[RFC PATCH v2 0/1] Introduce UCI support for configuring DSA VLAN filter rules
Martin Schiller
ms at dev.tdt.de
Thu Jun 17 00:31:26 PDT 2021
On 2021-04-28 14:39, Martin Schiller wrote:
> On 2021-03-26 10:30, Martin Schiller wrote:
>> On 2021-03-26 09:55, Martin Schiller wrote:
>>> On 2021-03-26 09:42, Felix Fietkau wrote:
>>>> On 2021-03-26 09:34, Martin Schiller wrote:
>>>>> On 2020-07-24 19:13, Felix Fietkau wrote:
>>>>>> On 2020-07-24 18:44, Jo-Philipp Wich wrote:
>>>>>>> Hi Felix,
>>>>>>>
>>>>>>>> [...]
>>>>>>>>
>>>>>>>> For a simple default config, you could have this:
>>>>>>>>
>>>>>>>> # network
>>>>>>>> config device
>>>>>>> option type bridge # I assume this is needed as well
>>>>>>>> option name switch0
>>>>>> Correct.
>>>>>>
>>>>>>>> config bridge-vlan
>>>>>>>> option vlan 1
>>>>>>>> option ports "lan1 lan2 lan3 lan4"
>>>>>>>>
>>>>>>>> config interface lan
>>>>>>>> option ifname switch0.1
>>>>>>>>
>>>>>>>>
>>>>>>>> # wireless
>>>>>>>>
>>>>>>>> config wifi-iface
>>>>>>>> option network lan
>>>>>>>>
>>>>>>>>
>>>>>>>> In this case, wlan0 would be added to switch0 and set to VLAN 1
>>>>>>>> untagged
>>>>>>>> by default.
>>>>>>>>
>>>>>>>> If you want it on VLAN 10 tagged/PVID instead, you could do:
>>>>>>>> option network-vlan "10:t*"
>>>>>>>>
>>>>>>>>
>>>>>>>> What do you think?
>>>>>>>
>>>>>>> I did think about it some more, also in context of a LuCI
>>>>>>> implementation and
>>>>>>> the special role of wifi and I am convinced now that this
>>>>>>> approach
>>>>>>> generally
>>>>>>> makes sense.
>>>>>>>
>>>>>>> However for the vlan I wonder if we should simply use "option vid
>>>>>>> 10"
>>>>>>> since
>>>>>>> setting anything besides an egress untagged pvid does not make
>>>>>>> sense
>>>>>>> for wifi.
>>>>>> I think more complex VLAN settings make sense for WDS if you want
>>>>>> to
>>>>>> carry multiple networks over the link.
>>>>>>
>>>>>>> So your second example above would become:
>>>>>>>
>>>>>>> config wifi-iface
>>>>>>> option network lan
>>>>>>> option vid 10 # instead of inheriting vid 1, use 10 as pvid
>>>>>>>
>>>>>>>
>>>>>>> Also, just to clarify... assuming a:
>>>>>>>
>>>>>>> config interface foo
>>>>>>> option ifname somevlanbridge0.456
>>>>>>>
>>>>>>> and an wifi iface without an explicit vid override:
>>>>>>>
>>>>>>> config wifi-iface
>>>>>>> option network foo
>>>>>>>
>>>>>>> ... we would inherit vid 456 and set as pvid, right? Or are we
>>>>>>> are
>>>>>>> always
>>>>>>> going to default to 1?
>>>>>> It would inherit 456 to keep it in sync with the VLAN based
>>>>>> network.
>>>>>>
>>>>>
>>>>> Is this functionality already integrated?
>>>>> I am testing with a xrx200 based system with the DSA mainline
>>>>> driver and
>>>>> a wifi interface and have the problem that the wlan0 interface is
>>>>> added
>>>>> to the bridge switch0 but the bridge vlan configuration for the
>>>>> wlan0
>>>>> interface is not set.
>>>> It's handled differently now.
>>>>
>>>> You can set lan's ifname to switch0.1 (without option type bridge)
>>>> and
>>>> use 'option network lan' in the wifi-iface. It will detect that the
>>>> lan
>>>> ifname is a vlan on top of a vlan-filtering bridge and will add
>>>> wlan0 to
>>>> switch0 and make it a member of lan's vlan.
>>>>
>>>
>>> Hmmm... I think that's what I've alread done. Here is my config:
>>>
>>> network:
>>> ---------
>>> config interface 'lan'
>>> option proto 'static'
>>> option ipaddr '192.168.X.Y'
>>> option netmask '255.255.255.0'
>>> option ifname 'switch0.1'
>>>
>>> config device
>>> option type 'bridge'
>>> option name 'switch0'
>>> list ifname 'lan1'
>>> list ifname 'lan2'
>>> list ifname 'lan3'
>>> list ifname 'lan4'
>>>
>>> config bridge-vlan
>>> option device 'switch0'
>>> option vlan '1'
>>> list ports 'lan1:u*'
>>> list ports 'lan2:u*'
>>> list ports 'lan3:u*'
>>> list ports 'lan4:u*'
>>>
>>> wireless:
>>> ----------
>>> config wifi-iface 'default_radio0'
>>> option device 'radio0'
>>> option mode 'ap'
>>> option encryption 'psk2'
>>> option ssid 'TETS-AP'
>>> option network 'lan'
>>> option key 'xxxxxxxxxxxxxxxxxxxxxxx'
>>> option wpa_disable_eapol_key_retries '1'
>>>
>>>
>>> Did I forget anything?
>>>
>>
>> `ubus call network.device status` shows:
>>
>>
>> ...
>> "switch0": {
>> "external": false,
>> "present": true,
>> "type": "bridge",
>> "up": true,
>> "carrier": true,
>> "bridge-members": [
>> "lan1",
>> "lan2",
>> "lan3",
>> "lan4",
>> "wlan0"
>> ],
>> "bridge-vlans": [
>> {
>> "id": 1,
>> "local": true,
>> "ports": [
>> "lan1",
>> "lan2",
>> "lan3",
>> "lan4"
>> ]
>> }
>> ],
>> ...
>>
>
> As you can see here, "wlan0" is added to the "bridge-members", but not
> to the "ports" of the "bridge-vlans"/"id":1. Maybe this is the problem?
>
With netifd commit 61a71e5e49c3 ("bridge: dynamically create vlans for
hotplug members) the behavior has changed in that now the wlan0
interface is added to the "ports" of the "bridge-vlans"/"id":1, but
unfortunately the lan ports are kicked out:
...
"switch0": {
"external": false,
"present": true,
"type": "bridge",
"up": true,
"carrier": true,
"auth_status": false,
"bridge-members": [
"lan1",
"lan2",
"lan3",
"lan4",
"wlan0"
],
"bridge-vlans": [
{
"id": 1,
"local": true,
"ports": [
"wlan0"
]
}
],
...
More information about the openwrt-devel
mailing list