OpenWrt Forum Archive

This was going to be nicer, but I hit reload and lost it all..

WARNING: Changing the vlans around can make it hard/impossible to access your router.
If you don't know what you're doing with networking, be very careful. Rig up a serial cable.
I suggest making all the changes to the switch and SAVE them but do not apply them.
That way you can continue to manage it via the web interface till you're all done.
Then when you are done and save it, you will have to connect to the correct port that is the new port assigned to the correct vlan!
Please, expect to need a serial cable and expect to have to save your router by typing network commands on the serial terminal.
If you don't know how to run ifconfig on the serial terminal to find out the IP addresses and which port they are on, then probably
you shouldn't mess with the switch settings..!

NOTE: Most of this applies to Kamikaze. But unfortunately, half of the coolness in having 5 ethernet ports on your router is then being able to do ethernet bridging and firewalling between them with ebtables - which is not available in Kamikaze. And, since I can't figure out how to "Check out ebtables from OpenWrt and compile in the SDK" and Buildroot will not build for me because it cant find g++-uc or whatever, and I need ebtables, I'm temporarily using the latest WhiteRussian...!! So there will be some notes on WhiteRussian usage as well.

Under Administration->Network->Switch (I'm working with Linksys wrt54gl)
one can reconfigure the switch to provide up to 5 network ports on the router.

Basically, the built in switch is a 6 port vlan capable switch.
Ports 0-3 (the first four) are by default for LAN, then 4 (the fifth port) is for WAN, and port 5 (the sixth port) is the trunk port - and is internally connected to eth0.

Different vlans show up as eth0.x where x is the vlan ID number.

On my unit, port 0 is nearest the power plug and they count up in order with port 4 being the "WAN" port.

The default is something like this:

VLAN0 (ethX.0): 0 1 2 3 5*
VLAN1 (ethX.1): 4 5

By default, 5 is the trunk port. So what the above should look like is:

VLAN0 (ethX.0): 0 1 2 3 5t*
VLAN1 (ethX.1): 4 5t

('t' means that is the(a) trunk port for that vlan. I don't know what the * means.)
(Or perhaps 't' means "Tagged"?)

What the above means (the two VLAN lines) is that ports 0, 1, 2, and 3 are in vlan0, and port 5 is the(a) trunk port for vlan0 -- in other words, any traffic into ports 0-3 is tagged as "Vlan0" and sent out port 5.

And the second line (VLAN1) means that port 4 belongs to vlan1, and 5 is also the trunk port for vlan1.

So, to put yourself 5 different network interfaces, set it up thus:

VLAN0 (ethX.0): 0 5t*
VLAN0 (ethX.1): 1 5t
VLAN0 (ethX.2): 2 5t
VLAN0 (ethX.3): 3 5t
VLAN0 (ethX.4): 4 5t

The above sets each of the 5 external ports to be on 5 different vlans.

Then you can go into Administration->Network->Interfaces

and add ports (I named mine port0,port1,port2,port3,port4) and for each one you choose a device of eth0.0, eth0.1, and so on.

Then you will have 5 ethernet ports on your router named eth0.0 through eth0.4. You can do all the regular things with these - you can add th em to a bridge, route between them, and so on and so forth.

Also, there is an especially clever and useful implementing of bridging in the Administration->Network->Interfaces page:
You can add an interface and check the "Bridge Interfaces" checkbox, then you add a list of space-separated interface names (like eth0.0 eth0.1 etc.) and instead of assigning the specified IP to any particular real interface, it creates a bridge and adds all the specified interfaces to the bridge and assigns the IP to the bridge instead!

(For those who don't know: A bridge is a virtual switch. When 2 or more interfaces (like eth0.0, wlan0, whatever) are added to the bridge, it is as if they are both plugged into the same switch. The cool part is that you can use ebtables to firewall the ethernet frames as they pass between the different interfaces of the bridge.)

Note however that you probably won't have much success adding to a bridge interfaces which show up in "Administration->Network->Interfaces".
It will seem like you can add them, but they probably won't work.

UPDATE:
As it turns out, the Linksys wrt54GL has the port numbers molded the plastic case in reverse order.
So if you want eth0.1 to be "Port 1" and eth0.4 to be "Port 4" as depicted on the case, use this configuration:

VLAN0 (ethX.0): 4 5t*
VLAN0 (ethX.1): 3 5t
VLAN0 (ethX.2): 2 5t
VLAN0 (ethX.3): 2 5t
VLAN0 (ethX.4): 1 5t

NOTE: In whiterussian, the vlan interfaces may show up as vlan0 instead of eth0.0, and vlan1 instead of eth0.1, and so on.
NOTE: In whiterussian, there's no web interface for configuring the switch, so you can do it instead with a bash script like this:

echo "4 5t*" > /proc/switch/eth0/vlan/0/ports
echo "3 5t" > /proc/switch/eth0/vlan/1/ports
echo "2 5t" > /proc/switch/eth0/vlan/2/ports
echo "1 5t" > /proc/switch/eth0/vlan/3/ports
echo "0 5t" > /proc/switch/eth0/vlan/4/ports

#Well, the nvram may only set 3/some of the vlans..
#but at least it stopped the loop.
#so we can finish setting them up above.

UPDATE (WARNING)

#Okay, so bad news. The bios sets the switch according to nvram within seconds of poweron..
#So if the default (nvram) configuration has two ports on the same vlan you will get a loop if they
#are connected together. Thus, the vlans really need to be set in the nvram so that
#they are configured to isolate as needed right away..
#Once they are set in nvram, then you shouldn't need to change them..
#usage: nvram [get name] [set name=value] [unset name] [show]

nvram set vlan0ports="4 5t*"
nvram set vlan1ports="3 5t"
nvram set vlan2ports="2 5t"
nvram set vlan3ports="1 5t"
nvram set vlan4ports="0 5t"
nvram commit

then, reboot to test it and make sure that it takes effect.

Just one the above once, and that will write the new switch/vlan configuration to nvram where it will be applied right away on poweron.
That way, if you're trying to do a redundant route or something, the device doesn't form a really dumb loop for the minute that it takes to boot up.

Sorry this is so rough. Hope it helps someone!

-Jesse

(Last edited by jesseg on 8 Jan 2010, 01:25)