diff options
Diffstat (limited to 'content/2023-05-24-openwrt-migrate-to-dsa/index.md')
-rw-r--r-- | content/2023-05-24-openwrt-migrate-to-dsa/index.md | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/content/2023-05-24-openwrt-migrate-to-dsa/index.md b/content/2023-05-24-openwrt-migrate-to-dsa/index.md new file mode 100644 index 0000000..89259ba --- /dev/null +++ b/content/2023-05-24-openwrt-migrate-to-dsa/index.md @@ -0,0 +1,96 @@ ++++ +title = "openwrt: Migrating to DSA" + +[taxonomies] +tags = ["openwrt", "dsa", "vlan", "linux"] ++++ + +After upgrading the routers in my home network to the latest `openwrt-22.03` +version, one of my routers, the [avm 7360sl][avm-7360sl], moved to the new +[distributed switch architecture][linux-dsa] (`DSA`). + +In my home network I currently run two separate networks each with their own +`VLANs` and an additional access point (**archer c7**) to extend the wifi +range. The access point and the **avm** router are connected via tagged ports +transferring tagged ethernet packets (VLAN trunk). +In the figure below the network setup is shown. + +<img src="home-nw.svg"> + +Since the **avm** box moved from `swconfig` to `DSA` I had to migrate my +current `VLAN` setup on the **avm** box. + +The description below documents this setup, and may be of help to anybody :^) + +## AVM 7360SL + +With `DSA` the switch ports appear as own devices, here the `lanX` devices. + +<img src="portal-devices.png"> + +VLANs are directly configured on the `bridge` devices and appear as sub-devices +of the bridge. See above, the `br-lan.10` and `br-lan.20` which correspond to +the VLANs 10 and 20. +The **Local** setting of the VLAN controls if the corresponding sub-device is +created or not. + +The **lan1** port is configured as **tagged (T)** for our VLANs. This means for +outgoing packets the VLAN tag is not removed and incoming packets should be +tagged. Additionally, we configured that incoming packets that are untagged +should be tagged with VLAN 99 **primary VLAN (U|*)**. This port is used as VLAN +trunk to connect the access point. + +<img src="portal-vlan-dsa.png"> + +For the configuration nothing has changed, besides using the new bridge +sub-devices. + +<img src="portal-interfaces.png"> + +## Archer C7 + +For completeness of the setup, the following shows the configuration of the +access point. + +The access point defines two networks `lan` and `guest` similar to the networks +defined on the router above. The interfaces bridge the following devices +together: +- **br-lan**: eth0.10 + home wifi +- **br-guest**: eth0.20 + guest wifi + +<img src="archer-interfaces.png"> + +> NOTE: The `guest` interface is setup as `unmanaged` because it does not need +> an IP address, since nobody connected to the guest network should be able to +> connect to the access point. The access point also does not define any +> firewall rules, as all firewall rules are centrally defined on the **avm** +> box. + +The switch is configured as shown below. The two interesting configurations are +that the **CPU (eth0)** interface is tagged for all VLANs and that the **LAN1** +port is tagged as well. + +<img src="archer-vlan-swconfig.png"> + +Similar to the avm setup above, the **LAN1** port is tagged for our VLANs and +hence used as VLAN trunk to connect to the avm router. + +The **eth0** port is tagged, such that we get sub-devices **eth0.10** and +**eth0.20** for use in our different networks. + +<img src="archer-devices.png"> + +## References + +- [DSA Mini-Tutorial][openwrt-dsa] +- [VLAN switch configuration][openwrt-vlan] +- [Switch documentation][openwrt-vlan] +- [AVM 7360SL][avm-7360sl] +- [TP-Link Archer C7][archer-c7] + +[linux-dsa]: https://www.kernel.org/doc/html/latest/networking/dsa/dsa.html +[avm-7360sl]: https://openwrt.org/toh/avm/fritz.box.wlan.7360 +[archer-c7]: https://openwrt.org/toh/tp-link/archer_c7 +[openwrt-dsa]: https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial +[openwrt-vlan]: https://openwrt.org/docs/guide-user/network/vlan/switch_configuration +[openwrt-swconf]: https://openwrt.org/docs/guide-user/network/vlan/switch |