 3 5t' would mean that packets on this VLAN are transmitted untagged when leaving ports 0, 1, 2 and 3, but tagged when leaving port 5 (generally the CPU internal port as described above).
Tagged packets received on a port will be directed to the VLAN indicated by the VID contained in the packet. Untagged packets received on a port will be directed to the default port VLAN (usually called the PVID). A separate config switch_port
section is required to set the default port VLAN.
The relevant standards document is 801.2q which says that VID values 0 and 4095 may not be used for tagging packets as they denote reserved values - VID 0 is the default 'native' vlan - leaving 4094 valid values in between, although VID 1 is often reserved for network management (see Dell 2708 for example). This means vlan0 can be used as a VLAN within or between devices, but you cannot tag packets with it.
The config sections
# /etc/config/network config 'switch_vlan' option 'vlan' '0' option 'device' 'eth1' option 'ports' '0 1 2 5t' config 'switch_vlan' option 'vlan' '1' option 'device' 'eth1' option 'ports' '3 5t' config 'switch_port' option 'port' '3' option 'pvid' '1'
VLAN: interface/network config
VLAN interface sections look just like regular interface sections, except that instead of eth1
(or eth0
, or whatever), you have eth1.0
, eth1.1
, etc. where a digit after a .
is a VLAN number. (that is, for kernel 2.6; 2.4 kernels do something different).
The following example is for a two-interface router, with eth0 being the WAN and eth1 being the five-port switch configured as above. It goes in /etc/config/network
e.g.
# /etc/config/network config 'interface' 'lan' option 'ifname' 'eth1.0' option 'proto' 'static' option 'ipaddr' '192.168.1.1' option 'netmask' '255.255.255.0' option 'defaultroute' '0' option 'peerdns' '0' option 'nat' '1' config 'interface' 'extranet' option 'ifname' 'eth1.1' option 'proto' 'dhcp' config 'interface' 'wan' option 'ifname' 'eth0.2' option 'proto' 'pppoe' option 'username' 'szabozsolt-em' option 'password' 'M3IuWBt4'
Of course, if you only had a five port switch on eth0 (and no other interfaces), you might make the wan
interface eth0.1
and the lan eth0.0
with appropriately matching switch
, switch_vlan
and switch_port
sections.
See also backplane.
Examples
Example on the asus wl500gp v2 , openwrt 10.03, every physical port
# /etc/config/network config 'switch' 'eth0' option 'enable' '1' config 'switch_vlan' 'eth0_0' option 'device' 'eth0' option 'vlan' '0' option 'ports' '4 5' #wan config 'switch_vlan' 'eth0_1' option 'device' 'eth0' option 'vlan' '1' option 'ports' '3 5' #lan 1 config 'switch_vlan' 'eth0_2' option 'device' 'eth0' option 'vlan' '2' option 'ports' '2 5' #lan2 config 'switch_vlan' 'eth0_3' option 'device' 'eth0' option 'vlan' '3' option 'ports' '1 5' #lan3 config 'switch_vlan' 'eth0_4' option 'device' 'eth0' option 'vlan' '4' option 'ports' '0 5' #lan4 #note that to use a particular port in an interface the ifname #should be 'devicename.vlan' . So for example ifname 'eth0.3'
Example vmware linux guest, openwrt x86 generic 12.09 combined, 2virtualized intel e1000
More research on vlan on x86 devices has to be done to collect more information on the wiki.
The majority of x86 devices do not have any programmable switch, but it does not seem to be a problem. The syntax used on devices with programmable switches seems completely not necessary.
For example we want to create two 'virtual interfaces' associated to the same
physical interface, eth1
. To do this, we do the following in /etc/config/network
# /etc/config/network
...
config interface lan1
option ifname eth1.100
...
config interface lan2
option ifname eth1.101
...
According to what the contributors of this section have read online, so far seems that the packet will be tagged by default, because they are associated to one physical ports that at most will have one PVID (port vlan id) but more than one virtual interfaces. Therefore, having multiple virtual interfaces, the packets must be tagged else it won't make sense, they won't be able to reach the interfaces or to go out.
The tests seems to confirm that because (using a vmware switch and portgroups) to let two openwrt x86 vmware guests reach each other the portgroups had to be configured with the trunk vlan id (that is: vlan id 4095, According to white papers: VMware Virtual Networking Concepts and VMware ESX Server 3 802.1Q VLAN Solutions).
Side note: if different virtual interfaces related to different vlan are in the same logical network, there will be conflict in terms of metrics, in that case bridging the interfaces could be a solution (has to be tested).