The tests seems to confirm that because (using a vmware switch and portgroups) to let two Won't make sense, they won't be able to reach the interfaces or to go out.
Therefore, having multiple virtual interfaces, the packets must be tagged else it So far seems that the packet will be tagged by default,īecause they are associated to one physical ports thatĪt most will have one PVID (port vlan id) but more than one virtual interfaces. To do this, we do the following in /etc/config/network # /etc/config/networkĪccording to what the contributors of this section have read online, On devices with programmable switches seems completely not necessary.įor example we want to create two 'virtual interfaces' associated to the same The majority of x86 devices do not have any programmable switch,īut it does not seem to be a problem. More research on vlan on x86 devices has to be done to collect more information on the wiki.
Of course, if you only had a five port switch on eth0 (and no other interfaces), you might make the wan interface eth0.1 and the lan eth0.0 with appropriately matching switch, switch_vlan and switch_port sections. The following example is for a two-interface router, with eth0 being the WAN and eth1 being the five-port switch configured as above. (that is, for kernel 2.6 2.4 kernels do something different). VLAN interface sections look just like regular interface sections, except that instead of eth1 (or eth0, or whatever), you have eth1.0, eth1.1, etc. This means vlan0 can be used as a VLAN within or between devices, but you cannot tag packets with it. The relevant standards document is 801.2q which says that VID values may not be used for tagging packets as they denote reserved values - VID 0 is the default 'native' vlan - leaving 4094 valid values in between, although VID 1 is often reserved for network management (see Dell 2708 for example). A separate config switch_port section is required to set the default port VLAN. Untagged packets received on a port will be directed to the default port VLAN (usually called the PVID). Tagged packets received on a port will be directed to the VLAN indicated by the VID contained in the packet. So, '0 1 2 3 5t' would mean that packets on this VLAN are transmitted untagged when leaving ports 0, 1, 2 and 3, but tagged when leaving port 5 (generally the CPU internal port as described above). Other suffixes are ignored on devices using swconfig but Broadcom kmod-switch style interfaces ( /proc/switch/) use “*” and “u” to indicate PVID and untagged ports respectively (as they have the CPU port implicitly tagged one needs to use “u” to untag it). 5 is generally the CPU or 'internal' port and is most often used as tagged. If the number is followed by a “t” then packets transmitted out that port on this VLAN are tagged, and that packets received on that port may be received with this VLAN tag. In the option ports line, a number indicates that the specified vlan includes the port with that number.
For some hardware, the value of the vlan option may be limited to 127 exceeding this value may result in the VLAN not being configured at all. This is overridden by using an option vid line so, for example, that VLAN 1 could use VID 100. The VID ( VLAN ID) associated with a VLAN is by default the same as the number of the VLAN. The number of the VLAN is specified on the option vlan line.
0 kommentar(er)
