From c67f71782d24180ce2e3a16112018dc095dba09f Mon Sep 17 00:00:00 2001 From: Johannes Stoelp Date: Wed, 24 May 2023 23:20:42 +0200 Subject: openwrt: migration to dsa --- .../archer-devices.png | Bin 0 -> 70408 bytes .../archer-interfaces.png | Bin 0 -> 72284 bytes .../archer-vlan-swconfig.png | Bin 0 -> 71924 bytes .../home-nw.drawio | 97 +++++++++++++++++++++ .../2023-05-24-openwrt-migrate-to-dsa/home-nw.svg | 4 + content/2023-05-24-openwrt-migrate-to-dsa/index.md | 96 ++++++++++++++++++++ .../portal-devices.png | Bin 0 -> 97482 bytes .../portal-interfaces.png | Bin 0 -> 76418 bytes .../portal-vlan-dsa.png | Bin 0 -> 33516 bytes 9 files changed, 197 insertions(+) create mode 100644 content/2023-05-24-openwrt-migrate-to-dsa/archer-devices.png create mode 100644 content/2023-05-24-openwrt-migrate-to-dsa/archer-interfaces.png create mode 100644 content/2023-05-24-openwrt-migrate-to-dsa/archer-vlan-swconfig.png create mode 100644 content/2023-05-24-openwrt-migrate-to-dsa/home-nw.drawio create mode 100644 content/2023-05-24-openwrt-migrate-to-dsa/home-nw.svg create mode 100644 content/2023-05-24-openwrt-migrate-to-dsa/index.md create mode 100644 content/2023-05-24-openwrt-migrate-to-dsa/portal-devices.png create mode 100644 content/2023-05-24-openwrt-migrate-to-dsa/portal-interfaces.png create mode 100644 content/2023-05-24-openwrt-migrate-to-dsa/portal-vlan-dsa.png (limited to 'content') diff --git a/content/2023-05-24-openwrt-migrate-to-dsa/archer-devices.png b/content/2023-05-24-openwrt-migrate-to-dsa/archer-devices.png new file mode 100644 index 0000000..f0a6142 Binary files /dev/null and b/content/2023-05-24-openwrt-migrate-to-dsa/archer-devices.png differ diff --git a/content/2023-05-24-openwrt-migrate-to-dsa/archer-interfaces.png b/content/2023-05-24-openwrt-migrate-to-dsa/archer-interfaces.png new file mode 100644 index 0000000..7a60c81 Binary files /dev/null and b/content/2023-05-24-openwrt-migrate-to-dsa/archer-interfaces.png differ diff --git a/content/2023-05-24-openwrt-migrate-to-dsa/archer-vlan-swconfig.png b/content/2023-05-24-openwrt-migrate-to-dsa/archer-vlan-swconfig.png new file mode 100644 index 0000000..4cc981d Binary files /dev/null and b/content/2023-05-24-openwrt-migrate-to-dsa/archer-vlan-swconfig.png differ diff --git a/content/2023-05-24-openwrt-migrate-to-dsa/home-nw.drawio b/content/2023-05-24-openwrt-migrate-to-dsa/home-nw.drawio new file mode 100644 index 0000000..0deba95 --- /dev/null +++ b/content/2023-05-24-openwrt-migrate-to-dsa/home-nw.drawio @@ -0,0 +1,97 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/content/2023-05-24-openwrt-migrate-to-dsa/home-nw.svg b/content/2023-05-24-openwrt-migrate-to-dsa/home-nw.svg new file mode 100644 index 0000000..32b8698 --- /dev/null +++ b/content/2023-05-24-openwrt-migrate-to-dsa/home-nw.svg @@ -0,0 +1,4 @@ + + + +
Internet
Internet
AVM 7360SL
AVM 7360SL
ADSL
ADSL
LAN2
LAN2
LAN3
LAN3
LAN4
LAN4
Archer C7
Archer C7
LAN2
LAN2
LAN3
LAN3
LAN4
LAN4
Networks
- HOME  192.168.1.0/24 (VLAN 10)
- GUEST 10.0.0.0/24    (VALN 20)
Networks...
Wifi | HOME
Wifi | HOME
Wifi | GUEST
Wifi | GUEST
VLAN trunk
VLAN trunk
LAN1
LAN1
LAN1
LAN1
Firewall
FirewallText is not SVG - cannot display \ No newline at end of file diff --git a/content/2023-05-24-openwrt-migrate-to-dsa/index.md b/content/2023-05-24-openwrt-migrate-to-dsa/index.md new file mode 100644 index 0000000..89259ba --- /dev/null +++ b/content/2023-05-24-openwrt-migrate-to-dsa/index.md @@ -0,0 +1,96 @@ ++++ +title = "openwrt: Migrating to DSA" + +[taxonomies] +tags = ["openwrt", "dsa", "vlan", "linux"] ++++ + +After upgrading the routers in my home network to the latest `openwrt-22.03` +version, one of my routers, the [avm 7360sl][avm-7360sl], moved to the new +[distributed switch architecture][linux-dsa] (`DSA`). + +In my home network I currently run two separate networks each with their own +`VLANs` and an additional access point (**archer c7**) to extend the wifi +range. The access point and the **avm** router are connected via tagged ports +transferring tagged ethernet packets (VLAN trunk). +In the figure below the network setup is shown. + + + +Since the **avm** box moved from `swconfig` to `DSA` I had to migrate my +current `VLAN` setup on the **avm** box. + +The description below documents this setup, and may be of help to anybody :^) + +## AVM 7360SL + +With `DSA` the switch ports appear as own devices, here the `lanX` devices. + + + +VLANs are directly configured on the `bridge` devices and appear as sub-devices +of the bridge. See above, the `br-lan.10` and `br-lan.20` which correspond to +the VLANs 10 and 20. +The **Local** setting of the VLAN controls if the corresponding sub-device is +created or not. + +The **lan1** port is configured as **tagged (T)** for our VLANs. This means for +outgoing packets the VLAN tag is not removed and incoming packets should be +tagged. Additionally, we configured that incoming packets that are untagged +should be tagged with VLAN 99 **primary VLAN (U|*)**. This port is used as VLAN +trunk to connect the access point. + + + +For the configuration nothing has changed, besides using the new bridge +sub-devices. + + + +## Archer C7 + +For completeness of the setup, the following shows the configuration of the +access point. + +The access point defines two networks `lan` and `guest` similar to the networks +defined on the router above. The interfaces bridge the following devices +together: +- **br-lan**: eth0.10 + home wifi +- **br-guest**: eth0.20 + guest wifi + + + +> NOTE: The `guest` interface is setup as `unmanaged` because it does not need +> an IP address, since nobody connected to the guest network should be able to +> connect to the access point. The access point also does not define any +> firewall rules, as all firewall rules are centrally defined on the **avm** +> box. + +The switch is configured as shown below. The two interesting configurations are +that the **CPU (eth0)** interface is tagged for all VLANs and that the **LAN1** +port is tagged as well. + + + +Similar to the avm setup above, the **LAN1** port is tagged for our VLANs and +hence used as VLAN trunk to connect to the avm router. + +The **eth0** port is tagged, such that we get sub-devices **eth0.10** and +**eth0.20** for use in our different networks. + + + +## References + +- [DSA Mini-Tutorial][openwrt-dsa] +- [VLAN switch configuration][openwrt-vlan] +- [Switch documentation][openwrt-vlan] +- [AVM 7360SL][avm-7360sl] +- [TP-Link Archer C7][archer-c7] + +[linux-dsa]: https://www.kernel.org/doc/html/latest/networking/dsa/dsa.html +[avm-7360sl]: https://openwrt.org/toh/avm/fritz.box.wlan.7360 +[archer-c7]: https://openwrt.org/toh/tp-link/archer_c7 +[openwrt-dsa]: https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial +[openwrt-vlan]: https://openwrt.org/docs/guide-user/network/vlan/switch_configuration +[openwrt-swconf]: https://openwrt.org/docs/guide-user/network/vlan/switch diff --git a/content/2023-05-24-openwrt-migrate-to-dsa/portal-devices.png b/content/2023-05-24-openwrt-migrate-to-dsa/portal-devices.png new file mode 100644 index 0000000..f3467cb Binary files /dev/null and b/content/2023-05-24-openwrt-migrate-to-dsa/portal-devices.png differ diff --git a/content/2023-05-24-openwrt-migrate-to-dsa/portal-interfaces.png b/content/2023-05-24-openwrt-migrate-to-dsa/portal-interfaces.png new file mode 100644 index 0000000..d14969d Binary files /dev/null and b/content/2023-05-24-openwrt-migrate-to-dsa/portal-interfaces.png differ diff --git a/content/2023-05-24-openwrt-migrate-to-dsa/portal-vlan-dsa.png b/content/2023-05-24-openwrt-migrate-to-dsa/portal-vlan-dsa.png new file mode 100644 index 0000000..7c8fd85 Binary files /dev/null and b/content/2023-05-24-openwrt-migrate-to-dsa/portal-vlan-dsa.png differ -- cgit v1.2.3