[[PageOutline]] * [https://forum.openwrt.org/viewtopic.php?id=28716 Correctness of swconfig documentation (Page 1) — Howtos and Documentation — OpenWrt] > the '*' is supported by broadcom kmod-switch style drivers only. It is used to set the default VLAN for untagged frames on a port. * その他、VLANの設定オプションについて解説がある * [https://dev.openwrt.org/ticket/12377 #12377 (VLAN tagging / bridge default configuration on WZR-HP-AG300H) – OpenWrt] > To make it possible to use multiple VLANs, the fix is to change the lan interface to bind on eth0.1 and set port 0 to tagged: * [https://forum.openwrt.org/viewtopic.php?pid=155341#p155341 wzr-hp-ag300h progress (Page 4) — General Discussion — OpenWrt] = restrictions of vlan with OpenWRT on WZR-HP-AG300H = * eth0側でH/W VLANを無効({{{config switch_vlan}}}を削除)にすると、eth0からの有線でのWZR-HP-AG300Hへのアクセスが不能になる * H/Wに設定したVLAN ID以外のtagged VLAN packetをeth0に向けて送信しても、eth0まで届かない * 単なるSwitching HUBとは異なる * eth1側にはこのような制約はない * mitty@AG300H:~$ sudo vconfig add eth1 2408 * mitty@AG300H:~$ sudo ifconfig eth1.2408 10.0.0.1 * これで、別のマシンから eth0.2408 などを通してpingが正しく届く * mitty@AG300H:~$ sudo tcpdump -e -i eth1 {{{ 12:20:52.941468 00:1d:zy:xz:yx:dc (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 2408, p 0, ethertype ARP, Request who-has 10.0.0.1 tell 10.0.0.2, length 46 12:20:52.941555 00:24:xx:yy:zz:76 (oui Unknown) > 00:1d:zy:xz:yx:dc (oui Unknown), ethertype 802.1Q (0x8100), length 46: vlan 2408, p 0, ethertype ARP, Reply 10.0.0.1 is-at 00:24:xx:yy:zz:76 (oui Unknown), length 28 12:20:52.941675 00:1d:zy:xz:yx:dc (oui Unknown) > 00:24:xx:yy:zz:76 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 2408, p 0, ethertype IPv4, 10.0.0.2 > 10.0.0.1: ICMP echo request, id 2890, seq 1, length 64 12:20:52.941855 00:24:xx:yy:zz:76 (oui Unknown) > 00:1d:zy:xz:yx:dc (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 2408, p 0, ethertype IPv4, 10.0.0.1 > 10.0.0.2: ICMP echo reply, id 2890, seq 1, length 64 12:20:53.938338 00:1d:zy:xz:yx:dc (oui Unknown) > 00:24:xx:yy:zz:76 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 2408, p 0, ethertype IPv4, 10.0.0.2 > 10.0.0.1: ICMP echo request, id 2890, seq 2, length 64 12:20:53.938458 00:24:xx:yy:zz:76 (oui Unknown) > 00:1d:zy:xz:yx:dc (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 2408, p 0, ethertype IPv4, 10.0.0.1 > 10.0.0.2: ICMP echo reply, id 2890, seq 2, length 64 }}} * untagged/taggedを同じネットワーク上で使う(multi vlan/trunking)場合、LAN側からuntagged packetをNAPTするには{{{eth0}}}ではなく{{{eth0.0}}}をGatewayにする必要がある * VLAN IDは0~127のみ使用可能 * wrong setting {{{ config switch_vlan option device 'eth0' option vlan '0' option ports '0 1 2 3 4' config switch_vlan option device 'eth0' option vlan '128' option ports '0t 1t 2t 3t 4t' }}} * mitty@AG300H:~$ swconfig dev eth0 show {{{ VLAN 0: vid: 0 ports: 0 1 2 3 4 }}} * correct setting {{{ config switch_vlan option device 'eth0' option vlan '0' option ports '0 1 2 3 4' config switch_vlan option device 'eth0' option vlan '127' option ports '0t 1t 2t 3t 4t' }}} * mitty@AG300H:~$ swconfig dev eth0 show {{{ VLAN 0: vid: 0 ports: 0t 1t 2t 3t 4t VLAN 127: vid: 127 ports: 0t 1t 2t 3t 4t }}} = switch_vlan config with "option vlan '0'" = * http://wiki.openwrt.org/doc/uci/network/switch#vlanswitch.config > In the option ports line, a number indicates that the specified vlan includes the port with that number. If the number is followed by a "t" then packets transmitted out that port on this VLAN are tagged, and that packets received on that port may be received with this VLAN tag. > So, '0 1 2 3 5t' would mean that packets on this VLAN are transmitted untagged when leaving ports 0, 1, 2 and 3, but tagged when leaving port 5 (generally the CPU internal port as described above). * となっているが、untaggedなはずのportからも実際にはtagged packetが送出される * この問題は、VLAN ID として0を指定すると解決する == sample setting with problem == * /etc/config/network {{{ config interface 'lan' option ifname 'eth0.1' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.0.1' config interface 'vlan' option ifname 'eth0.2' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.2.1' config switch option name 'eth0' option reset '1' option enable_vlan '1' config switch_vlan option device 'eth0' option vlan '1' option ports '0t 1 2 3 4' config switch_vlan option device 'eth0' option vlan '2' option ports '0t 1t 2t 3t 4t' }}} * VLAN1のポート1はuntaggedになっているが、実際にはVLAN IDは除去されない[[br]][[Image(option-vlan-1.png,33%)]] * mitty@AG300H:~$ ifconfig |egrep 'Link|addr' {{{ eth0 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 eth0.1 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 eth0.2 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0 }}} == with Linux node == * root@Microknoppix:~# ifconfig |egrep 'Link|addr' {{{ eth1 Link encap:Ethernet HWaddr 00:1d:zy:xz:yx:dc inet addr:192.168.0.60 Bcast:192.168.0.255 Mask:255.255.255.0 eth1.1 Link encap:Ethernet HWaddr 00:1d:zy:xz:yx:dc eth1.2 Link encap:Ethernet HWaddr 00:1d:zy:xz:yx:dc inet addr:192.168.2.60 Bcast:192.168.2.255 Mask:255.255.255.0 }}} * root@Microknoppix:~# ip route {{{ 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.60 192.168.2.0/24 dev eth1.2 proto kernel scope link src 192.168.2.60 }}} === untagged === * root@Microknoppix:~# ping 192.168.0.1 -c 2 {{{ PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data. From 192.168.0.60 icmp_seq=1 Destination Host Unreachable From 192.168.0.60 icmp_seq=2 Destination Host Unreachable --- 192.168.0.1 ping statistics --- 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1008ms }}} * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp {{{ 00:07:48.165448 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.1 tell 192.168.0.60, length 46 00:07:48.165493 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 28 00:07:49.168881 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.1 tell 192.168.0.60, length 46 00:07:49.168925 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 28 00:07:50.172211 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.1 tell 192.168.0.60, length 46 00:07:50.172255 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 28 }}} * root@Microknoppix:~# sudo tcpdump -n -e -i eth1 icmp or arp {{{ 00:07:49.739793 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.0.1 tell 192.168.0.60, length 28 00:07:49.739923 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 60: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 42 00:07:50.743222 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.0.1 tell 192.168.0.60, length 28 00:07:50.743361 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 60: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 42 00:07:51.746558 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.0.1 tell 192.168.0.60, length 28 00:07:51.746698 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 60: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 42 }}} * Microknoppixからすると、送る時はuntaggedなのに返ってくる時にtaggedになっているため、疎通不能である === VLAN ID 2 (eth0.2) === * root@Microknoppix:~# ping 192.168.2.1 -c 2 {{{ PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data. 64 bytes from 192.168.2.1: icmp_req=1 ttl=64 time=2.95 ms 64 bytes from 192.168.2.1: icmp_req=2 ttl=64 time=0.268 ms --- 192.168.2.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.268/1.610/2.952/1.342 ms }}} * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp {{{ 00:09:52.211509 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.60, length 46 00:09:52.211613 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Reply 192.168.2.1 is-at 00:24:xx:yy:zz:74, length 28 00:09:52.211741 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3528, seq 1, length 64 00:09:52.211927 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3528, seq 1, length 64 00:09:53.210338 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3528, seq 2, length 64 00:09:53.210453 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3528, seq 2, length 64 }}} * root@Microknoppix:~# sudo tcpdump -n -e -i eth1 icmp or arp {{{ 00:09:53.786560 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.60, length 28 00:09:53.786782 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 60: vlan 2, p 0, ethertype ARP, Reply 192.168.2.1 is-at 00:24:xx:yy:zz:74, length 42 00:09:53.786816 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3528, seq 1, length 64 00:09:53.787074 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3528, seq 1, length 64 00:09:54.785397 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3528, seq 2, length 64 00:09:54.785632 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3528, seq 2, length 64 }}} * eth1.2 (VLAN ID 2)については問題ない === VLAN ID 1 (eth1.1) === * eth1.1で通信するように変更すると、疎通可能になる * root@Microknoppix:~# ifconfig eth1 0.0.0.0 * root@Microknoppix:~# ifconfig eth1.1 192.168.0.60 * root@Microknoppix:~# ping 192.168.0.1 -c 2 {{{ PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_req=1 ttl=64 time=0.490 ms 64 bytes from 192.168.0.1: icmp_req=2 ttl=64 time=0.268 ms --- 192.168.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.268/0.379/0.490/0.111 ms }}} * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp {{{ 00:16:27.724498 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3579, seq 1, length 64 00:16:27.724738 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.60 tell 192.168.0.1, length 28 00:16:27.724841 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Reply 192.168.0.60 is-at 00:1d:zy:xz:yx:dc, length 46 00:16:27.724863 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3579, seq 1, length 64 00:16:28.723493 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3579, seq 2, length 64 00:16:28.723613 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3579, seq 2, length 64 }}} * root@Microknoppix:~# sudo tcpdump -n -e -i eth1 icmp or arp {{{ 00:16:29.301169 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3579, seq 1, length 64 00:16:29.301509 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.60 tell 192.168.0.1, length 42 00:16:29.301538 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Reply 192.168.0.60 is-at 00:1d:zy:xz:yx:dc, length 28 00:16:29.301628 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3579, seq 1, length 64 00:16:30.300170 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3579, seq 2, length 64 00:16:30.300407 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3579, seq 2, length 64 }}} == with Windows == * Windowsは、NICのドライバが対応していないと、VLAN IDを解さないのでおかしなことになる === untagged === * Windows:NICのアドレス>192.168.0.102 * D:\tmp>ping 192.168.0.1 -n 2 {{{ 192.168.0.1 に ping を送信しています 32 バイトのデータ: 192.168.0.1 からの応答: バイト数 =32 時間 <1ms TTL=64 192.168.0.1 からの応答: バイト数 =32 時間 =1ms TTL=64 192.168.0.1 の ping 統計: パケット数: 送信 = 2、受信 = 2、損失 = 0 (0% の損失)、 ラウンド トリップの概算時間 (ミリ秒): 最小 = 0ms、最大 = 1ms、平均 = 0ms }}} * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp {{{ 23:22:02.948026 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 78: vlan 1, p 0, ethertype IPv4, 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4079, length 40 23:22:02.948193 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype 802.1Q (0x8100), length 78: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4079, length 40 23:22:03.950631 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 78: vlan 1, p 0, ethertype IPv4, 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4080, length 40 23:22:03.950753 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype 802.1Q (0x8100), length 78: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4080, length 40 }}} * D:\tmp>windump -i 3 -e -n icmp or arp {{{ 23:22:02.869718 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 74: 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4079, length 40 23:22:02.869962 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 74: 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4079, length 40 23:22:03.872305 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 74: 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4080, length 40 23:22:03.872450 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 74: 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4080, length 40 }}} * WZR-HP-AG300Hからすると、VLAN IDを付与して返信しているが、WindowsがVLAN IDを解さないので通信出来てしまう === VLAN ID 2 === * Windows:NICのアドレスを手動設定 -> 192.168.2.102 * Windowns -> WZR-HP-AG300H * D:\tmp>ping 192.168.2.1 -n 2 {{{ 192.168.2.1 に ping を送信しています 32 バイトのデータ: 192.168.2.102 からの応答: 宛先ホストに到達できません。 192.168.2.102 からの応答: 宛先ホストに到達できません。 192.168.2.1 の ping 統計: パケット数: 送信 = 2、受信 = 2、損失 = 0 (0% の損失)、 }}} * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp {{{ 23:32:20.640132 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46 23:32:21.257157 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46 23:32:22.257232 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46 23:32:23.260331 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46 23:32:24.257369 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46 23:32:25.257364 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46 }}} * D:\tmp>windump -i 3 -e -n icmp or arp {{{ 23:32:20.592232 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102 23:32:21.209364 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102 23:32:22.209380 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102 23:32:23.212432 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102 23:32:24.209411 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102 23:32:25.209295 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102 }}} * Windowsから送出されるパケットにはVLAN IDが付与されないため、自動的にVLAN ID 1が付与される * WZR-HP-AG300H -> Windows * mitty@AG300H:~$ sudo ping 192.168.2.102 {{{ PING 192.168.2.102 (192.168.2.102): 56 data bytes ^C --- 192.168.2.102 ping statistics --- 73 packets transmitted, 0 packets received, 100% packet loss }}} * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp {{{ 23:59:17.651760 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.102 tell 192.168.2.1, length 28 23:59:17.652365 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Reply 192.168.2.102 is-at 1c:c1:zz:yy:xx:ww, length 46 23:59:18.651759 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.102 tell 192.168.2.1, length 28 23:59:18.652148 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Reply 192.168.2.102 is-at 1c:c1:zz:yy:xx:ww, length 46 }}} * D:\tmp>windump -i 3 -e -n icmp or arp {{{ 23:59:17.646191 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: arp who-has 192.168.2.102 tell 192.168.2.1 23:59:17.646786 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype ARP (0x0806), length 42: arp reply 192.168.2.102 is-at 1c:c1:zz:yy:xx:ww 23:59:18.645996 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: arp who-has 192.168.2.102 tell 192.168.2.1 23:59:18.646292 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype ARP (0x0806), length 42: arp reply 192.168.2.102 is-at 1c:c1:zz:yy:xx:ww }}} * VLAN IDが抜け落ちるため、arpを受信出来てしまいreplyしているが、WZR-HP-AG300H側としてはVLAN ID 1のパケットとして届くので疎通出来ない == how to solve == * 先に述べたように、VLAN IDとして0を設定すればよい * このとき、忘れずに{{{config interface 'lan'}}}を{{{option ifname 'eth0.0'}}}に変更する * lan->wanで正常にNAPTされなくなる * ただし、WebUIからはセット出来ないため、/etc/config/networkをvimなどで直接編集する必要がある[[br]][[Image(option-vlan-cant_be_0.png,33%)]] * /etc/config/network {{{ config interface 'lan' option ifname 'eth0.0' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.0.1' config interface 'vlan' option ifname 'eth0.2' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.2.1' config switch option name 'eth0' option reset '1' option enable_vlan '1' config switch_vlan option device 'eth0' option vlan '0' option ports '0t 1 2 3 4' config switch_vlan option device 'eth0' option vlan '2' option ports '0t 1t 2t 3t 4t' }}} * 設定ファイルを直接編集することにより、VLAN IDを0にすることが可能(実際にはタグ無しパケットになる)[[br]][[Image(option-vlan-0.png,33%)]] * ただし、WebUIからはそれ以降設定変更がが不能になる[[br]][[Image(option-vlan-0-cant_be_saved.png,33%)]] * (追記)vlan 0は{{{option ports '0 1 2 3 4'}}}でも良い[[br]][[Image(option-vlan-0-untagged.png,33%)]] * mitty@AG300H:~$ ifconfig |egrep 'Link|addr' {{{ eth0 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 eth0.2 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0 }}} === check connection with Linux node === * root@Microknoppix:~# ifconfig |egrep 'Link|addr' {{{ eth1 Link encap:Ethernet HWaddr 00:1d:zy:xz:yx:dc inet addr:192.168.0.60 Bcast:192.168.0.255 Mask:255.255.255.0 eth1.1 Link encap:Ethernet HWaddr 00:1d:zy:xz:yx:dc eth1.2 Link encap:Ethernet HWaddr 00:1d:zy:xz:yx:dc inet addr:192.168.2.60 Bcast:192.168.2.255 Mask:255.255.255.0 }}} ==== untagged ==== * root@Microknoppix:~# ping 192.168.0.1 -c 2 {{{ PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_req=1 ttl=64 time=0.460 ms 64 bytes from 192.168.0.1: icmp_req=2 ttl=64 time=0.289 ms --- 192.168.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.289/0.374/0.460/0.087 ms }}} * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp {{{ 00:52:59.314253 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 98: 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3644, seq 1, length 64 00:52:59.314476 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.0.60 tell 192.168.0.1, length 28 00:52:59.314579 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype ARP (0x0806), length 60: Reply 192.168.0.60 is-at 00:1d:zy:xz:yx:dc, length 46 00:52:59.314600 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype IPv4 (0x0800), length 98: 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3644, seq 1, length 64 00:53:00.313226 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 98: 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3644, seq 2, length 64 00:53:00.313323 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype IPv4 (0x0800), length 98: 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3644, seq 2, length 64 00:53:00.376869 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 148: 192.168.0.1 > 192.168.0.102: ICMP net 192.168.83.228 unreachable, }}} ==== VLAN ID 2 ==== * root@Microknoppix:~# ping 192.168.2.1 -c 2 {{{ PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data. 64 bytes from 192.168.2.1: icmp_req=1 ttl=64 time=0.461 ms 64 bytes from 192.168.2.1: icmp_req=2 ttl=64 time=0.357 ms --- 192.168.2.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.357/0.409/0.461/0.052 ms }}} * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp {{{ 00:53:34.735856 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3645, seq 1, length 64 00:53:34.736074 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.60 tell 192.168.2.1, length 28 00:53:34.736175 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype ARP, Reply 192.168.2.60 is-at 00:1d:zy:xz:yx:dc, length 46 00:53:34.736197 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3645, seq 1, length 64 00:53:35.735528 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3645, seq 2, length 64 00:53:35.735663 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3645, seq 2, length 64 }}} === check connection with Windows node === * D:\tmp>ping 192.168.0.1 -n 2 {{{ 192.168.0.1 に ping を送信しています 32 バイトのデータ: 192.168.0.1 からの応答: バイト数 =32 時間 <1ms TTL=64 192.168.0.1 からの応答: バイト数 =32 時間 =1ms TTL=64 192.168.0.1 の ping 統計: パケット数: 送信 = 2、受信 = 2、損失 = 0 (0% の損失)、 ラウンド トリップの概算時間 (ミリ秒): 最小 = 0ms、最大 = 1ms、平均 = 0ms }}} * mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp {{{ 00:55:12.487241 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 74: 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4106, length 40 00:55:12.487393 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 74: 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4106, length 40 00:55:13.490727 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 74: 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4107, length 40 00:55:13.490841 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 74: 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4107, length 40 }}} = Briding LAN to NTT-NGN with tagged VLAN = * 目的 * eth1側のONU(NGN網)へ、eth0側のLAN配下のノードからL2で繋ぎたい * 単純にeth0 <-> eth1でブリッジすると、LAN側のパケットがフィルタ無しでNGN網に飛ぶので推奨されない * 方法 1. eth0 <-> eth1でブリッジして、br deviceをpppoeのifnameに書くのが一番楽 * PPPoEは{{{option ifname}}}をbr deviceのものに書き換えることで正常に動作するようになる 2. LAN <-> PPPoEとは別に、VLANデバイスを作成してそれをeth1とブリッジする * 設定が煩雑 * firewall(iptables/ufw)の設定を失念していていると、疎通出来ずに混乱するので注意 * (元々の)構成 -> http://wiki.openwrt.org/toh/buffalo/wzr-hp-ag300h#network.port.assignments * OpenWrt Attitude Adjustment 12.09 * eth0 -> LAN * eth1 -> WAN(ONU) * pppoe -> via eth1 == Bridging eth0 <-> eth1 directly == * LAN側のパケットがフィルタ無しでONU側(NGN網)に飛ぶことに注意 * eth0 <- br -> eth1をブリッジした上で、pppdをbrデバイス上で動かす場合 * webUIからはpppoeの対象としてbrデバイスを選択出来ないため、設定ファイルを直接編集する必要がある * AG300H:/etc/config/network {{{ config interface 'lan' option ifname 'eth0 eth1' option type 'bridge' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.0.1' config interface 'wan' option ifname 'br-lan' option proto 'pppoe' }}} * mitty@AG300H:~$ ifconfig {{{ br-lan Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 eth0 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 eth1 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:76 pppoe-wan Link encap:Point-to-Point Protocol inet addr:114.159.70.188 P-t-P:118.23.8.36 Mask:255.255.255.255 }}} * mitty@AG300H:~$ brctl show {{{ bridge name bridge id STP enabled interfaces br-lan 8000.0024xxyyzz74 no eth0 eth1 }}}