[RFC PATCH v2 0/1] Introduce UCI support for configuring DSA VLAN filter rules
Martin Schiller
ms at dev.tdt.de
Fri Mar 26 09:30:37 GMT 2021
On 2021-03-26 09:55, Martin Schiller wrote:
> On 2021-03-26 09:42, Felix Fietkau wrote:
>> On 2021-03-26 09:34, Martin Schiller wrote:
>>> On 2020-07-24 19:13, Felix Fietkau wrote:
>>>> On 2020-07-24 18:44, Jo-Philipp Wich wrote:
>>>>> Hi Felix,
>>>>>
>>>>>> [...]
>>>>>>
>>>>>> For a simple default config, you could have this:
>>>>>>
>>>>>> # network
>>>>>> config device
>>>>> option type bridge # I assume this is needed as well
>>>>>> option name switch0
>>>> Correct.
>>>>
>>>>>> config bridge-vlan
>>>>>> option vlan 1
>>>>>> option ports "lan1 lan2 lan3 lan4"
>>>>>>
>>>>>> config interface lan
>>>>>> option ifname switch0.1
>>>>>>
>>>>>>
>>>>>> # wireless
>>>>>>
>>>>>> config wifi-iface
>>>>>> option network lan
>>>>>>
>>>>>>
>>>>>> In this case, wlan0 would be added to switch0 and set to VLAN 1
>>>>>> untagged
>>>>>> by default.
>>>>>>
>>>>>> If you want it on VLAN 10 tagged/PVID instead, you could do:
>>>>>> option network-vlan "10:t*"
>>>>>>
>>>>>>
>>>>>> What do you think?
>>>>>
>>>>> I did think about it some more, also in context of a LuCI
>>>>> implementation and
>>>>> the special role of wifi and I am convinced now that this approach
>>>>> generally
>>>>> makes sense.
>>>>>
>>>>> However for the vlan I wonder if we should simply use "option vid
>>>>> 10"
>>>>> since
>>>>> setting anything besides an egress untagged pvid does not make
>>>>> sense
>>>>> for wifi.
>>>> I think more complex VLAN settings make sense for WDS if you want to
>>>> carry multiple networks over the link.
>>>>
>>>>> So your second example above would become:
>>>>>
>>>>> config wifi-iface
>>>>> option network lan
>>>>> option vid 10 # instead of inheriting vid 1, use 10 as pvid
>>>>>
>>>>>
>>>>> Also, just to clarify... assuming a:
>>>>>
>>>>> config interface foo
>>>>> option ifname somevlanbridge0.456
>>>>>
>>>>> and an wifi iface without an explicit vid override:
>>>>>
>>>>> config wifi-iface
>>>>> option network foo
>>>>>
>>>>> ... we would inherit vid 456 and set as pvid, right? Or are we are
>>>>> always
>>>>> going to default to 1?
>>>> It would inherit 456 to keep it in sync with the VLAN based network.
>>>>
>>>
>>> Is this functionality already integrated?
>>> I am testing with a xrx200 based system with the DSA mainline driver
>>> and
>>> a wifi interface and have the problem that the wlan0 interface is
>>> added
>>> to the bridge switch0 but the bridge vlan configuration for the wlan0
>>> interface is not set.
>> It's handled differently now.
>>
>> You can set lan's ifname to switch0.1 (without option type bridge) and
>> use 'option network lan' in the wifi-iface. It will detect that the
>> lan
>> ifname is a vlan on top of a vlan-filtering bridge and will add wlan0
>> to
>> switch0 and make it a member of lan's vlan.
>>
>
> Hmmm... I think that's what I've alread done. Here is my config:
>
> network:
> ---------
> config interface 'lan'
> option proto 'static'
> option ipaddr '192.168.X.Y'
> option netmask '255.255.255.0'
> option ifname 'switch0.1'
>
> config device
> option type 'bridge'
> option name 'switch0'
> list ifname 'lan1'
> list ifname 'lan2'
> list ifname 'lan3'
> list ifname 'lan4'
>
> config bridge-vlan
> option device 'switch0'
> option vlan '1'
> list ports 'lan1:u*'
> list ports 'lan2:u*'
> list ports 'lan3:u*'
> list ports 'lan4:u*'
>
> wireless:
> ----------
> config wifi-iface 'default_radio0'
> option device 'radio0'
> option mode 'ap'
> option encryption 'psk2'
> option ssid 'TETS-AP'
> option network 'lan'
> option key 'xxxxxxxxxxxxxxxxxxxxxxx'
> option wpa_disable_eapol_key_retries '1'
>
>
> Did I forget anything?
>
`ubus call network.device status` shows:
...
"switch0": {
"external": false,
"present": true,
"type": "bridge",
"up": true,
"carrier": true,
"bridge-members": [
"lan1",
"lan2",
"lan3",
"lan4",
"wlan0"
],
"bridge-vlans": [
{
"id": 1,
"local": true,
"ports": [
"lan1",
"lan2",
"lan3",
"lan4"
]
}
],
...
More information about the openwrt-devel
mailing list