OpenWrt化済みバッファロー無線LANルーターWZR-HP-AG300Hのブリッジ運用法の改善

OpenWrt化済みバッファロー無線LANルーターWZR-HP-AG300Hブリッジとして運用し始めたものの、どうもすっきりしないところがあった。

OpenWrt Wikiの

Buffalo WZR-HP-AG300H [OpenWrt Wiki]” の “Network Port Assignments” の項に掲載されている内部構成図

基本以下のようにしていた。

  • eth0、eth1とWNICをブリッジ、
  • ポート0–4をVLAN #1として定義

ポート0は内部ポートでeth0とつながっているため、結局これら全部にまたがってブリッジが形成され、思うような挙動をしてくれたのだと思う。だが、ブリッジの設定でeth0ではなくVLAN #1であるeth0.1を直接指定することもできたので、そちらの方がeth0とするよりいいのか悪いのか疑問に思った。

多少は自分でも勉強し、以下の資料にもあった結果、それで問題ないのだろうと結論づけた。ただ、その方がパフォーマンス的に有利であるとか、不利であるとか、無関係である、とかいうことについてはわからない。

その結論に基づくLuCIによる設定画面が以下の通り:

‘lan”のブリッジに’eth0’ではなくVLANの’eth0.1’を加える

VLAN機能はオフにしてもデフォルトのVLAN #1はあるということがわかったので、VLANについては安心して以下のようにした(ただし、VLANはうかつにオフにしてはならないということを後で思い知ることになる)。

TagするならCPUのポートでは?

TagするならCPUのポートでは?

CPUのポート0についてはtaggedにする必要はないと思うんだが、つけても問題なかろうか、と。つけないほうがパフォーマンス的にはよいのかな?

とにもかくにも、以上の設定で得られた/etc/config/networkの内容は以下の通り。

root@OpenWrt:/etc/config# cat network

config interface 'loopback'
 option ifname 'lo'
 option proto 'static'
 option ipaddr '127.0.0.1'
 option netmask '255.0.0.0'

config globals 'globals'
 option ula_prefix 'fd3c:bbab:4f3b::/48'

config interface 'lan'
 option force_link '1'
 option type 'bridge'
 option proto 'static'
 option netmask '255.255.255.0'
 option ip6assign '60'
 option gateway '192.168.11.1'
 option broadcast '192.168.11.255'
 option dns '192.168.11.2'
 option _orig_ifname 'eth0 wlan0 wlan1'
 option _orig_bridge 'true'
 option ipaddr '192.168.11.11'
 option ifname 'eth0.1 eth1'

config switch
 option name 'switch0'
 option reset '1'
 option mirror_source_port '0'
 option mirror_monitor_port '0'

config switch_vlan
 option device 'switch0'
 option vlan '1'
 option vid '1'
 option ports '0t 1 2 3 4'

 

広告

Just Some Personal Notes on VLANs

Just some personal notes on VLANs…

First, refreshing my memory on the basics…

  • Hubs & Repeaters” Hubs=repeaters. Operate at OSI Layer 1 (Physical Layer). “Switches create separate collision domains but not broadcast domains. Routers create separate broadcast and collision domains. Hubs are too simple to do either, can’t create separate collision or broadcast domain.”
  • Switches & Bridges” Operate at OSI Layer2 (Datalink Layer). Spanning-Tree Protocol (STP) for loop avoidance. Switches are hardware based while bridges are software based.
  • Routing

Virtual LAN – Wikipedia

VLANs operate at Layer 2 (the data link layer) of the OSI model. Administrators often configure a VLAN to map directly to an IP network, or subnet, which gives the appearance of involving Layer 3 (the network layer). In the context of VLANs, the term “trunk” denotes a network link carrying multiple VLANs, which are identified by labels (or “tags”) inserted into their packets. Such trunks must run between “tagged ports” of VLAN-aware devices, so they are often switch-to-switch or switch-to-router links rather than links to hosts. (Note that the term ‘trunk’ is also used for what Cisco calls “channels” : Link Aggregation or Port Trunking). A router (Layer 3 device) serves as the backbone for network traffic going across different VLANs.

A basic switch not configured for VLANs has VLAN functionality disabled or permanently enabled with a default VLAN that contains all ports on the device as members.[2] The default VLAN typically has an ID of 1. Every device connected to one of its ports can send packets to any of the others. Separating ports by VLAN groups separates their traffic very much like connecting each group using a distinct switch for each group.

It is only when the VLAN port group is to extend to another device that tagging is used. Since communications between ports on two different switches travel via the uplink ports of each switch involved, every VLAN containing such ports must also contain the uplink port of each switch involved, and these ports must be tagged.

The second paragraph answers the question I had earlier: why does my wifi router WZR-HP-AG300H has one VLAN even when I turn off its VLAN functionality?

It also touches upon the practical consideration while managing VLANs, which I learned the hard way… It’s critical to secure a way to access your router even when the changes you are going to have take effect do not have the intended consequences.

Management of the switch requires that the administrative functions be associated with one or more of the configured VLANs. If the default VLAN were deleted or renumbered without first moving the management connection to a different VLAN, it is possible for the administrator to be locked out of the switch configuration, normally requiring physical access to the switch to regain management by either a forced clearing of the device configuration (possibly to the factory default), or by connecting through a console port or similar means of direct management.

VLAN Basics – Thomas-Krenn-Wiki

InterVLAN Routing – Routing between VLAN Networks

今さら聞けない「VLANの基本」 (4) VLAN間ルーティング | マイナビニュース