Differences

This shows you the differences between two versions of the page.

--- doc:appunti:hardware:gl_ar750 [2021/05/07 14:46] – [Web References] niccolo
+++ doc:appunti:hardware:gl_ar750 [2021/05/11 08:25] – [VLAN limitations] niccolo
@@ Line 42: / Line 42: @@
 </code>
-To view only VLAN #1 settings:
+To view only **PORT #1** settings:
+<code>
+swconfig dev switch0 port 1 show
+Port 1:
+        enable_mirror_rx: 0
+        enable_mirror_tx: 0
+        pvid: 1
+        link: port:1 link:up speed:100baseT full-duplex auto
+</code>
+Notice the **pvid** parameter: when an untagged packet arrives to that port, it gets the VLAN #1 tag attacched.
+To view only **VLAN #1** settings:
 <code>
 swconfig dev switch0 vlan 1 show
+VLAN 1:
+        vid: 1
+        ports: 0t 1 2
 </code>
+In the example above, you can see that VLAN #1 is connected to port **#0 tagged**, to port **#1 untagged** and port **#2 untagged**.
 To change the port tagged/untagged/off state for VLAN #1:
@@ Line 53: / Line 71: @@
 swconfig dev switch0 vlan 1 set ports "0t 1"
 swconfig dev switch0 set apply
+</code>
+===== VLAN limitations =====
+There is a limit to **16 VLANs**, numbered from #0 to #15. Default configuration uses **VLAN #1** for **eth1.1** which is connected to bridge **br-lan**. This limitation is not visible from the LuCI web interface: any number greater than 15 will be silently accepted, but it will be not functional.
+You can view the actual switch configuration using:
+<code>
+swconfig dev switch0 show
+</code>
+You can check the limit issuing the following command (notice the error message):
+<code>
+swconfig dev switch0 vlan 16 set vid 16
+Failed to set attribute: Invalid input data or parameter
+</code>
+You cannot mix tagged and untagged VLAN on the same switch port.
+  * Only one port is allowed to carry untagged traffic for a specific VLAN.
+  * You cannot mix tagged and untagged VLAN on the same port. E.g. if a port carries untagged VLAN#10, the same port cannot carries tagged VLAN#11 (depending upon the order of the commands, the settings will be changed to carry buth as tagged).
+Limitation example #1: the **untagged VLAN#10** is **removed** from port **#1** and **#2**:
+<code>
+swconfig dev switch0 vlan 10 set ports "0t 1 2"
+swconfig dev switch0 vlan 11 set ports "0t 1 2"
+swconfig dev switch0 show
+...
+VLAN 10:
+        vid: 10
+        ports: 0t
+VLAN 11:
+        vid: 11
+        ports: 0t 1 2
+</code>
+Limitation example #2: the **untagged VLAN#10** is **changed to tagged** on **port #1** and it is removed from port **#2**:
+<code>
+swconfig dev switch0 vlan 10 set ports "0t 1 2"
+swconfig dev switch0 vlan 11 set ports "0t 1t 2"
+VLAN 10:
+        vid: 10
+        ports: 0t 1t
+VLAN 11:
+        vid: 11
+        ports: 0t 1t 2
+</code>
+===== Configuring a DMZ =====
+We used VLAN to configure a DMZ ... FIXME
+===== Configuration =====
+=== Change SSH Port ===
+From the LuCI interface:
+  * System => Administration => SSH Access
+    * Port:
+=== Install the tcpdump package ===
+From the command line:
+<code>
+opkg update
+# tcpdump-mini requires ??? kb:
+opkg install tcpdump-mini
+# coreutils-base64 requires 28 kb:
+opkg install coreutils-base64
+</code>
+=== Crontabs ===
+<code>
+crontab -e
+/etc/init.d/cron enable
+/etc/init.d/cron start
+ps | grep crond
 </code>
@@ Line 62: / Line 164: @@
   * **[[https://openwrt.org/docs/guide-user/network/vlan/switch_configuration|OpenWRT VLAN]]**
   * **[[https://openwrt.org/docs/techref/swconfig|OpenWRT swconfig]]**
+  * **[[https://forum.openwrt.org/t/loss-of-connection-when-changing-vlan-id/|Loss of connection when changing VLAN ID]]**