Version 5 (modified by mitty, 12 years ago) (diff) |
---|
- Correctness of swconfig documentation (Page 1) — Howtos and Documentation — OpenWrt
the '*' is supported by broadcom kmod-switch style drivers only. It is used to set the default VLAN for untagged frames on a port.
- その他、VLANの設定オプションについて解説がある
- #12377 (VLAN tagging / bridge default configuration on WZR-HP-AG300H) – OpenWrt
To make it possible to use multiple VLANs, the fix is to change the lan interface to bind on eth0.1 and set port 0 to tagged:
restrictions of vlan with OpenWRT on WZR-HP-AG300H
- eth0側でH/W VLANを無効(config switch_vlanを削除)にすると、eth0からの有線でのWZR-HP-AG300Hへのアクセスが不能になる
- H/Wに設定したVLAN ID以外のtagged VLAN packetをeth0に向けて送信しても、eth0まで届かない
- 単なるSwitching HUBとは異なる
- eth1側にはこのような制約はない
- mitty@AG300H:~$ sudo vconfig add eth1 2408
- mitty@AG300H:~$ sudo ifconfig eth1.2408 10.0.0.1
- これで、別のマシンから eth0.2408 などを通してpingが正しく届く
- mitty@AG300H:~$ sudo tcpdump -e -i eth1
12:20:52.941468 00:1d:zy:xz:yx:dc (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 2408, p 0, ethertype ARP, Request who-has 10.0.0.1 tell 10.0.0.2, length 46 12:20:52.941555 00:24:xx:yy:zz:76 (oui Unknown) > 00:1d:zy:xz:yx:dc (oui Unknown), ethertype 802.1Q (0x8100), length 46: vlan 2408, p 0, ethertype ARP, Reply 10.0.0.1 is-at 00:24:xx:yy:zz:76 (oui Unknown), length 28 12:20:52.941675 00:1d:zy:xz:yx:dc (oui Unknown) > 00:24:xx:yy:zz:76 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 2408, p 0, ethertype IPv4, 10.0.0.2 > 10.0.0.1: ICMP echo request, id 2890, seq 1, length 64 12:20:52.941855 00:24:xx:yy:zz:76 (oui Unknown) > 00:1d:zy:xz:yx:dc (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 2408, p 0, ethertype IPv4, 10.0.0.1 > 10.0.0.2: ICMP echo reply, id 2890, seq 1, length 64 12:20:53.938338 00:1d:zy:xz:yx:dc (oui Unknown) > 00:24:xx:yy:zz:76 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 2408, p 0, ethertype IPv4, 10.0.0.2 > 10.0.0.1: ICMP echo request, id 2890, seq 2, length 64 12:20:53.938458 00:24:xx:yy:zz:76 (oui Unknown) > 00:1d:zy:xz:yx:dc (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 2408, p 0, ethertype IPv4, 10.0.0.1 > 10.0.0.2: ICMP echo reply, id 2890, seq 2, length 64
- mitty@AG300H:~$ sudo tcpdump -e -i eth1
- untagged/taggedを同じネットワーク上で使う(multi vlan/trunking)場合、LAN側からuntagged packetをNAPTするにはeth0ではなくeth0.0をGatewayにする必要がある
- VLAN IDは0~127のみ使用可能
- wrong setting
config switch_vlan option device 'eth0' option vlan '0' option ports '0 1 2 3 4' config switch_vlan option device 'eth0' option vlan '128' option ports '0t 1t 2t 3t 4t'
- mitty@AG300H:~$ swconfig dev eth0 show
VLAN 0: vid: 0 ports: 0 1 2 3 4
- mitty@AG300H:~$ swconfig dev eth0 show
- correct setting
config switch_vlan option device 'eth0' option vlan '0' option ports '0 1 2 3 4' config switch_vlan option device 'eth0' option vlan '127' option ports '0t 1t 2t 3t 4t'
- mitty@AG300H:~$ swconfig dev eth0 show
VLAN 0: vid: 0 ports: 0t 1t 2t 3t 4t VLAN 127: vid: 127 ports: 0t 1t 2t 3t 4t
- mitty@AG300H:~$ swconfig dev eth0 show
- wrong setting
switch_vlan config with "option vlan '0'"
- http://wiki.openwrt.org/doc/uci/network/switch#vlanswitch.config
In the option ports line, a number indicates that the specified vlan includes the port with that number. If the number is followed by a "t" then packets transmitted out that port on this VLAN are tagged, and that packets received on that port may be received with this VLAN tag. So, '0 1 2 3 5t' would mean that packets on this VLAN are transmitted untagged when leaving ports 0, 1, 2 and 3, but tagged when leaving port 5 (generally the CPU internal port as described above).
- となっているが、untaggedなはずのportからも実際にはtagged packetが送出される
- この問題は、VLAN ID として0を指定すると解決する
sample setting with problem
- /etc/config/network
config interface 'lan' option ifname 'eth0.1' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.0.1' config interface 'vlan' option ifname 'eth0.2' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.2.1' config switch option name 'eth0' option reset '1' option enable_vlan '1' config switch_vlan option device 'eth0' option vlan '1' option ports '0t 1 2 3 4' config switch_vlan option device 'eth0' option vlan '2' option ports '0t 1t 2t 3t 4t'
- mitty@AG300H:~$ ifconfig |egrep 'Link|addr'
eth0 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 eth0.1 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 eth0.2 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
with Linux node
- root@Microknoppix:~# ifconfig |egrep 'Link|addr'
eth1 Link encap:Ethernet HWaddr 00:1d:zy:xz:yx:dc inet addr:192.168.0.60 Bcast:192.168.0.255 Mask:255.255.255.0 eth1.1 Link encap:Ethernet HWaddr 00:1d:zy:xz:yx:dc eth1.2 Link encap:Ethernet HWaddr 00:1d:zy:xz:yx:dc inet addr:192.168.2.60 Bcast:192.168.2.255 Mask:255.255.255.0
- root@Microknoppix:~# ip route
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.60 192.168.2.0/24 dev eth1.2 proto kernel scope link src 192.168.2.60
untagged
- root@Microknoppix:~# ping 192.168.0.1 -c 2
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data. From 192.168.0.60 icmp_seq=1 Destination Host Unreachable From 192.168.0.60 icmp_seq=2 Destination Host Unreachable --- 192.168.0.1 ping statistics --- 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1008ms
- mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
00:07:48.165448 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.1 tell 192.168.0.60, length 46 00:07:48.165493 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 28 00:07:49.168881 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.1 tell 192.168.0.60, length 46 00:07:49.168925 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 28 00:07:50.172211 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.1 tell 192.168.0.60, length 46 00:07:50.172255 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 28
- root@Microknoppix:~# sudo tcpdump -n -e -i eth1 icmp or arp
00:07:49.739793 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.0.1 tell 192.168.0.60, length 28 00:07:49.739923 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 60: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 42 00:07:50.743222 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.0.1 tell 192.168.0.60, length 28 00:07:50.743361 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 60: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 42 00:07:51.746558 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.0.1 tell 192.168.0.60, length 28 00:07:51.746698 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 60: vlan 1, p 0, ethertype ARP, Reply 192.168.0.1 is-at 00:24:xx:yy:zz:74, length 42
- Microknoppixからすると、送る時はuntaggedなのに返ってくる時にtaggedになっているため、疎通不能である
VLAN ID 2 (eth0.2)
- root@Microknoppix:~# ping 192.168.2.1 -c 2
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data. 64 bytes from 192.168.2.1: icmp_req=1 ttl=64 time=2.95 ms 64 bytes from 192.168.2.1: icmp_req=2 ttl=64 time=0.268 ms --- 192.168.2.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.268/1.610/2.952/1.342 ms
- mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
00:09:52.211509 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.60, length 46 00:09:52.211613 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Reply 192.168.2.1 is-at 00:24:xx:yy:zz:74, length 28 00:09:52.211741 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3528, seq 1, length 64 00:09:52.211927 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3528, seq 1, length 64 00:09:53.210338 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3528, seq 2, length 64 00:09:53.210453 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3528, seq 2, length 64
- root@Microknoppix:~# sudo tcpdump -n -e -i eth1 icmp or arp
00:09:53.786560 00:1d:zy:xz:yx:dc > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.60, length 28 00:09:53.786782 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 60: vlan 2, p 0, ethertype ARP, Reply 192.168.2.1 is-at 00:24:xx:yy:zz:74, length 42 00:09:53.786816 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3528, seq 1, length 64 00:09:53.787074 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3528, seq 1, length 64 00:09:54.785397 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3528, seq 2, length 64 00:09:54.785632 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3528, seq 2, length 64
- eth1.2 (VLAN ID 2)については問題ない
VLAN ID 1 (eth1.1)
- eth1.1で通信するように変更すると、疎通可能になる
- root@Microknoppix:~# ifconfig eth1 0.0.0.0
- root@Microknoppix:~# ifconfig eth1.1 192.168.0.60
- root@Microknoppix:~# ping 192.168.0.1 -c 2
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_req=1 ttl=64 time=0.490 ms 64 bytes from 192.168.0.1: icmp_req=2 ttl=64 time=0.268 ms --- 192.168.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.268/0.379/0.490/0.111 ms
- mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
00:16:27.724498 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3579, seq 1, length 64 00:16:27.724738 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.60 tell 192.168.0.1, length 28 00:16:27.724841 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Reply 192.168.0.60 is-at 00:1d:zy:xz:yx:dc, length 46 00:16:27.724863 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3579, seq 1, length 64 00:16:28.723493 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3579, seq 2, length 64 00:16:28.723613 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3579, seq 2, length 64
- root@Microknoppix:~# sudo tcpdump -n -e -i eth1 icmp or arp
00:16:29.301169 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3579, seq 1, length 64 00:16:29.301509 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 1, p 0, ethertype ARP, Request who-has 192.168.0.60 tell 192.168.0.1, length 42 00:16:29.301538 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 46: vlan 1, p 0, ethertype ARP, Reply 192.168.0.60 is-at 00:1d:zy:xz:yx:dc, length 28 00:16:29.301628 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3579, seq 1, length 64 00:16:30.300170 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3579, seq 2, length 64 00:16:30.300407 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3579, seq 2, length 64
with Windows
- Windowsは、NICのドライバが対応していないと、VLAN IDを解さないのでおかしなことになる
untagged
- Windows:NICのアドレス>192.168.0.102
- D:\tmp>ping 192.168.0.1 -n 2
192.168.0.1 に ping を送信しています 32 バイトのデータ: 192.168.0.1 からの応答: バイト数 =32 時間 <1ms TTL=64 192.168.0.1 からの応答: バイト数 =32 時間 =1ms TTL=64 192.168.0.1 の ping 統計: パケット数: 送信 = 2、受信 = 2、損失 = 0 (0% の損失)、 ラウンド トリップの概算時間 (ミリ秒): 最小 = 0ms、最大 = 1ms、平均 = 0ms
- mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
23:22:02.948026 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 78: vlan 1, p 0, ethertype IPv4, 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4079, length 40 23:22:02.948193 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype 802.1Q (0x8100), length 78: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4079, length 40 23:22:03.950631 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 78: vlan 1, p 0, ethertype IPv4, 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4080, length 40 23:22:03.950753 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype 802.1Q (0x8100), length 78: vlan 1, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4080, length 40
- D:\tmp>windump -i 3 -e -n icmp or arp
23:22:02.869718 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 74: 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4079, length 40 23:22:02.869962 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 74: 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4079, length 40 23:22:03.872305 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 74: 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4080, length 40 23:22:03.872450 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 74: 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4080, length 40
- WZR-HP-AG300Hからすると、VLAN IDを付与して返信しているが、WindowsがVLAN IDを解さないので通信出来てしまう
VLAN ID 2
- Windows:NICのアドレスを手動設定 -> 192.168.2.102
- Windowns -> WZR-HP-AG300H
- D:\tmp>ping 192.168.2.1 -n 2
192.168.2.1 に ping を送信しています 32 バイトのデータ: 192.168.2.102 からの応答: 宛先ホストに到達できません。 192.168.2.102 からの応答: 宛先ホストに到達できません。 192.168.2.1 の ping 統計: パケット数: 送信 = 2、受信 = 2、損失 = 0 (0% の損失)、
- mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
23:32:20.640132 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46 23:32:21.257157 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46 23:32:22.257232 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46 23:32:23.260331 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46 23:32:24.257369 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46 23:32:25.257364 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Request who-has 192.168.2.1 tell 192.168.2.102, length 46
- D:\tmp>windump -i 3 -e -n icmp or arp
23:32:20.592232 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102 23:32:21.209364 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102 23:32:22.209380 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102 23:32:23.212432 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102 23:32:24.209411 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102 23:32:25.209295 1c:c1:zz:yy:xx:ww > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 192.168.2.1 tell 192.168.2.102
- Windowsから送出されるパケットにはVLAN IDが付与されないため、自動的にVLAN ID 1が付与される
- D:\tmp>ping 192.168.2.1 -n 2
- WZR-HP-AG300H -> Windows
- mitty@AG300H:~$ sudo ping 192.168.2.102
PING 192.168.2.102 (192.168.2.102): 56 data bytes ^C --- 192.168.2.102 ping statistics --- 73 packets transmitted, 0 packets received, 100% packet loss
- mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
23:59:17.651760 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.102 tell 192.168.2.1, length 28 23:59:17.652365 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Reply 192.168.2.102 is-at 1c:c1:zz:yy:xx:ww, length 46 23:59:18.651759 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.102 tell 192.168.2.1, length 28 23:59:18.652148 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Reply 192.168.2.102 is-at 1c:c1:zz:yy:xx:ww, length 46
- D:\tmp>windump -i 3 -e -n icmp or arp
23:59:17.646191 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: arp who-has 192.168.2.102 tell 192.168.2.1 23:59:17.646786 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype ARP (0x0806), length 42: arp reply 192.168.2.102 is-at 1c:c1:zz:yy:xx:ww 23:59:18.645996 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: arp who-has 192.168.2.102 tell 192.168.2.1 23:59:18.646292 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype ARP (0x0806), length 42: arp reply 192.168.2.102 is-at 1c:c1:zz:yy:xx:ww
- VLAN IDが抜け落ちるため、arpを受信出来てしまいreplyしているが、WZR-HP-AG300H側としてはVLAN ID 1のパケットとして届くので疎通出来ない
- mitty@AG300H:~$ sudo ping 192.168.2.102
how to solve
- 先に述べたように、VLAN IDとして0を設定すればよい
- このとき、忘れずにconfig interface 'lan'をoption ifname 'eth0.0'に変更する
- lan->wanで正常にNAPTされなくなる
- ただし、WebUIからはセット出来ないため、/etc/config/networkをvimなどで直接編集する必要がある
- /etc/config/network
config interface 'lan' option ifname 'eth0.0' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.0.1' config interface 'vlan' option ifname 'eth0.2' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.2.1' config switch option name 'eth0' option reset '1' option enable_vlan '1' config switch_vlan option device 'eth0' option vlan '0' option ports '0t 1 2 3 4' config switch_vlan option device 'eth0' option vlan '2' option ports '0t 1t 2t 3t 4t'
- mitty@AG300H:~$ ifconfig |egrep 'Link|addr'
eth0 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 eth0.2 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
check connection with Linux node
- root@Microknoppix:~# ifconfig |egrep 'Link|addr'
eth1 Link encap:Ethernet HWaddr 00:1d:zy:xz:yx:dc inet addr:192.168.0.60 Bcast:192.168.0.255 Mask:255.255.255.0 eth1.1 Link encap:Ethernet HWaddr 00:1d:zy:xz:yx:dc eth1.2 Link encap:Ethernet HWaddr 00:1d:zy:xz:yx:dc inet addr:192.168.2.60 Bcast:192.168.2.255 Mask:255.255.255.0
untagged
- root@Microknoppix:~# ping 192.168.0.1 -c 2
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_req=1 ttl=64 time=0.460 ms 64 bytes from 192.168.0.1: icmp_req=2 ttl=64 time=0.289 ms --- 192.168.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.289/0.374/0.460/0.087 ms
- mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
00:52:59.314253 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 98: 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3644, seq 1, length 64 00:52:59.314476 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.0.60 tell 192.168.0.1, length 28 00:52:59.314579 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype ARP (0x0806), length 60: Reply 192.168.0.60 is-at 00:1d:zy:xz:yx:dc, length 46 00:52:59.314600 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype IPv4 (0x0800), length 98: 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3644, seq 1, length 64 00:53:00.313226 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 98: 192.168.0.60 > 192.168.0.1: ICMP echo request, id 3644, seq 2, length 64 00:53:00.313323 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype IPv4 (0x0800), length 98: 192.168.0.1 > 192.168.0.60: ICMP echo reply, id 3644, seq 2, length 64 00:53:00.376869 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 148: 192.168.0.1 > 192.168.0.102: ICMP net 192.168.83.228 unreachable,
VLAN ID 2
- root@Microknoppix:~# ping 192.168.2.1 -c 2
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data. 64 bytes from 192.168.2.1: icmp_req=1 ttl=64 time=0.461 ms 64 bytes from 192.168.2.1: icmp_req=2 ttl=64 time=0.357 ms --- 192.168.2.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.357/0.409/0.461/0.052 ms
- mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
00:53:34.735856 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3645, seq 1, length 64 00:53:34.736074 00:24:xx:yy:zz:74 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 2, p 0, ethertype ARP, Request who-has 192.168.2.60 tell 192.168.2.1, length 28 00:53:34.736175 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype ARP, Reply 192.168.2.60 is-at 00:1d:zy:xz:yx:dc, length 46 00:53:34.736197 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3645, seq 1, length 64 00:53:35.735528 00:1d:zy:xz:yx:dc > 00:24:xx:yy:zz:74, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.60 > 192.168.2.1: ICMP echo request, id 3645, seq 2, length 64 00:53:35.735663 00:24:xx:yy:zz:74 > 00:1d:zy:xz:yx:dc, ethertype 802.1Q (0x8100), length 102: vlan 2, p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.60: ICMP echo reply, id 3645, seq 2, length 64
check connection with Windows node
- D:\tmp>ping 192.168.0.1 -n 2
192.168.0.1 に ping を送信しています 32 バイトのデータ: 192.168.0.1 からの応答: バイト数 =32 時間 <1ms TTL=64 192.168.0.1 からの応答: バイト数 =32 時間 =1ms TTL=64 192.168.0.1 の ping 統計: パケット数: 送信 = 2、受信 = 2、損失 = 0 (0% の損失)、 ラウンド トリップの概算時間 (ミリ秒): 最小 = 0ms、最大 = 1ms、平均 = 0ms
- mitty@AG300H:~$ sudo tcpdump -n -e -i eth0 icmp or arp
00:55:12.487241 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 74: 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4106, length 40 00:55:12.487393 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 74: 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4106, length 40 00:55:13.490727 1c:c1:zz:yy:xx:ww > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 74: 192.168.0.102 > 192.168.0.1: ICMP echo request, id 1, seq 4107, length 40 00:55:13.490841 00:24:xx:yy:zz:74 > 1c:c1:zz:yy:xx:ww, ethertype IPv4 (0x0800), length 74: 192.168.0.1 > 192.168.0.102: ICMP echo reply, id 1, seq 4107, length 40
Briding LAN to NTT-NGN with tagged VLAN
- 目的
- eth1側のONU(NGN網)へ、eth0側のLAN配下のノードからL2で繋ぎたい
- 単純にeth0 <-> eth1でブリッジすると、LAN側のパケットがフィルタ無しでNGN網に飛ぶので推奨されない
- 方法
- eth0 <-> eth1でブリッジして、br deviceをpppoeのifnameに書くのが一番楽
- PPPoEはoption ifnameをbr deviceのものに書き換えることで正常に動作するようになる
- LAN <-> PPPoEとは別に、VLANデバイスを作成してそれをeth1とブリッジする
- 設定が煩雑
- eth0 <-> eth1でブリッジして、br deviceをpppoeのifnameに書くのが一番楽
- firewall(iptables/ufw)の設定を失念していていると、疎通出来ずに混乱するので注意
- (元々の)構成 -> http://wiki.openwrt.org/toh/buffalo/wzr-hp-ag300h#network.port.assignments
- OpenWrt Attitude Adjustment 12.09
- eth0 -> LAN
- eth1 -> WAN(ONU)
- pppoe -> via eth1
Bridging eth0 <-> eth1 directly
- LAN側のパケットがフィルタ無しでONU側(NGN網)に飛ぶことに注意
- eth0 <- br -> eth1をブリッジした上で、pppdをbrデバイス上で動かす場合
- webUIからはpppoeの対象としてbrデバイスを選択出来ないため、設定ファイルを直接編集する必要がある
- AG300H:/etc/config/network
config interface 'lan' option ifname 'eth0 eth1' option type 'bridge' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.0.1' config interface 'wan' option ifname 'br-lan' option proto 'pppoe'
- mitty@AG300H:~$ ifconfig
br-lan Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 eth0 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 eth1 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:76 pppoe-wan Link encap:Point-to-Point Protocol inet addr:114.159.70.188 P-t-P:118.23.8.36 Mask:255.255.255.255
- mitty@AG300H:~$ brctl show
bridge name bridge id STP enabled interfaces br-lan 8000.0024xxyyzz74 no eth0 eth1
Bridging eth1 to VLAN network
- 基本的なコンセプトは wiki:TipAndDoc/network/vlan#BridgingVLAN の概念図を参照
- AG300H:/etc/config/network
config interface 'lan' option ifname 'eth0.0' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.0.1' config interface 'onu' option ifname 'eth0.2 eth1' option type 'bridge' option proto 'none' option auto '1' config interface 'wan' option ifname 'br-onu' option proto 'pppoe' config switch option name 'eth0' option reset '1' option enable_vlan '1' config switch_vlan option device 'eth0' option vlan '0' option ports '0 1 2 3 4' config switch_vlan option device 'eth0' option vlan '2' option ports '0t 1t 2t 3t 4t'
- 以下の様なネットワークになる
- [前述の通り、NAPTによってPPPoEに抜けるにはeth0ではなくeth0.0を指定する点に注意
- mitty@AG300H:~$ ifconfig
br-onu Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 eth0 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 eth0.0 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 eth0.2 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:74 eth1 Link encap:Ethernet HWaddr 00:24:XX:YY:ZZ:76 pppoe-wan Link encap:Point-to-Point Protocol inet addr:114.159.64.161 P-t-P:118.23.8.36 Mask:255.255.255.255
- mitty@AG300H:~$ brctl show
bridge name bridge id STP enabled interfaces br-onu 8000.0024xxyyzz74 no eth0.2 eth1
- mitty@vlan-node:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:c9:70:da inet addr:192.168.0.166 Bcast:192.168.0.255 Mask:255.255.255.0 eth0.2 Link encap:Ethernet HWaddr 00:16:3e:c9:70:da inet6 addr: 2408:211:c083:6a00:a9b0:b00:786e:d38/64 Scope:Global inet6 addr: 2408:211:c083:6a00:216:3eff:fec9:70da/64 Scope:Global
check connection with untagged packet
- mitty@vlan-node:~$ ping 8.8.8.8 -c 2
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_req=1 ttl=55 time=9.06 ms 64 bytes from 8.8.8.8: icmp_req=2 ttl=55 time=8.42 ms --- 8.8.8.8 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 8.424/8.742/9.060/0.318 ms
- mitty@vlan-node:~$ sudo tcpdump -e -n -i eth0 icmp or icmp6
00:08:01.470667 00:16:3e:c9:70:da > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 98: 192.168.0.166 > 8.8.8.8: ICMP echo request, id 543, seq 1, length 64 00:08:01.479684 00:24:xx:yy:zz:74 > 00:16:3e:c9:70:da, ethertype IPv4 (0x0800), length 98: 8.8.8.8 > 192.168.0.166: ICMP echo reply, id 543, seq 1, length 64 00:08:02.471963 00:16:3e:c9:70:da > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 98: 192.168.0.166 > 8.8.8.8: ICMP echo request, id 543, seq 2, length 64 00:08:02.480355 00:24:xx:yy:zz:74 > 00:16:3e:c9:70:da, ethertype IPv4 (0x0800), length 98: 8.8.8.8 > 192.168.0.166: ICMP echo reply, id 543, seq 2, length 64
- mitty@AG300H:~$ sudo tcpdump -e -n -i eth0 icmp or icmp6
00:08:01.470621 00:16:3e:c9:70:da > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 98: 192.168.0.166 > 8.8.8.8: ICMP echo request, id 543, seq 1, length 64 00:08:01.479326 00:24:xx:yy:zz:74 > 00:16:3e:c9:70:da, ethertype IPv4 (0x0800), length 98: 8.8.8.8 > 192.168.0.166: ICMP echo reply, id 543, seq 1, length 64 00:08:02.471803 00:16:3e:c9:70:da > 00:24:xx:yy:zz:74, ethertype IPv4 (0x0800), length 98: 192.168.0.166 > 8.8.8.8: ICMP echo request, id 543, seq 2, length 64 00:08:02.479991 00:24:xx:yy:zz:74 > 00:16:3e:c9:70:da, ethertype IPv4 (0x0800), length 98: 8.8.8.8 > 192.168.0.166: ICMP echo reply, id 543, seq 2, length 64
check connection with tagged packet
- mitty@vlan-node:~$ ping6 flets-east.jp -c 2
PING flets-east.jp(2404:1a8:ff06::1) 56 data bytes 64 bytes from 2404:1a8:ff06::1: icmp_seq=1 ttl=57 time=4.42 ms 64 bytes from 2404:1a8:ff06::1: icmp_seq=2 ttl=57 time=4.79 ms --- flets-east.jp ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 4.425/4.611/4.798/0.198 ms
- mitty@AG300H:~$ sudo tcpdump -e -n -i eth0 icmp or icmp6
00:12:11.795479 00:16:3e:c9:70:da > 00:12:e2:70:52:04, ethertype 802.1Q (0x8100), length 122: vlan 2, p 0, ethertype IPv6, 2408:211:c083:6a00:a9b0:b00:786e:d38 > 2404:1a8:ff06::1: ICMP6, echo request, seq 1, length 64 00:12:11.799675 00:12:e2:70:52:04 > 00:16:3e:c9:70:da, ethertype 802.1Q (0x8100), length 122: vlan 2, p 0, ethertype IPv6, 2404:1a8:ff06::1 > 2408:211:c083:6a00:a9b0:b00:786e:d38: ICMP6, echo reply, seq 1, length 64 00:12:12.797123 00:16:3e:c9:70:da > 00:12:e2:70:52:04, ethertype 802.1Q (0x8100), length 122: vlan 2, p 0, ethertype IPv6, 2408:211:c083:6a00:a9b0:b00:786e:d38 > 2404:1a8:ff06::1: ICMP6, echo request, seq 2, length 64 00:12:12.801717 00:12:e2:70:52:04 > 00:16:3e:c9:70:da, ethertype 802.1Q (0x8100), length 122: vlan 2, p 0, ethertype IPv6, 2404:1a8:ff06::1 > 2408:211:c083:6a00:a9b0:b00:786e:d38: ICMP6, echo reply, seq 2, length 64
- mitty@vlan-node:~$ sudo tcpdump -e -n -i eth0 icmp or icmp6
00:12:11.793550 00:16:3e:c9:70:da > 00:12:e2:70:52:04, ethertype 802.1Q (0x8100), length 122: vlan 2, p 0, ethertype IPv6, 2408:211:c083:6a00:a9b0:b00:786e:d38 > 2404:1a8:ff06::1: ICMP6, echo request, seq 1, length 64 00:12:11.797929 00:12:e2:70:52:04 > 00:16:3e:c9:70:da, ethertype 802.1Q (0x8100), length 122: vlan 2, p 0, ethertype IPv6, 2404:1a8:ff06::1 > 2408:211:c083:6a00:a9b0:b00:786e:d38: ICMP6, echo reply, seq 1, length 64 00:12:12.795197 00:16:3e:c9:70:da > 00:12:e2:70:52:04, ethertype 802.1Q (0x8100), length 122: vlan 2, p 0, ethertype IPv6, 2408:211:c083:6a00:a9b0:b00:786e:d38 > 2404:1a8:ff06::1: ICMP6, echo request, seq 2, length 64 00:12:12.799942 00:12:e2:70:52:04 > 00:16:3e:c9:70:da, ethertype 802.1Q (0x8100), length 122: vlan 2, p 0, ethertype IPv6, 2404:1a8:ff06::1 > 2408:211:c083:6a00:a9b0:b00:786e:d38: ICMP6, echo reply, seq 2, length 64
- 期待通り、VLANを通してONU側のNTT NGN網へ抜けている
Attachments (10)
- option-vlan-0.png (95.7 KB) - added by mitty 12 years ago.
- option-vlan-0-cant_be_saved.png (97.9 KB) - added by mitty 12 years ago.
- option-vlan-0-untagged.png (80.5 KB) - added by mitty 12 years ago.
- option-vlan-1.png (83.4 KB) - added by mitty 12 years ago.
- option-vlan-cant_be_0.png (92.7 KB) - added by mitty 12 years ago.
- br-onu-vlan-2.png (11.0 KB) - added by mitty 12 years ago.
- localbridge-eth0.png (43.1 KB) - added by mitty 12 years ago.
- localbridge-tap.png (41.1 KB) - added by mitty 12 years ago.
- utvpn-eth0.png (14.1 KB) - added by mitty 12 years ago.
- utvpn-tap.png (14.1 KB) - added by mitty 12 years ago.
Download all attachments as: .zip