Changes between Initial Version and Version 1 of TipAndDoc/Linux/OpenWRT/vlan

Timestamp:

Apr 30, 2013 3:25:50 AM (11 years ago)

Author:

mitty

Comment:

--

TipAndDoc/Linux/OpenWRT/vlan

@@ +1 @@
+[[PageOutline]]
+
+ * [https://forum.openwrt.org/viewtopic.php?id=28716 Correctness of swconfig documentation (Page 1) — Howtos and Documentation — OpenWrt]
+ > the '*' is supported by broadcom kmod-switch style drivers only. It is used to set the default VLAN for untagged frames on a port.
+  * その他、VLANの設定オプションについて解説がある
+
+ * [https://dev.openwrt.org/ticket/12377 #12377 (VLAN tagging / bridge default configuration on WZR-HP-AG300H) – OpenWrt]
+ > To make it possible to use multiple VLANs, the fix is to change the lan interface to bind on eth0.1 and set port 0 to tagged:
+  * [https://forum.openwrt.org/viewtopic.php?pid=155341#p155341 wzr-hp-ag300h progress (Page 4) — General Discussion — OpenWrt]
+
+ = restrictions of vlan with OpenWRT on WZR-HP-AG300H =
+ * eth0側でH/W VLANを無効({{{config switch_vlan}}}を削除)にすると、eth0からの有線でのWZR-HP-AG300Hへのアクセスが不能になる
+ * H/Wに設定したVLAN ID以外のtagged VLAN packetをeth0に向けて送信しても、eth0まで届かない
+  * 単なるSwitching HUBとは異なる
+  * eth1側にはこのような制約はない
+   * mitty@AG300H:~$ sudo vconfig add eth1 2408
+   * mitty@AG300H:~$ sudo ifconfig eth1.2408 10.0.0.1
+   * これで、別のマシンから eth0.2408 などを通してpingが正しく届く
+    * mitty@AG300H:~$ sudo tcpdump -e -i eth1
+{{{
+12:20:52.941468 00:1d:zy:xz:yx:dc (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 2408, p 0, ethertype ARP, Request who-has 10.0.0.1 tell 10.0.0.2, length 46
+12:20:52.941555 00:24:xx:yy:zz:76 (oui Unknown) > 00:1d:zy:xz:yx:dc (oui Unknown), ethertype 802.1Q (0x8100), length 46: vlan 2408, p 0, ethertype ARP, Reply 10.0.0.1 is-at 00:24:xx:yy:zz:76 (oui Unknown), length 28
+12:20:52.941675 00:1d:zy:xz:yx:dc (oui Unknown) > 00:24:xx:yy:zz:76 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 2408, p 0, ethertype IPv4, 10.0.0.2 > 10.0.0.1: ICMP echo request, id 2890, seq 1, length 64
+12:20:52.941855 00:24:xx:yy:zz:76 (oui Unknown) > 00:1d:zy:xz:yx:dc (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 2408, p 0, ethertype IPv4, 10.0.0.1 > 10.0.0.2: ICMP echo reply, id 2890, seq 1, length 64
+12:20:53.938338 00:1d:zy:xz:yx:dc (oui Unknown) > 00:24:xx:yy:zz:76 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 2408, p 0, ethertype IPv4, 10.0.0.2 > 10.0.0.1: ICMP echo request, id 2890, seq 2, length 64
+12:20:53.938458 00:24:xx:yy:zz:76 (oui Unknown) > 00:1d:zy:xz:yx:dc (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 2408, p 0, ethertype IPv4, 10.0.0.1 > 10.0.0.2: ICMP echo reply, id 2890, seq 2, length 64
+}}}
+ * untagged/taggedを同じネットワーク上で使う(multi vlan/trunking)場合、LAN側からuntagged packetをNAPTするには{{{eth0}}}ではなく{{{eth0.0}}}をGatewayにする必要がある
+ * VLAN IDは0～127のみ使用可能
+  * wrong setting
+{{{
+config switch_vlan
+        option device 'eth0'
+        option vlan '0'
+        option ports '0 1 2 3 4'
+
+config switch_vlan
+        option device 'eth0'
+        option vlan '128'
+        option ports '0t 1t 2t 3t 4t'
+}}}
+   * mitty@AG300H:~$ swconfig dev eth0 show
+{{{
+VLAN 0:
+        vid: 0
+        ports: 0 1 2 3 4
+}}}
+  * correct setting
+{{{
+config switch_vlan
+        option device 'eth0'
+        option vlan '0'
+        option ports '0 1 2 3 4'
+
+config switch_vlan
+        option device 'eth0'
+        option vlan '127'
+        option ports '0t 1t 2t 3t 4t'
+}}}
+   * mitty@AG300H:~$ swconfig dev eth0 show
+{{{
+VLAN 0:
+        vid: 0
+        ports: 0t 1t 2t 3t 4t
+VLAN 127:
+        vid: 127
+        ports: 0t 1t 2t 3t 4t
+}}}
+
+ = switch_vlan config with "option vlan '0'" =
+ * http://wiki.openwrt.org/doc/uci/network/switch#vlanswitch.config
+ > In the option ports line, a number indicates that the specified vlan includes the port with that number. If the number is followed by a "t" then packets transmitted out that port on this VLAN are tagged, and that packets received on that port may be received with this VLAN tag.
+ > So, '0 1 2 3 5t' would mean that packets on this VLAN are transmitted untagged when leaving ports 0, 1, 2 and 3, but tagged when leaving port 5 (generally the CPU internal port as described above).
+ * となっているが、untaggedなはずのportからも実際にはtagged packetが送出される
+
+ * この問題は、VLAN ID として0を指定すると解決する
+
+ == sample setting with problem ==
+ * /etc/config/network
+{{{
+config interface 'lan'
+        option ifname 'eth0.1'
+        option proto 'static'
+        option netmask '255.255.255.0'
+        option ipaddr '192.168.0.1'
+
+config interface 'vlan'
+        option ifname 'eth0.2'
+        option proto 'static'
+        option netmask '255.255.255.0'
+        option ipaddr '192.168.2.1'
+
+config switch
+        option name 'eth0'
+        option reset '1'
+        option enable_vlan '1'
+
+config switch_vlan
+        option device 'eth0'
+        option vlan '1'
+        option ports '0t 1 2 3 4'
+
+config switch_vlan
+        option device 'eth0'
+        option vlan '2'
+        option ports '0t 1t 2t 3t 4t'
+}}}
+  * VLAN1のポート1はuntaggedになっているが、実際にはVLAN IDは除去されない[[br]][[Image(option-vlan-1.png,33%)]]
+ * mitty@AG300H:~$ ifconfig |egrep 'Link|addr'
+{{{
+eth0      Link encap:Ethernet  HWaddr 00:24:XX:YY:ZZ:74
+eth0.1    Link encap:Ethernet  HWaddr 00:24:XX:YY:ZZ:74
+          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
+eth0.2    Link encap:Ethernet  HWaddr 00:24:XX:YY:ZZ:74
+          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
+}}}
+
+ == with Linux node ==
+ * root@Microknoppix:~# ifconfig |egrep 'Link|addr'
+{{{
+eth1      Link encap:Ethernet  HWaddr 00:1d:zy:xz:yx:dc
+          inet addr:192.168.0.60  Bcast:192.168.0.255  Mask:255.255.255.0
+eth1.1    Link encap:Ethernet  HWaddr 00:1d:zy:xz:yx:dc
+eth1.2    Link encap:Ethernet  HWaddr 00:1d:zy:xz:yx:dc
+          inet addr:192.168.2.60  Bcast:192.168.2.255  Mask:255.255.255.0
+}}}
+ * root@Microknoppix:~# ip route
+{{{
+192.168.0.0/24 dev eth1  proto kernel  scope link  src 192.168.0.60
+192.168.2.0/24 dev eth1.2  proto kernel  scope link  src 192.168.2.60
+}}}
+
+ === untagged ===
+ * root@Microknoppix:~# ping 192.168.0.1 -c 2
+{{{
+PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
+From 192.168.0.60 icmp_seq=1 Destination Host Unreachable
+From 192.168.0.60 icmp_seq=2 Destination Host Unreachable
+
+--- 192.168.0.1 ping statistics ---
+2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1008ms
+}}}
+ * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
+{{{
+00:07:48.165448 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.1 tell 192.168.0.60, length 46
+00:07:48.165493 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 28
+00:07:49.168881 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.1 tell 192.168.0.60, length 46
+00:07:49.168925 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 28
+00:07:50.172211 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.1 tell 192.168.0.60, length 46
+00:07:50.172255 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 28
+}}}
+ * root@Microknoppix:~# sudo tcpdump -n -e -i eth1 icmp or arp
+{{{
+00:07:49.739793 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.0.1 tell 192.168.0.60, length 28
+00:07:49.739923 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 60: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 42
+00:07:50.743222 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.0.1 tell 192.168.0.60, length 28
+00:07:50.743361 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 60: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 42
+00:07:51.746558 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.0.1 tell 192.168.0.60, length 28
+00:07:51.746698 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 60: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 42
+}}}
+
+ * Microknoppixからすると、送る時はuntaggedなのに返ってくる時にtaggedになっているため、疎通不能である
+
+ === VLAN ID 2 (eth0.2) ===
+ * root@Microknoppix:~# ping 192.168.2.1 -c 2
+{{{
+PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
+64 bytes from 192.168.2.1: icmp_req=1 ttl=64 time=2.95 ms
+64 bytes from 192.168.2.1: icmp_req=2 ttl=64 time=0.268 ms
+
+--- 192.168.2.1 ping statistics ---
+2 packets transmitted, 2 received, 0% packet loss, time 1001ms
+rtt min/avg/max/mdev = 0.268/1.610/2.952/1.342 ms
+}}}
+ * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
+{{{
+00:09:52.211509 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.60, length 46
+00:09:52.211613 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Reply 192.168.2.1 is-at 00:24:xx:yy:zz:74, length 28
+00:09:52.211741 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3528, seq 1, length 64
+00:09:52.211927 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3528, seq 1, length 64
+00:09:53.210338 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3528, seq 2, length 64
+00:09:53.210453 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3528, seq 2, length 64
+}}}
+ * root@Microknoppix:~# sudo tcpdump -n -e -i eth1 icmp or arp
+{{{
+00:09:53.786560 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.60, length 28
+00:09:53.786782 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 60: vlan 2, p 0, ethertype ARP, Reply 192.168.2.1 is-at 00:24:xx:yy:zz:74, length 42
+00:09:53.786816 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3528, seq 1, length 64
+00:09:53.787074 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3528, seq 1, length 64
+00:09:54.785397 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3528, seq 2, length 64
+00:09:54.785632 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3528, seq 2, length 64
+}}}
+
+ * eth1.2 (VLAN ID 2)については問題ない
+
+ === VLAN ID 1 (eth1.1) ===
+ * eth1.1で通信するように変更すると、疎通可能になる
+
+ * root@Microknoppix:~# ifconfig eth1 0.0.0.0
+ * root@Microknoppix:~# ifconfig eth1.1 192.168.0.60
+
+ * root@Microknoppix:~# ping 192.168.0.1 -c 2
+{{{
+PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
+64 bytes from 192.168.0.1: icmp_req=1 ttl=64 time=0.490 ms
+64 bytes from 192.168.0.1: icmp_req=2 ttl=64 time=0.268 ms
+
+--- 192.168.0.1 ping statistics ---
+2 packets transmitted, 2 received, 0% packet loss, time 999ms
+rtt min/avg/max/mdev = 0.268/0.379/0.490/0.111 ms
+}}}
+ * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
+{{{
+00:16:27.724498 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3579, seq 1, length 64
+00:16:27.724738 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.60 tell 192.168.0.1, length 28
+00:16:27.724841 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Reply 192.168.0.60 is-at 00:1d:zy:xz:yx:dc, length 46
+00:16:27.724863 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3579, seq 1, length 64
+00:16:28.723493 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3579, seq 2, length 64
+00:16:28.723613 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3579, seq 2, length 64
+}}}
+ * root@Microknoppix:~# sudo tcpdump -n -e -i eth1 icmp or arp
+{{{
+00:16:29.301169 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3579, seq 1, length 64
+00:16:29.301509 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.60 tell 192.168.0.1, length 42
+00:16:29.301538 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Reply 192.168.0.60 is-at 00:1d:zy:xz:yx:dc, length 28
+00:16:29.301628 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3579, seq 1, length 64
+00:16:30.300170 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3579, seq 2, length 64
+00:16:30.300407 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3579, seq 2, length 64
+}}}
+
+ == with Windows ==
+ * Windowsは、NICのドライバが対応していないと、VLAN IDを解さないのでおかしなことになる
+
+ === untagged ===
+ * Windows:NICのアドレス>192.168.0.102
+
+ * D:\tmp>ping 192.168.0.1 -n 2
+{{{
+192.168.0.1 に ping を送信しています 32 バイトのデータ:
+192.168.0.1 からの応答: バイト数 =32 時間 <1ms TTL=64
+192.168.0.1 からの応答: バイト数 =32 時間 =1ms TTL=64
+
+192.168.0.1 の ping 統計:
+    パケット数: 送信 = 2、受信 = 2、損失 = 0 (0% の損失)、
+ラウンド トリップの概算時間 (ミリ秒):
+    最小 = 0ms、最大 = 1ms、平均 = 0ms
+}}}
+ * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
+{{{
+23:22:02.948026 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 78: vlan 1, p 0, ethertype IPv4, 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4079, length 40
+23:22:02.948193 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype 802.1Q (0x8100), length 78: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4079, length 40
+23:22:03.950631 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 78: vlan 1, p 0, ethertype IPv4, 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4080, length 40
+23:22:03.950753 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype 802.1Q (0x8100), length 78: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4080, length 40
+}}}
+ * D:\tmp>windump -i 3 -e -n icmp or arp
+{{{
+23:22:02.869718 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 74: 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4079, length 40
+23:22:02.869962 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 74: 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4079, length 40
+23:22:03.872305 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 74: 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4080, length 40
+23:22:03.872450 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 74: 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4080, length 40
+}}}
+
+ * WZR-HP-AG300Hからすると、VLAN IDを付与して返信しているが、WindowsがVLAN IDを解さないので通信出来てしまう
+
+ === VLAN ID 2 ===
+ * Windows:NICのアドレスを手動設定 -> 192.168.2.102
+
+ * Windowns -> WZR-HP-AG300H
+  * D:\tmp>ping 192.168.2.1 -n 2
+{{{
+192.168.2.1 に ping を送信しています 32 バイトのデータ:
+192.168.2.102 からの応答: 宛先ホストに到達できません。
+192.168.2.102 からの応答: 宛先ホストに到達できません。
+
+192.168.2.1 の ping 統計:
+    パケット数: 送信 = 2、受信 = 2、損失 = 0 (0% の損失)、
+}}}
+  * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
+{{{
+23:32:20.640132 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46
+23:32:21.257157 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46
+23:32:22.257232 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46
+23:32:23.260331 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46
+23:32:24.257369 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46
+23:32:25.257364 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46
+}}}
+  * D:\tmp>windump -i 3 -e -n icmp or arp
+{{{
+23:32:20.592232 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102
+23:32:21.209364 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102
+23:32:22.209380 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102
+23:32:23.212432 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102
+23:32:24.209411 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102
+23:32:25.209295 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102
+}}}
+  * Windowsから送出されるパケットにはVLAN IDが付与されないため、自動的にVLAN ID 1が付与される
+
+ * WZR-HP-AG300H -> Windows
+  * mitty@AG300H:~$ sudo ping 192.168.2.102
+{{{
+PING 192.168.2.102 (192.168.2.102): 56 data bytes
+^C
+--- 192.168.2.102 ping statistics ---
+73 packets transmitted, 0 packets received, 100% packet loss
+}}}
+  * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
+{{{
+23:59:17.651760 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.102 tell 192.168.2.1, length 28
+23:59:17.652365 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Reply 192.168.2.102 is-at 1c:c1:zz:yy:xx:ww, length 46
+23:59:18.651759 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.102 tell 192.168.2.1, length 28
+23:59:18.652148 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Reply 192.168.2.102 is-at 1c:c1:zz:yy:xx:ww, length 46
+}}}
+  * D:\tmp>windump -i 3 -e -n icmp or arp
+{{{
+23:59:17.646191 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: arp who-has 192.168.2.102 tell 192.168.2.1
+23:59:17.646786 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype ARP (0x0806), length 42: arp reply 192.168.2.102 is-at 1c:c1:zz:yy:xx:ww
+23:59:18.645996 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: arp who-has 192.168.2.102 tell 192.168.2.1
+23:59:18.646292 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype ARP (0x0806), length 42: arp reply 192.168.2.102 is-at 1c:c1:zz:yy:xx:ww
+}}}
+  * VLAN IDが抜け落ちるため、arpを受信出来てしまいreplyしているが、WZR-HP-AG300H側としてはVLAN ID 1のパケットとして届くので疎通出来ない
+
+ == how to solve ==
+ * 先に述べたように、VLAN IDとして0を設定すればよい
+  * このとき、忘れずに{{{config interface 'lan'}}}を{{{option ifname 'eth0.0'}}}に変更する
+  * lan->wanで正常にNAPTされなくなる
+ * ただし、WebUIからはセット出来ないため、/etc/config/networkをvimなどで直接編集する必要がある[[br]][[Image(option-vlan-cant_be_0.png,33%)]]
+
+ * /etc/config/network
+{{{
+config interface 'lan'
+        option ifname 'eth0.0'
+        option proto 'static'
+        option netmask '255.255.255.0'
+        option ipaddr '192.168.0.1'
+
+config interface 'vlan'
+        option ifname 'eth0.2'
+        option proto 'static'
+        option netmask '255.255.255.0'
+        option ipaddr '192.168.2.1'
+
+config switch
+        option name 'eth0'
+        option reset '1'
+        option enable_vlan '1'
+
+config switch_vlan
+        option device 'eth0'
+        option vlan '0'
+        option ports '0t 1 2 3 4'
+
+config switch_vlan
+        option device 'eth0'
+        option vlan '2'
+        option ports '0t 1t 2t 3t 4t'
+}}}
+  * 設定ファイルを直接編集することにより、VLAN IDを0にすることが可能(実際にはタグ無しパケットになる)[[br]][[Image(option-vlan-0.png,33%)]]
+  * ただし、WebUIからはそれ以降設定変更がが不能になる[[br]][[Image(option-vlan-0-_cant_be_saved.png,33%)]]
+  * (追記)vlan 0は{{{option ports '0 1 2 3 4'}}}でも良い[[br]][[Image(option-vlan-0-untagged.png,33%)]]
+ * mitty@AG300H:~$ ifconfig |egrep 'Link|addr'
+{{{
+eth0      Link encap:Ethernet  HWaddr 00:24:XX:YY:ZZ:74
+          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
+eth0.2    Link encap:Ethernet  HWaddr 00:24:XX:YY:ZZ:74
+          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
+}}}
+
+ === check connection with Linux node ===
+ * root@Microknoppix:~# ifconfig |egrep 'Link|addr'
+{{{
+eth1      Link encap:Ethernet  HWaddr 00:1d:zy:xz:yx:dc
+          inet addr:192.168.0.60  Bcast:192.168.0.255  Mask:255.255.255.0
+eth1.1    Link encap:Ethernet  HWaddr 00:1d:zy:xz:yx:dc
+eth1.2    Link encap:Ethernet  HWaddr 00:1d:zy:xz:yx:dc
+          inet addr:192.168.2.60  Bcast:192.168.2.255  Mask:255.255.255.0
+}}}
+
+ ==== untagged ====
+ * root@Microknoppix:~# ping 192.168.0.1 -c 2
+{{{
+PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
+64 bytes from 192.168.0.1: icmp_req=1 ttl=64 time=0.460 ms
+64 bytes from 192.168.0.1: icmp_req=2 ttl=64 time=0.289 ms
+
+--- 192.168.0.1 ping statistics ---
+2 packets transmitted, 2 received, 0% packet loss, time 999ms
+rtt min/avg/max/mdev = 0.289/0.374/0.460/0.087 ms
+}}}
+ * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
+{{{
+00:52:59.314253 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 98: 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3644, seq 1, length 64
+00:52:59.314476 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.0.60 tell 192.168.0.1, length 28
+00:52:59.314579 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype ARP (0x0806), length 60: Reply 192.168.0.60 is-at 00:1d:zy:xz:yx:dc, length 46
+00:52:59.314600 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype IPv4 (0x0800), length 98: 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3644, seq 1, length 64
+00:53:00.313226 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 98: 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3644, seq 2, length 64
+00:53:00.313323 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype IPv4 (0x0800), length 98: 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3644, seq 2, length 64
+00:53:00.376869 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 148: 192.168.0.1 > 192.168.0.102: ICMP net 192.168.83.228 unreachable,
+}}}
+
+ ==== VLAN ID 2 ====
+ * root@Microknoppix:~# ping 192.168.2.1 -c 2
+{{{
+PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
+64 bytes from 192.168.2.1: icmp_req=1 ttl=64 time=0.461 ms
+64 bytes from 192.168.2.1: icmp_req=2 ttl=64 time=0.357 ms
+
+--- 192.168.2.1 ping statistics ---
+2 packets transmitted, 2 received, 0% packet loss, time 999ms
+rtt min/avg/max/mdev = 0.357/0.409/0.461/0.052 ms
+}}}
+ * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
+{{{
+00:53:34.735856 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3645, seq 1, length 64
+00:53:34.736074 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.60 tell 192.168.2.1, length 28
+00:53:34.736175 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype ARP, Reply 192.168.2.60 is-at 00:1d:zy:xz:yx:dc, length 46
+00:53:34.736197 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3645, seq 1, length 64
+00:53:35.735528 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3645, seq 2, length 64
+00:53:35.735663 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3645, seq 2, length 64
+}}}
+
+ === check connection with Windows node ===
+ * D:\tmp>ping 192.168.0.1 -n 2
+{{{
+192.168.0.1 に ping を送信しています 32 バイトのデータ:
+192.168.0.1 からの応答: バイト数 =32 時間 <1ms TTL=64
+192.168.0.1 からの応答: バイト数 =32 時間 =1ms TTL=64
+
+192.168.0.1 の ping 統計:
+    パケット数: 送信 = 2、受信 = 2、損失 = 0 (0% の損失)、
+ラウンド トリップの概算時間 (ミリ秒):
+    最小 = 0ms、最大 = 1ms、平均 = 0ms
+}}}
+ * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
+{{{
+00:55:12.487241 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 74: 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4106, length 40
+00:55:12.487393 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 74: 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4106, length 40
+00:55:13.490727 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 74: 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4107, length 40
+00:55:13.490841 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 74: 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4107, length 40
+}}}
+
+
+ = Briding LAN to NTT-NGN with tagged VLAN =
+ * 目的
+  * eth1側のONU(NGN網)へ、eth0側のLAN配下のノードからL2で繋ぎたい
+  * 単純にeth0 <-> eth1でブリッジすると、LAN側のパケットがフィルタ無しでNGN網に飛ぶので推奨されない
+ * 方法
+  1. eth0 <-> eth1でブリッジして、br deviceをpppoeのifnameに書くのが一番楽
+   * PPPoEは{{{option ifname}}}をbr deviceのものに書き換えることで正常に動作するようになる
+  2. LAN <-> PPPoEとは別に、VLANデバイスを作成してそれをeth1とブリッジする
+   * 設定が煩雑
+ * firewall(iptables/ufw)の設定を失念していていると、疎通出来ずに混乱するので注意
+
+ * (元々の)構成 -> http://wiki.openwrt.org/toh/buffalo/wzr-hp-ag300h#network.port.assignments
+  * OpenWrt Attitude Adjustment 12.09
+  * eth0 -> LAN
+  * eth1 -> WAN(ONU)
+  * pppoe -> via eth1
+
+ == Bridging eth0 <-> eth1 directly ==
+ * LAN側のパケットがフィルタ無しでONU側(NGN網)に飛ぶことに注意
+
+ * eth0 <- br -> eth1をブリッジした上で、pppdをbrデバイス上で動かす場合
+ * webUIからはpppoeの対象としてbrデバイスを選択出来ないため、設定ファイルを直接編集する必要がある
+
+ * AG300H:/etc/config/network
+{{{
+config interface 'lan'
+       option ifname 'eth0 eth1'
+       option type 'bridge'
+       option proto 'static'
+       option netmask '255.255.255.0'
+       option ipaddr '192.168.0.1'
+
+config interface 'wan'
+       option ifname 'br-lan'
+       option proto 'pppoe'
+}}}
+ * mitty@AG300H:~$ ifconfig -a| grep addr
+{{{
+br-lan    Link encap:Ethernet  HWaddr 00:24:XX:YY:ZZ:74
+          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
+eth0      Link encap:Ethernet  HWaddr 00:24:XX:YY:ZZ:74
+eth1      Link encap:Ethernet  HWaddr 00:24:XX:YY:ZZ:76
+lo        Link encap:Local Loopback
+          inet addr:127.0.0.1  Mask:255.0.0.0
+pppoe-wan Link encap:Point-to-Point Protocol
+          inet addr:114.159.70.188  P-t-P:118.23.8.36  Mask:255.255.255.255
+}}}
+ * mitty@AG300H:~$ brctl show
+{{{
+bridge name     bridge id               STP enabled     interfaces
+br-lan          8000.0024xxyyzz74       no              eth0
+                                                        eth1
+}}}