23-Openwrt switch vlan配置
2022-05-28 本文已影响0人
Creator_Ly
路由器上面基本都是用switch芯片来实现lan/wan的划分,但是有的switch只有一个GMAC,有的有多个GMAC,对于内核驱动设备来说就是有的switch生成的只有eth0,有的switch生成的有eth0和eth1。
1、基本概念
1.1、wan lan
- LAN:Local Area Network 的英文简称,即局域网
我们计算机和路由连在一起就是接这个口 - WAN: Wide Area Network 的英文简称,即广域网
运营商拉进来的网线就是和这个口连在一起 - VLAN( Virtual Local Area Network)的中文名为"虚拟局域网"
VLAN通常是在局域网中逻辑地再划分为几个网段来构成VLAN。一个局域网中可以划分为N多个VLAN,使VLAN之间不可互相通信(通常这是为了安全起见)。LAN和WAN都属于VLAN - VLAN ID:每个VLAN都有一个ID,范围为0-4095之间,但是0和4095仅仅限于系统使用,用户不能查看和使用。所以我们可以使用的范围为1-4994
- ACCESS口:在OpenWRT里面为未标记,只属于一个VLAN通过
- TRUNK口:在OpenWRT里面为已标记,允许多个VLAN通过
- ethX.X:在大部分Linux发行版中,第一个X为实际的物理网卡ID,第二个X为VLAN ID
1.2、phy switch
- MAC(介质访问控制),可以理解成数据链路层即可
- PHY(物理性),简单理解层转成物理层的连接组件即可
- 控制接口(MDC/DMIO,I2C,SPI),数据接口(RGMII / GMII/MII)
- 网卡: 可以理解成phy 和mac 组成的一个芯片,直接可以通过各种接口和cpu对接
- PHY: 单纯的物理层芯片,通常是和SOC 或是MCU对接,部分soc和mcu 都会集成mac
- switch : 多网口设备,内部结构就是mac+phy,主要功能是将数据在不同端口之间转发。也会留有数据接口以便和SOC 等设备对接。
嵌入式设备的switch 以及PHY 芯片调试和选型 :https://blog.csdn.net/noheike/article/details/105037362
2、 openwrt官方配置swconfig
openwrt官方使用的是swconfig工具,它属于package下面的一个包
https://oldwiki.archive.openwrt.org/doc/techref/swconfig
- 可以使用swconfig命令来查看一些网卡的信息,如swconfig list 、swconfig dev eth0 show等。
swconfig 结构框架是应用层与内核驱动通信的一种框架,主要实通过应用层命令去配置交换机芯片的底层驱动,应用层与内核层采用netlink通信机制.
首先看到
- package/network/config/swconfig/cli.c文件,跳到main()函数,里面主要做了检查参数,根据传进来的参数操作底层驱动。
然后看到 - target/linux/generic/files/drivers/net/phy/swconfig.c
- target/linux/generic/files/include/linux/switch.h
这是内核层的代码,因为交换机芯片种类繁多,需要有统一接口去兼容所有交换机驱动接口,swconfig.c就是一套定义接口。应用层的命令首先会跳到swconig.c去选择底层驱动函数。
交换机芯片驱动位置
- target/linux/generic/files/drivers/net/phy/
交换机是总线设备驱动类型的,在swconfig.c已经注册了交换机设备register_switch,在驱动里面要注册交换机驱动,然后匹配设备和驱动,调用probe.
所以使用应用层swconfig的package包时,内核也需要有相应的CONFIG_SWCONFIG=y配置开启。
3、network启动配置switch过程
/etc/init.d/network start的时候会调用setup_switch函数,该函数位于/lib/network/switch.sh中
init_switch() {
setup_switch() { return 0; }
include /lib/network
setup_switch
}
start_service() {
init_switch
procd_open_instance
procd_set_param command /sbin/netifd
procd_set_param respawn
procd_set_param watch network.interface
[ -e /proc/sys/kernel/core_pattern ] && {
procd_set_param limits core="unlimited"
}
procd_close_instance
}
/lib/network/switch.sh的代码如下,所以最终是调用swconfig来配置switch参数
#!/bin/sh
# Copyright (C) 2009 OpenWrt.org
setup_switch_dev() {
local name
config_get name "$1" name
name="${name:-$1}"
[ -d "/sys/class/net/$name" ] && ip link set dev "$name" up
swconfig dev "$name" load network
}
setup_switch() {
config_load network
config_foreach setup_switch_dev switch
}
4、/etc/config/network配置vlan
4.1、实例1:switch只有一个eth0口
这边配置的name为switch0是驱动查出来的
root@OpenWrt:/# swconfig list
Found: switch0 - rt305x
如下配置信息,lan配置为eth0.1则下面的vlan1为lan口的信息,wan配置为eth0.2则下面的vlan2为wan口的信息。
root@OpenWrt:/# cat /etc/config/network
config interface 'lan' //配置LAN口
option type 'bridge' //桥接方式
option ifname 'eth0.1' // 代表vlan1,这个很重要,下面配置会用到
option proto 'static' //静态IP
config device 'lan_dev' //配置LAN硬件信息
option macaddr //设置MAC地址
config interface 'wan' //配置WAN口
option ifname 'eth0.2' // 代表vlan2,这个很重要,下面配置会用到
option type 'dhcp' //dhcp方式
config switch
//switch中文意思就开关,所以下面就是使能vlan口
option name 'switch0'
option reset '1'
option enable_vlan '1' // 1表示开启vlan口
config switch_vlan
option name 'switch0'
option vlan '1' //VLAN1, 和上面的option ifname 'eth0.1'相匹配,所以是配置LAN口
option ports '0 1 2 3 6t' //0~3都是LAN口,RT5350有5个端口
config switch_vlan
option name 'switch0'
option vlan '2' //VLAN2, 和上面的option ifname 'eth0.2'相匹配,所以是配置WAN口
option ports '4 6t' //4是WAN口
swconfig dev switch0 show可以查看具体信息
swconfig其他命令可以查看官网:http://wiki.openwrt.org/doc/techref/swconfig。
或者使用swconfig dev switch0 help命令就可以列出全部支持的命令
root@OpenWrt:/# swconfig dev switch0 show
Global attributes:
enable_vlan: 1
alternate_vlan_disable: 0
bc_storm_protect: 0
led_frequency: 0
Port 0:
disable: 0
doubletag: 0
untag: 1
led: 5
lan: 0
recv_bad: 0
recv_good: 587
tr_bad: 0
tr_good: 246
pvid: 2
link: port:0 link:up speed:100baseT full-duplex
Port 1:
...
pvid: 1
link: port:1 link:down
Port 2:
...
pvid: 1
link: port:2 link:down
Port 3:
...
pvid: 1
link: port:3 link:up speed:100baseT full-duplex
Port 4:
...
pvid: 1
link: port:4 link:down
Port 5:
...
tr_good: 0
pvid: 0
link: port:5 link:down
Port 6:
...
pvid: 0
link: port:6 link:up speed:1000baseT full-duplex
VLAN 1:
ports: 1 2 3 4 6t
VLAN 2:
ports: 0 6t
image.png
图片来自官网:https://oldwiki.archive.openwrt.org/doc/uci/network/switch
https://oldwiki.archive.openwrt.org/doc/uci/network
- eth0是一块物理网卡,如MT7688就一个switch芯片,这个switch芯片可以实现5个Port口,所以我们可以通过vlan技术,虚拟成多种端口
- eth0.1 eth0.2都是从此设备上虚拟出来的。
- eth0.1 是vlan1分出的lan口.
- eth0.2 是vlan分出的wan口。
- br-lan 虚拟设备,用于LAN口设备桥接.
br-lan = eth0.1 + rai0 + ra0,即将有线LAN口和无线网统一划分为 LAN,便于管理,可以用brctl show查看使用情况。
root@Openwrt:/# brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.008811225577 no eth0.1
ra0
ra1
4.2、实例2:switch有两个eth0、eth1口
如mt7531就是双GMAC的switch,datasheet上面也有标注
1-port SGMII MAC(P6), and -1-port RGMII/SGMII MAC(P5)
image.png
这就相当于P6会生成eth0给lan口使用,P5会生成eth1给wan口使用
root@OpenWrt:/# swconfig list
Found: switch0 - mt763x
如下配置信息,lan配置为eth0则下面的vlan1为lan口的信息,wan配置为eth01则下面的vlan2为wan口的信息。
root@OpenWrt:/# cat /etc/config/network
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 5'
root@Openwrt:~# swconfig dev switch0 show
Global attributes:
enable_vlan: 1
Port 0:
mib: Port 0 MIB counters
TxDrop : 0
TxCRC : 0
TxUni : 236162
TxMulti : 0
TxBroad : 224
TxCollision: 0
TxSingleCol: 0
TxMultiCol : 0
TxDefer : 0
TxLateCol : 0
TxExcCol : 0
TxPause : 0
Tx64Byte : 56862
Tx65Byte : 120468
Tx128Byte : 24152
Tx256Byte : 9256
Tx512Byte : 5214
Tx1024Byte : 20434
TxByte : 54175070
RxDrop : 0
RxFiltered : 28
RxUni : 1341775
RxMulti : 4705
RxBroad : 47850
RxAlignErr : 0
RxCRC : 0
RxUnderSize: 0
RxFragment : 0
RxOverSize : 0
RxJabber : 0
RxPause : 2
Rx64Byte : 244418
Rx65Byte : 741681
Rx128Byte : 134996
Rx256Byte : 80427
Rx512Byte : 71055
Rx1024Byte : 121755
RxByte : 351255018
RxCtrlDrop : 0
RxIngDrop : 0
RxARLDrop : 0
pvid: 2
link: port:0 link:up speed:1000baseT full-duplex
Port 1:
mib: Port 1 MIB counters
...
pvid: 1
link: port:1 link:down
Port 2:
mib: Port 2 MIB counters
...
pvid: 1
link: port:2 link:up speed:1000baseT full-duplex
Port 3:
mib: Port 3 MIB counters
...
pvid: 1
link: port:3 link:up speed:1000baseT full-duplex
Port 4:
mib: Port 4 MIB counters
...
pvid: 1
link: port:4 link:up speed:1000baseT full-duplex
Port 5:
mib: Port 5 MIB counters
...
pvid: 2
link: port:5 link:up speed:1000baseT full-duplex
Port 6:
mib: Port 6 MIB counters
...
pvid: 1
link: port:6 link:up speed:1000baseT full-duplex
VLAN 1:
vid: 1
ports: 1 2 3 4 6
VLAN 2:
vid: 2
ports: 0 5
5、 mtk提供的switch命令
mtk提供了一个switch的应用层package,可以直接配置switch的vlan,寄存器等信息,如下:
switch
Usage:
switch acl etype add [ethtype] [portmap] - drop etherytype packets
switch acl dip add [dip] [portmap] - drop dip packets
switch acl dip meter [dip] [portmap][meter:kbps] - rate limit dip packets
switch acl dip trtcm [dip] [portmap][CIR:kbps][CBS][PIR][PBS] - TrTCM dip packets
switch acl port add [sport] [portmap] - drop src port packets
switch acl L4 add [2byes] [portmap] - drop L4 packets with 2bytes payload
switch add [mac] [portmap] - add an entry to switch table
switch add [mac] [portmap] [vlan id] - add an entry to switch table
switch add [mac] [portmap] [vlan id] [age] - add an entry to switch table
switch clear - clear switch table
switch del [mac] - delete an entry from switch table
switch del [mac] [fid] - delete an entry from switch table
switch search [mac] [vlan id] - search an entry with specific mac and vlan id
switch dip add [dip] [portmap] - add a dip entry to switch table
switch dip del [dip] - del a dip entry to switch table
switch dip dump - dump switch dip table
switch dip clear - clear switch dip table
switch dump - dump switch table
switch ingress-rate on [port] [Kbps] - set ingress rate limit on port 0~4
switch egress-rate on [port] [Kbps] - set egress rate limit on port 0~4
switch ingress-rate off [port] - del ingress rate limit on port 0~4
switch egress-rate off [port] - del egress rate limit on port 0~4
switch filt [mac] - add a SA filtering entry (with portmap 1111111) to switch table
switch filt [mac] [portmap] - add a SA filtering entry to switch table
switch filt [mac] [portmap] [vlan id] - add a SA filtering entry to switch table
switch filt [mac] [portmap] [vlan id] [age] - add a SA filtering entry to switch table
switch igmpsnoop on [Query Interval] [default router portmap] - turn on IGMP snoop and router port learning (Query Interval 1~255)
switch igmpsnoop off - turn off IGMP snoop and router port learning
switch igmpsnoop enable [port#] - enable IGMP HW leave/join/Squery/Gquery
switch igmpsnoop disable [port#] - disable IGMP HW leave/join/Squery/Gquery
switch mymac [mac] [portmap] - add a mymac entry to switch table
switch mirror monitor [portnumber] - enable port mirror and indicate monitor port number
switch mirror target [portnumber] [0:off, 1:rx, 2:tx, 3:all] - set port mirror target
switch phy - dump all phy registers
switch phy [phy_addr] - dump phy register of specific port
switch phy mt7530 - dump mt7530 phy registers
switch crossover [port] [auto/mdi/mdix] - switch auto or force mdi/mdix mode for crossover cable
switch pvid [port] [pvid] - set pvid on port 0~4
switch reg r [offset] - register read from offset
switch reg w [offset] [value] - register write value to offset
switch reg d [offset] - register dump
switch sip add [sip] [dip] [portmap] - add a sip entry to switch table
switch sip del [sip] [dip] - del a sip entry to switch table
switch sip dump - dump switch sip table
switch sip clear - clear switch sip table
switch tag on [port] - keep vlan tag for egress packet on prot 0~4
switch tag off [port] - remove vlan tag for egress packet on port 0~4
switch vlan dump - dump switch table
switch vlan set [vlan idx (NULL)][vid] [portmap] - set vlan id and associated member
switch port [port] [10half|10full|100half|100full|auto] - get/set port media
switch phy r [phy_id] [reg] - get phy reg
switch phy w [phy_id] [reg] [value] - set phy reg
如我们可以使用switch vlan dump命令查看目前的配置,可以看到
- vid=1,portmap是1234 6被置位,就是我们上面的vlan1配置
- vid=2,portmap是0 5被置位,就是我们上面的vlan2配置
root@Openwrt:/# switch vlan dump
vid fid portmap s-tag
1 0 -1111-1- 0
2 0 1----1-- 0
3 0 invalid
4 0 invalid
5 0 invalid
6 0 invalid
7 0 invalid
8 0 invalid
9 0 invalid
10 0 invalid
11 0 invalid
12 0 invalid
13 0 invalid
14 0 invalid
15 0 invalid
16 0 invalid
根据switch的寄存器可以设置对于的寄存器信息
image.png
image.png
for i in $(seq 0 5)
do
# set LAN/WAN ports as security mode, egress mode = untagged
switch reg w "2${i}04" ff0003
# set LAN/WAN ports as transparent mode
switch reg w "2${i}10" 810000c0
done
for i in $(seq 6 7)
do
# set CPU/P7 port as user port
switch reg w "2${i}10" 81000000
# set CPU/P7 port as security mode, egress mode = tagged
switch reg w "2${i}04" 20ff0003
done
# clear mac table if vlan configuration changed
switch clear
switch vlan clear
case "$1" in
"LLLLL")
echo "nothing for eth0/eth1"
;;
"LLLLW")
# set LAN/WAN ports as security mode
for i in $(seq 0 7)
do
switch reg w "2${i}04" ff0003
done
switch vlan set 1 1 11110011
switch vlan set 2 2 00001100
# set PVID
switch pvid 4 2
switch pvid 5 2
switch reg w 240c fff10
switch reg w 250c fff10
;;
"WLLLL")
# set LAN/WAN ports as security mode
for i in $(seq 0 7)
do
switch reg w "2${i}04" ff0003
done
# set VLAN member port
switch vlan set 1 1 01111011
switch vlan set 2 2 10000100
# set PVID
switch pvid 0 2
switch pvid 5 2
switch reg w 200c fff10
switch reg w 250c fff10
;;
esac
OpenWRT 中 vlan 的使用:https://blog.csdn.net/qq_36741413/article/details/124612442?spm=1001.2014.3001.5502
openwrt使用VLAN实现简单的单线复用:https://www.wunote.cn/article/3906/
