make sure you can safemode or TTL before changing network/switch settings
: This page assumes you know what this is and why you want it. (Someone please add info or another page and a link).
If your device has more than 1 LAN port, it may contain a special connection between the different ports called switch. Most likely the internals may look like in the following picture
If you want to change how these ports are connected to each other you need to configure the switch of your device (see also network.interfaces)
Different routers have different switch layouts, so look at the Wiki for your specific device. The TP-Link Archer C7 has eth0 = WAN, and eth1 = LAN (the 4 switch ports). Port 0 of the switch = eth1 (labelled CPU in Luci), Port 6 = eth0. Port 1 is labelled WAN in Luci. Look at the wiki for your router. Every router is different. The popular TP-Link WDR4300 only has eth0.
ethN.Yare UP) and therefore every rule (routing for example) is applied. This could cause serious problem, for example if one relies on the automatic mechanism of routing metric when one route is not available anymore.
swconfig dev <switch_interface_name> show | grep linkor see swconfig
Some of the assumptions, does not see to add up with the provided diagram. Someone familiar with the matter, should either fix them or add a better explanation.
swconfigtype switch configuration
eth1. (Many are on
eth0) [Howto find out: → /proc/switch directory appears to contain the right eth number for the switch. please confirm], and also on chips like
vlan0is to be all external ports but the last one
vlan1is only the last external port [Howto find out which Port corresponds:]
vlan0is the default vlan, meaning if a packet is untagged, it will be treated a vlan0 packet
config 'switch' 'eth1' option 'enable' '1' option 'enable_vlan' '1' option 'reset' '1'
The number of the VLAN is specified on the
option vlan line. The VID (VLAN ID) associated with a VLAN is by default the same as the number of the VLAN. This is overridden by using an
option vid line so, for example, that VLAN 1 could use VID 100.
option ports line, a number indicates that the specified vlan includes the port with that number. If the number is followed by a "t" then packets transmitted out that port on this VLAN are tagged, and that packets received on that port may be received with this VLAN tag. 5 is generally the CPU or 'internal' port and is most often used as tagged. Other suffixes are ignored on devices using
swconfig but Broadcom kmod-switch style interfaces (
/proc/switch/) use "*" and "u" to indicate PVID and untagged ports respectively (as they have the CPU port implicitly tagged one needs to use "u" to untag it).
So, '0 1 2 3 5t' would mean that packets on this VLAN are transmitted untagged when leaving ports 0, 1, 2 and 3, but tagged when leaving port 5 (generally the CPU internal port as described above).
Tagged packets received on a port will be directed to the VLAN indicated by the VID contained in the packet. Untagged packets received on a port will be directed to the default port VLAN (usually called the PVID). A separate
config switch_port section is required to set the default port VLAN.
The relevant standards document is 801.2q which says that VID values 0 and 4095 may not be used for tagging packets as they denote reserved values - VID 0 is the default 'native' vlan - leaving 4094 valid values in between, although VID 1 is often reserved for network management (see Dell 2708 for example). This means vlan0 can be used as a VLAN within or between devices, but you cannot tag packets with it.
config 'switch_vlan' option 'vlan' '0' option 'device' 'eth1' option 'ports' '0 1 2 5t' config 'switch_vlan' option 'vlan' '1' option 'device' 'eth1' option 'ports' '3 5t' config 'switch_port' option 'port' '3' option 'pvid' '1'
VLAN interface sections look just like regular interface sections, except that instead of
eth0, or whatever), you have
eth1.1, etc. where a digit after a
. is a VLAN number. (that is, for kernel 2.6; 2.4 kernels do something different).
The following example is for a two-interface router, with eth0 being the WAN and eth1 being the five-port switch configured as above. It goes in
config 'interface' 'lan' option 'ifname' 'eth1.0' option 'proto' 'static' option 'ipaddr' '192.168.1.1' option 'netmask' '255.255.255.0' option 'defaultroute' '0' option 'peerdns' '0' option 'nat' '1' config 'interface' 'extranet' option 'ifname' 'eth1.1' option 'proto' 'dhcp' config 'interface' 'wan' option 'ifname' 'eth0.2' option 'proto' 'pppoe' option 'username' 'szabozsolt-em' option 'password' 'M3IuWBt4'
Of course, if you only had a five port switch on eth0 (and no other interfaces), you might make the
eth0.1 and the lan
eth0.0 with appropriately matching
See also backplane.
config 'switch' 'eth0' option 'enable' '1' config 'switch_vlan' 'eth0_0' option 'device' 'eth0' option 'vlan' '0' option 'ports' '4 5' #wan config 'switch_vlan' 'eth0_1' option 'device' 'eth0' option 'vlan' '1' option 'ports' '3 5' #lan 1 config 'switch_vlan' 'eth0_2' option 'device' 'eth0' option 'vlan' '2' option 'ports' '2 5' #lan2 config 'switch_vlan' 'eth0_3' option 'device' 'eth0' option 'vlan' '3' option 'ports' '1 5' #lan3 config 'switch_vlan' 'eth0_4' option 'device' 'eth0' option 'vlan' '4' option 'ports' '0 5' #lan4 #note that to use a particular port in an interface the ifname #should be 'devicename.vlan' . So for example ifname 'eth0.3'
More research on vlan on x86 devices has to be done to collect more information on the wiki.
The majority of x86 devices do not have any programmable switch, but it does not seem to be a problem. The syntax used on devices with programmable switches seems completely not necessary.
For example we want to create two 'virtual interfaces' associated to the same
eth1. To do this, we do the following in
..other lines... config interface lan1 option ifname eth1.100 ...further config... config interface lan2 option ifname eth1.101 ... further config ...According to what the contributors of this section have read online, so far seems that the packet will be tagged by default, because they are associated to one physical ports that at most will have one PVID (port vlan id) but more than one virtual interfaces. Therefore, having multiple virtual interfaces, the packets must be tagged else it won't make sense, they won't be able to reach the interfaces or to go out.
The tests seems to confirm that because (using a vmware switch and portgroups) to let two openwrt x86 vmware guests reach each other the portgroups had to be configured with the trunk vlan id (that is: vlan id 4095, According to white papers: VMware Virtual Networking Concepts and VMware ESX Server 3 802.1Q VLAN Solutions).
Side note: if different virtual interfaces related to different vlan are in the same logical network, there will be conflict in terms of metrics, in that case bridging the interfaces could be a solution (has to be tested).