User Tools

Site Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
en:howto:vlan_settings [2017/02/24 10:06]
nkoranova [Configuring internal VLANs]
en:howto:vlan_settings [2019/05/28 11:51] (current)
vmyslivec Create Disambiguation page
Line 1: Line 1:
-====== Configuring internal VLANs - Turris 1.0 & 1.1======+====== Configuring internal VLANs ======
  
-<WRAP important center 60%> +VLAN is a logically independent (local) network within one network deviceIt means you can assign different internal network to different physical ports on your router.
-This manual ​is only valid for [[cs:​howto:​turris_versions|Turris 1.0 & 1.1]] +
-</​WRAP>​+
  
-When setting VLAN on Turrisit is good to first understand the hardware ​setup and the interconnection of individual componentsSee the following schema: ​+You can, for example, setup separated network for untrusted devices (IoT sensors, Smart TV, ...) which should not have access to your normal devices such as computers ​and mobiles.ed 
  
-{{:​navody:​nastaveni_vlan:​turris-net.png?​600|}} 
  
-The processor of the router Turris Omnia (SoC, Armada 385) has 3 network interfaces. In the system they are ''​eth0'',​ ''​eth1''​ and ''​eth2''​. ''​eth2''​ is connected directly to WAN on the back side of the router, the interfaces ''​eth0''​ and ''​eth1''​ are connected to the switch-chip,​ specifically to ports 0 and 6, and their assignment to the connectors ''​LAN1''​ -- ''​LAN5''​ can be configured. ​+===== Disambiguation =====
  
 +  * [[:​en:​howto:​vlan_settings_turris|VLAN on Turris 1.x]]
 +  * [[:​en:​howto:​vlan_settings_omnia|VLAN on Turris Omnia]]
  
-===== Default configuration ===== 
- 
-The router is by default configured so that the ''​LAN1''​ connector is assigned to the ''​eth0''​interface. The rest of the connectors (''​LAN2''​ -- ''​LAN5''​) are connected via the interface ''​eth1''​. See the following file:  
- 
-<code txt /​etc/​config/​network>​ 
-config interface '​loopback'​ 
-      option ifname '​lo'​ 
-      option proto '​static'​ 
-      option ipaddr '​127.0.0.1'​ 
-      option netmask '​255.0.0.0'​ 
- 
-config globals '​globals'​ 
-      option ula_prefix '​auto'​ 
- 
-config interface '​lan'​ 
-      option ifname 'eth0 eth1' 
-      option type '​bridge'​ 
-      option proto '​static'​ 
-      option ipaddr '​192.168.1.1'​ 
-      option netmask '​255.255.255.0'​ 
-      option ip6assign '​60'​ 
- 
-config interface '​wan'​ 
-      option ifname '​eth2'​ 
-      option proto '​dhcp'​ 
- 
-config interface '​wan6'​ 
-      option ifname '​@wan'​ 
-      option proto '​dhcpv6'​ 
- 
-config switch 
-      option name '​switch0'​ 
-      option reset '​1'​ 
-      option enable_vlan '​1'​ 
- 
-config switch_vlan 
-      option device '​switch0'​ 
-      option vlan '​1'​ 
-      option ports '0 1 2 3 4 ' 
- 
-config switch_vlan 
-      option device '​switch0'​ 
-      option vlan '​2'​Router is by default set so that ''​LAN1''​ is assigned to interface ''​eth0''​. The rest of the connectors (''​LAN2''​ -- ''​LAN5''​) are connected via interface ''​eth1''​. See the following file: 
- 
-      option ports '5 6' 
-</​code>​ 
- 
-From looking at the last two blocks of ''​config switch_vlan'',​ it should be clear that two VLANs are set up. In the first block ''​VLAN1''​ is defined as the connection of ports ''​0 1 2 3 4''​ to the switch-chip. ''​Port0'',​ as can be seen in the schema above, goes with interface ''​eth1'',​ ports 1 to 4 go with the corresponding physical connectors ''​LAN2''​ -- ''​LAN5''​. So, if an ethernet cable is connected to any connector ''​LAN2''​ to ''​LAN5'',​ the given data flow can be seen on the interface ''​eth1''​. The same goes for the interface ''​br-lan'',​ because ''​eth1''​ are ''​eth2''​ connected via bridge - see block ''​config interface '​lan'​ ''​. 
- 
-Analogous to that is the system in the next block ''​config switch_vlan'':​ ''​VLAN2''​ goes with ''​port6''​ (and so also the interface ''​eth0''​) and ''​port5'',​ which is physically connected to ''​LAN1''​. 
- 
-===== VLAN ===== 
- 
-It should be visible from the previous section that ''​eth1''​ and ''​eth0''​ represent VLANs with the names ''​VLAN1''​ and ''​VLAN2''​. It is also possible to add more VLANs, see the following example (mentioned are only blocks for ''​config switch_vlan''​):​ 
- 
-<code txt /​etc/​config/​network>​ 
-config switch_vlan 
-      option device '​switch0'​ 
-      option vlan '​1'​ 
-      option ports '0t 1 2' 
- 
-config switch_vlan 
-      option device '​switch0'​ 
-      option vlan '​2'​ 
-      option ports '5 6' 
- 
-config switch_vlan 
-      option device '​switch0'​ 
-      option vlan '​3'​ 
-      option ports '0t 3 4 ' 
-</​code>​ 
- 
-''​VLAN2''​ stayed the same as in the previous example (it connects the interface ''​eth0''​ with the connector ''​LAN1''​. ''​VLAN1''​ now contains ''​port0''​ (interface ''​eth1''​),​ ''​port1''​ (and so connector ''​LAN5''​) and ''​port2''​ (corresponds with connectors ''​LAN4''​). Notice that ''​port0''​ is tagged (''​0t''​), ​ 
-which is necessary, because ''​port0''​ (interface ''​eth1''​) is used as a link between the switch-chip and the processor for ''​VLAN1''​ and also for''​VLAN3''​. The last block is to be understood analogously. ​ 
- 
-For managing the correct functioning of the set-up VLANs, it is necessary to change the block ''​config interface '​lan'​ ''​. For example like this: 
- 
-<code txt /​etc/​config/​network>​ 
-config interface '​lan'​ 
-    option ifname 'eth0 eth1.1'​ 
-    option type '​bridge'​ 
-    option proto '​static'​ 
-    option ipaddr '​192.168.1.1'​ 
-    option netmask '​255.255.255.0'​ 
-    option ip6assign '​60'​ 
- 
-config interface '​lan-2'​ 
-    option ifname '​eth1.3'​ 
-    option type '​bridge'​ 
-    option proto '​static'​ 
-    option ipaddr '​10.0.0.1'​ 
-    option netmask '​255.255.255.0'​ 
-</​code>​ 
- 
-Notice that in block ''​ '​lan'​ ''​ we changed ''​eth1''​ to ''​eth1.1'',​ which signifies ''​VLAN1''​ on interface ''​eth1''​. We also created a new network ''​ '​lan-2'​ ''​ with static allocation to which we connected ''​VLAN3''​ and so also the physical connectors ''​LAN2''​ and ''​LAN3''​ (see previous VLAN setting and the above schema).