User Tools

Site Tools


en:bpi-r2:network:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
en:bpi-r2:network:start [2019/03/08 17:54]
frank [Netbridge]
en:bpi-r2:network:start [2020/04/14 14:58] (current)
frank [testing]
Line 267: Line 267:
 </​code>​ </​code>​
 ===== VLAN ===== ===== VLAN =====
 +
 +vlan on dsa-ports need {{ :​en:​bpi-r2:​network:​0001-net-dsa-enable-vlan-without-bridge-on-dsa-user-port.patch | additional Patch}}
  
 /​etc/​network/​interfaces:​ /​etc/​network/​interfaces:​
Line 274: Line 276:
     address 192.168.60.10     address 192.168.60.10
     netmask 255.255.255.0     netmask 255.255.255.0
 +
 +==== temporary ====
 +
 +  ip addr add 192.168.40.11/​24 dev lan1
 +  ip link set lan1 up
 +  ip link add link lan1 name vlan500 type vlan id 500
 +  ip addr add 192.168.50.1/​24 dev vlan500
 +  ip link set vlan500 up
 +==== vlan aware bridge ====
 +
 +With 4.16 vlan aware bridge support was added.
 +
 +:!: vlan_filtering needs to be enabled before dsa-ports are added to the bridge, else all traffic (untagged too) is blocked after this setting.
 +
 +<​code>​
 +#!/bin/bash
 +BRDEV=br-lan
 +LANDEV=lan2
 +BRIP=192.168.40.11/​24
 +VLAN=500
 +VLANIP=192.168.50.11/​24
 +
 +#first create bridge with vlan-suport and add dsa-port(s)
 +ip link set eth0 up #ifconfig eth0 up
 +brctl addbr $BRDEV
 +ip add add $BRIP dev $BRDEV
 +ip link set $BRDEV type bridge vlan_filtering 1
 +brctl addif $BRDEV $LANDEV
 +ip link set $BRDEV up
 +ip link set $LANDEV up
 +
 +#now adding vlan
 +bridge vlan add vid $VLAN dev $LANDEV master
 +bridge vlan add vid $VLAN dev $BRDEV self
 +ip link add link $BRDEV name $BRDEV.$VLAN type vlan id $VLAN
 +ip add add $VLANIP dev $BRDEV.$VLAN
 +ip link set $BRDEV.$VLAN up
 +bridge vlan show
 +</​code>​
 +
 +==== testing ====
 +
 +  sudo tcpdump -ei lan1 arp or icmp
 +
 +-e shows link-layer information like vlan
 +
 +  sudo tcpdump -XXi lan1 arp or icmp
 +
 +shows arp and icmp-packets as hex-dump on the interface
 +
 +offset 0x0c should show 8100 followed by hex-value of vlan-number (here vlan 500 = 0x01f4)
 +
 +  12:​16:​26.491644 IP 192.168.50.11 > frank-G5: ICMP echo reply, id 4294, seq 5, length 64
 + 0x0000: ​ 3c18 a003 c3a4 c63a 3897 5920 8100 01f4  <​......:​8.Y.....
 +
 ===== Firewall (iptables) ===== ===== Firewall (iptables) =====
 [[iptables]] [[iptables]]
Line 279: Line 336:
  
   sudo tcpdump -i eth0 port not 22 > tcpdump.log   sudo tcpdump -i eth0 port not 22 > tcpdump.log
 +  sudo tcpdump -XXi lan1 arp or icmp
en/bpi-r2/network/start.1552064094.txt.gz · Last modified: 2019/03/08 17:54 by frank