OpenWrt Forum Archive

Topic: isolated vlan and MAC identification

The content of this topic has been archived on 15 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
TrickerZ
2 Jan 2006, 23:09

Here's what I need:
  *separate vlan for port 4
  *isolate port 4 so it cannot communicate with anything other than the BCM chip and nothing can communicate with it and hopefully not even see it
  *be able to connect ethernet over powerline to port 4 and identify MAC addresses attached to it

Now I think if I do:
  nvram set vlan0ports=1 2 3 5*
  nvram set vlan2ports=4 5
  nvram set vlan2hwname=et0
  nvram commit

I'll get what I want, but I don't want to screw anything up and not be able to connect, so I thought I'd throw it out there for verification before jumping in.  Also, I'm not quite sure how I can identify what MAC addresses are connected to the vlan2.  Any ideas would be much appreciated.

Post #2
IceWulf
3 Jan 2006, 08:42

Just try it and don't nvram commit....

Anything you don't commit gets executed, but not saved (disapeers on reset).  As the ad for Tide (tm) says: "Go ahead, get dirty".

If it does not work, reset your router and everything should be fine.

Post #3
Ephraim
3 Jan 2006, 10:28
TrickerZ wrote:

Now I think if I do:
  nvram set vlan0ports=1 2 3 5*
  nvram set vlan2ports=4 5
  nvram set vlan2hwname=et0
  nvram commit

Those commands will work, but to use the port you will need to set these variables also

nvram set lan2_ifname=vlan2
nvram set lan2_proto=static
nvram set lan2_ipaddr=<x.x.x.x>
nvram set lan2_netmask=255.255.255.0

This assumes You want a "static" ip and <x.x.x.x> is the ip address you want and it's on a class C network. If you want a dynamic ip instead, use "dhcp" for the protocol.

The mac address used will be the same one as is on the eth0 interface unless you set it different by setting the nvram variable "lan2_hwaddr" to a new one.

You will also have to modify /etc/init.d/S40network script and add a line "ifup lan2".

To isolate it from the rest of the network, you'll probably need to add some custom forwarding rules to /etc/firewall.user

I'm not sure about the "ethernet over powerline" feature. I assume you have some sort of adapter for that?

Post #4
wtzm
3 Jan 2006, 11:33
TrickerZ wrote:

*isolate port 4 so it cannot communicate with anything other than the BCM chip and nothing can communicate with it and hopefully not even see it
*be able to connect ethernet over powerline to port 4 and identify MAC addresses attached to it

If you have a robocfg compatible switch (BCM5325E/536x) you should be able to do this to prevent port 4 from transmitting to attached devices:

robocfg port 4 state tx_disabled
Post #5
TrickerZ
3 Jan 2006, 22:23

Thanks for all the help.  I now have a laptop on the separate vlan for testing.  I tried the robocfg setting, but that completely removes all tx to the router as well.  I have the vlan2 as 192.168.2.1 and due to the different range, it seems to keep the traffic separate.  Now my problem is trying to get dhcp to work on that interface.  I'm trying to modify the /etc/init.d/S50dnsmasq script, but I'm having a hard time figuring out how to add the new IP and still keep the old one.  Is there an easy way to just add an interface to dnsmasq that I'm missing?

Post #6
TrickerZ
3 Jan 2006, 22:41
Ephraim wrote:

I'm not sure about the "ethernet over powerline" feature. I assume you have some sort of adapter for that?

It's essentially like attaching a hub to the port.

The discussion might have continued from here.