![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2015-08-12
目錄
- 設定檔
- NIC
- Disable IPv6
-
Proto
- PPPOE - Bridge
- Aliases
- Routes
- Switch
Network 設定
設定檔:
/etc/config/network
NIC
介面類型:
- br-br0 <-- bridge
- br-br0:1 <-- alias
- eth0.1 <-- vlan
必定有的 loopback 介面:
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
wan 介面
config 'interface' 'wan'
option 'proto' 'dhcp'
option 'ifname' 'eth1'
以上例子定義了 3 樣東西, 分別是 interface, proto, ifname
interface: logical interface name, A container for ip address settings, aliases, routes,
physical interface names and firewall rules
proto: 不同的 proto 會有不同設定
常見的的有 dhcp, static, pppoe, pptp , none
ifname: physical interface
Lan 介面
config 'interface' 'lan'
option 'ifname' 'eth0'
option 'type' 'bridge'
option 'proto' 'static'
option 'ipaddr' '192.168.1.254'
option 'netmask' '255.255.255.0'
opt: force_link
新版的 openwrt 引入了 netifd, 新增了這 setting
config interface 'lan'
option force_link '1'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.1.254'
option ifname 'eth0'
當 force_link 是 1 時, 就算 link 是 down , 那 interface 的 ip 及 gw 依然存在.
P.S.
同一個 interface 是不能遲於多個 zone 的 !!
Disable IPv6
Device
uci set 'network.wan.ipv6=0'
uci set 'network.lan.ipv6=0'
uci commit
相當於
config interface 'wan'
option device 'eth0'
...
option ipv6 '0'
Interface
uci set 'network.@device[1].ipv6=0'
uci set 'network.@device[2].ipv6=0'
uci set 'network.@device[2].ipv6=0'
uci commit
config device
option name 'eth0'
option ipv6 '0'/etc/init.d/network restart
Service
/etc/init.d/odhcpd disable
/etc/init.d/odhcpd stop
System
/etc/sysctl.conf # 它是自定檔, 另修改 /etc/sysctl.d/*
net.ipv6.conf.default.forwarding=0 net.ipv6.conf.all.forwarding=0 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.all.disable_ipv6=1
sysctl -p /etc/sysctl.conf
ip addr # 沒有了 inet6 xxxx::...
Proto
static proto 支援的 settings:
- ipaddr
- netmask
- gateway
- broadcast
- dns
- metric
static 的 example:
config interface 'wan'
option ifname 'eth1'
option proto 'static'
option ipaddr '192.168.88.172'
option netmask '255.255.255.0'
option dns '192.168.88.1'
option gateway '192.168.88.1'
alias:
- 所有 static 的設定
- layer
dhcp proto:
-
gateway <-- set to
0.0.0.0no gateway will be specified for the route
package: ppp-mod-pppoe
Configure File:
config 'interface' 'wan'
option 'ifname' 'eth1'
option 'proto' 'pppoe'
option 'username' 'username'
option 'password' 'password'
option 'defaultroute' '1'
option 'peerdns' '1'set dns by uci
uci set network.wan.peerdns="0"
uci set network.wan.dns="8.8.8.8 8.8.4.4"
uci commit network
service network reload
peerdns(Default: 1)
Use peer-assigned DNS server # DHCP 獲得的 DNS Server
其他 opts:
# Replace existing default route on PPP connect
# Default: 1
defaultroute
# Override peer-assigned DNS server(s)
dns "list of ip addresses"
# custom PPP connect script. Defaut: None
connect file_path
# disconnect script. Default: None
disconnect file_path
# seconds to wait before closing the connection due to inactivity
# Defaut: None
demand
Force a re-dial
ifdown wan; ifup wan
成功 up 了後, 會見到 interface "pppoe-wan"
ps 會見到
/usr/sbin/pppd nodetach ipparam wan ifname pppoe-wan nodefaultroute usepeerdns persist maxfail 1 user ??? password ???
uci:
uci set network.wan.proto=pppoe
uci set network.wan.username='name'
uci set network.wan.password='pw'
uci commit network
ifup wan
OR
/etc/init.d/network restart
Bridge
config file
config 'interface' 'BridgeFirewall'
option 'type' 'bridge'
option 'ifname' 'eth0 eth1'
option 'auto' '1' <-- bring up interface on boot
option 'proto' 'static'
option 'ipaddr' '192.168.1.254'
option 'netmask' '255.255.255.0'
uci:
network.fw=interface
network.fw.type=bridge
network.fw.ifname=eth0 eth0.1
network.fw.auto=1
network.fw.proto=static
network.fw.ipaddr=192.168.123.188
network.fw.netmask=255.255.255.0
Aliases
primary interface:
config interface lan
option 'ifname' 'eth0'
option 'type' 'bridge'
option 'proto' 'static'
option 'ipaddr' '192.168.1.1'
option 'netmask' '255.255.255.0'
舊方式(12.09):
config alias
option interface 'lan'
option proto 'static'
option ipaddr '192.168.88.5'
option netmask '255.255.255.0'新寫法(14.07):
config interface 'lan' option force_link '1' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.99.254' option ifname 'eth0' config interface 'guest' option proto 'static' option ipaddr '192.168.100.254' option netmask '255.255.255.0' option ifname 'eth0'
uci 指令:
uci add network alias <-- config alias
uci set network.@alias[-1].interface=lan2 <-- option interface 'wan'
uci set network.@alias[-1].proto=static <-- option proto 'static'
uci set network.@alias[-1].ipaddr=10.0.0.1 <-- option ipaddr '192.168.88.173'
uci set network.@alias[-1].netmask=255.0.0.0 <-- option netmask '255.255.255.0'
介面命名:
non-bridged interfaces (physdev): ifname
bridged interfaces: br-base-interface
-
2(br-*) -
1(eth*, wlan*) - (tun*, ppp*)
luci
This was removed with r8787 because alias interfaces are not needed anymore since you can have multiple ifaces which all use the same device now. So, to have an alias ip on a interface now just add a new interface in the network settings and assign it to the "parent" interface. See also
Routes
Static IPv4 routes:
config route
option interface 'fw' <-- Gateway IP 的 Interface
option target '0.0.0.0'
option netmask '0.0.0.0' <-- 255.255.255.255default: 255.255.255.255
option gateway '192.168.123.1' <-- default 用 interface 上的 GW
option metric '10' <-- 設定 metric 較大的 Default Route, Default: 0
Policy-based routing
/etc/iproute2/rt_tables
# # reserved values # 255 local 254 main 253 default 10 vpn <-- 它是新加的 0 unspec # # local # #1 inr.ruhelp
Source IP: 192.168.1.20 會用新建立的 table (vpn)
ip rule add from 192.168.1.20 table vpn
新建立的 table (vpn) 會有自已的 Default route
ip route add default via <ip_of_the_far_end_of_your_tunnel> dev <pptp_iface_name> table vpn
re-flush
ip route flush cache
PPTP
config 'interface' 'vpn'
option 'proto' 'pptp'
option 'ifname' 'vpn'
option 'username' 'vpnuser'
option 'password' 'vpnpass'
option 'server' 'vpn.example.org'
套用設定:
/etc/init.d/network restart
Switch
如果 Router 的 Hardware(AR7240/AR9330 built-in switch) 支援 programmable switch,
那就可以把每一個 lan port 劃分成不同的 vlan (視每個 port 為獨立, 亙相不通)
TP-Link 740N v4 的 Defualt Switch 設定如下:
config 'switch'
option 'name' 'eth0'
option 'reset' '1'
option 'enable_vlan' '1'
config 'switch_vlan'
option 'device' 'eth0'
option 'vlan' '1'
option 'ports' '0 1 2 3 4'- vlan0 is the default vlan (if a packet is untagged, it will be treated a vlan0 packet)
* 同一型號的 Router 也有可能用不同 switch IC
設置 sw 的指令如下:
swconfig dev <dev> [ port <port> | vlan <vlan> ] ( help | show | set <key> <value> | get <key> | load <config> )
查看支援什麼功能:
swconfig dev eth0 help
switch0: eth0(AR7240/AR9330 built-in switch), ports: 5 (cpu @ 0), vlans: 16 <-- 最多支援幾多個 vlan --switch Attribute 1 (int): enable_vlan (Enable VLAN mode) Attribute 2 (none): apply (Activate changes in the hardware) Attribute 3 (none): reset (Reset the switch) --vlan Attribute 1 (int): vid (VLAN ID) Attribute 2 (ports): ports (VLAN port mapping) --port Attribute 1 (int): pvid (Primary VLAN ID) Attribute 2 (string): link (Get port link information)
- pvid: untagged inbound packets on port are assigned a VID
- 一個 port 只可以有一個 PVID, 但它們可以同時屬於多個 VID
運作如圖
(cpu port) |<--pvid-- port --vid-->| user device
|
有"t"的!
查看設定:
swconfig dev eth0 show
Global attributes:
enable_vlan: 1
Port 0: <-- backbone 來
pvid: 1
link: port:0 link:up speed:1000baseT full-duplex txflow rxflow
Port 1:
pvid: 1
link: port:1 link:down
Port 2:
pvid: 1
link: port:2 link:up speed:100baseT full-duplex auto
Port 3:
pvid: 1
link: port:3 link:down
Port 4:
pvid: 1
link: port:4 link:down
VLAN 1:
vid: 1
ports: 0 1 2 3 4
注意, Hardware 的 Label 次序是不對應 Software 的 Port 次序的 !!
Label_1 ----> Port 2 Label_2 ----> Port 3 Label_3 ----> Port 4 Label_4 ----> Port 1
Example
設定:
config 'interface' 'wan'
option 'ifname' 'eth1'
option 'proto' 'static'
option 'ipaddr' '192.168.123.188'
option 'netmask' '255.255.255.0'
config 'switch'
option 'name' 'eth0'
option 'reset' '1'
option 'enable_vlan' '1'
# 每一個 port 只可 untag 一次
config 'switch_vlan'
option 'device' 'eth0'
option 'vlan' '1'
option 'vid' '1'
option 'ports' '0t 2 3 4'
config 'switch_vlan'
option 'device' 'eth0'
option 'vlan' '2'
option 'vid' '2'
option 'ports' '0t 1'
#config 'switch_port' <-- 無亦可以
# option 'port' '1' <-- Port based VLAN q-tagging
# option 'pvid' '2'
- "t" packets transmitted out that port on this VLAN are tagged, and that packets received on that port may be received with this VLAN tag. 5 is generally the CPU or 'internal' port and is most often used as tagged.
config switch_vlan
option device 'eth0'
option vlan '1'
option vid '1'
option ports '0t 2 3'- Default: 當沒有定 vid 時, vid=vlan (VID (VLAN ID))
- Untagged packets received on a port will be directed to the default port VLAN (usually called the PVID)
uci 指令:
network.@switch[0]=switch
network.@switch[0].name=eth0
network.@switch[0].reset=1
network.@switch[0].enable_vlan=1
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device=eth0
network.@switch_vlan[0].vlan=1
network.@switch_vlan[0].ports=0t 2 3 4
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device=eth0
network.@switch_vlan[1].vlan=2
network.@switch_vlan[1].ports=0t 1
swconfig dev eth0 show
Global attributes:
enable_vlan: 1
Port 0:
pvid: 0
link: port:0 link:up speed:1000baseT full-duplex txflow rxflow
Port 1:
pvid: 2
link: port:1 link:up speed:100baseT full-duplex auto
Port 2:
pvid: 1
link: port:2 link:down
Port 3:
pvid: 1
link: port:3 link:down
Port 4:
pvid: 1
link: port:4 link:down
VLAN 0:
vid: 0
ports: 0t
VLAN 1:
vid: 1
ports: 0t 2 3 4
VLAN 2:
vid: 2
ports: 0t 1
GUI 介面設定
找出用什麼 switch IC
swconfig list
Found: switch0 - ag71xx-mdio.0
p.s.
此 cmd 是未切有的
OR
/etc/config/network
config 'switch'
option 'name' 'rtl8366rb'
option 'reset' '1'
option 'enable_vlan' '1'# Show current configuration
行
swconfig dev eth0 show
見到
Failed to connect to the switch
swconfig dev switch0 show
OR
swconfig dev rtl8366rb show
..............
Port 0:
link: port:0 link:up speed:100baseT full-duplex
mib: Port 0 MIB counters
IfInOctets : 0
EtherStatsOctets : 0
EtherStatsUnderSizePkts : 0
EtherFragments : 0
EtherStatsPkts64Octets : 0
EtherStatsPkts65to127Octets : 0
EtherStatsPkts128to255Octets : 0
EtherStatsPkts256to511Octets : 0
EtherStatsPkts512to1023Octets : 0
EtherStatsPkts1024to1518Octets : 0
EtherOversizeStats : 0
EtherStatsJabbers : 0
IfInUcastPkts : 0
EtherStatsMulticastPkts : 0
EtherStatsBroadcastPkts : 0
EtherStatsDropEvents : 0
Dot3StatsFCSErrors : 0
Dot3StatsSymbolErrors : 0
Dot3InPauseFrames : 0
Dot3ControlInUnknownOpcodes : 0
IfOutOctets : 43740
Dot3StatsSingleCollisionFrames : 0
Dot3StatMultipleCollisionFrames : 0
Dot3sDeferredTransmissions : 0
Dot3StatsLateCollisions : 0
EtherStatsCollisions : 0
Dot3StatsExcessiveCollisions : 0
Dot3OutPauseFrames : 0
Dot1dBasePortDelayExceededDiscards : 0
Dot1dTpPortInDiscards : 0
IfOutUcastPkts : 0
IfOutMulticastPkts : 0
IfOutBroadcastPkts : 729
led: 2
disable: 0
rate_in: 1048512
rate_out: 1048512
pvid: 2
..............
VLAN 1:
info: VLAN 1: Ports: '12345t', members=003e, untag=001e, fid=0
fid: 0
ports: 1 2 3 4 5t
VLAN 2:
info: VLAN 2: Ports: '05t', members=0021, untag=0001, fid=0
fid: 0
ports: 0 5t
# Show available features
swconfig dev switch0 help
switch0: ag71xx-mdio.0(Atheros AR8327), ports: 7 (cpu @ 0), vlans: 128
--switch
Attribute 1 (int): enable_vlan (Enable VLAN mode)
Attribute 2 (none): reset_mibs (Reset all MIB counters)
Attribute 3 (int): enable_mirror_rx (Enable mirroring of RX packets)
Attribute 4 (int): enable_mirror_tx (Enable mirroring of TX packets)
Attribute 5 (int): mirror_monitor_port (Mirror monitor port)
Attribute 6 (int): mirror_source_port (Mirror source port)
Attribute 7 (none): apply (Activate changes in the hardware)
Attribute 8 (none): reset (Reset the switch)
--vlan
Attribute 1 (int): vid (VLAN ID (0-4094))
Attribute 2 (ports): ports (VLAN port mapping)
--port
Attribute 1 (none): reset_mib (Reset single port MIB counters)
Attribute 2 (string): mib (Get port's MIB counters)
Attribute 3 (int): pvid (Primary VLAN ID)
Attribute 4 (string): link (Get port link information)
Change SettingLEDs:
swconfig dev rtl8366s port 0 set led 2
wconfig dev rtl8366rb set apply
Disable VLANs:
swconfig dev switch0 set enable_vlan 0
swconfig dev switch0 set apply
| 附加檔案 | 大小 |
|---|---|
| vlan.zip | 160.25 KB |
