User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
en:bpi-r2:network:start [2019/03/08 17:54]
frank [Netbridge]
en:bpi-r2:network:start [2020/04/14 14:58] (current)
frank [testing]
Line 267: Line 267:
 </​code>​ </​code>​
 ===== VLAN ===== ===== VLAN =====
 +vlan on dsa-ports need {{ :​en:​bpi-r2:​network:​0001-net-dsa-enable-vlan-without-bridge-on-dsa-user-port.patch | additional Patch}}
 /​etc/​network/​interfaces:​ /​etc/​network/​interfaces:​
Line 274: Line 276:
     address     address
     netmask     netmask
 +==== temporary ====
 +  ip addr add​24 dev lan1
 +  ip link set lan1 up
 +  ip link add link lan1 name vlan500 type vlan id 500
 +  ip addr add​24 dev vlan500
 +  ip link set vlan500 up
 +==== vlan aware bridge ====
 +With 4.16 vlan aware bridge support was added.
 +:!: vlan_filtering needs to be enabled before dsa-ports are added to the bridge, else all traffic (untagged too) is blocked after this setting.
 +#first create bridge with vlan-suport and add dsa-port(s)
 +ip link set eth0 up #ifconfig eth0 up
 +brctl addbr $BRDEV
 +ip add add $BRIP dev $BRDEV
 +ip link set $BRDEV type bridge vlan_filtering 1
 +brctl addif $BRDEV $LANDEV
 +ip link set $BRDEV up
 +ip link set $LANDEV up
 +#now adding vlan
 +bridge vlan add vid $VLAN dev $LANDEV master
 +bridge vlan add vid $VLAN dev $BRDEV self
 +ip link add link $BRDEV name $BRDEV.$VLAN type vlan id $VLAN
 +ip add add $VLANIP dev $BRDEV.$VLAN
 +ip link set $BRDEV.$VLAN up
 +bridge vlan show
 +==== testing ====
 +  sudo tcpdump -ei lan1 arp or icmp
 +-e shows link-layer information like vlan
 +  sudo tcpdump -XXi lan1 arp or icmp
 +shows arp and icmp-packets as hex-dump on the interface
 +offset 0x0c should show 8100 followed by hex-value of vlan-number (here vlan 500 = 0x01f4)
 +  12:​16:​26.491644 IP > frank-G5: ICMP echo reply, id 4294, seq 5, length 64
 + 0x0000: ​ 3c18 a003 c3a4 c63a 3897 5920 8100 01f4  <​......:​8.Y.....
 ===== Firewall (iptables) ===== ===== Firewall (iptables) =====
 [[iptables]] [[iptables]]
Line 279: Line 336:
   sudo tcpdump -i eth0 port not 22 > tcpdump.log   sudo tcpdump -i eth0 port not 22 > tcpdump.log
 +  sudo tcpdump -XXi lan1 arp or icmp
en/bpi-r2/network/start.1552064094.txt.gz · Last modified: 2019/03/08 17:54 by frank