Adding VLANs to a hacked OpenWRT router
Technicolor MediaAccess TG589vac
Warning: Incorrectly modifying the /etc/config/network
file can cause switch/router inoperabilty, it could brick the device or cause it to lose network connectivity to it’s management interface. Follow these steps only with full knowledge that you could destroy your router or switch. I accept no responsibility!
I inherited one of these routers from a previous ISP and bought another from ebay since they make pretty competent 4-port gigabit switches once the firmware has been rooted. I have a guide to root your TG589vac here. Since setting them up as my home lab switches, I now have a requirement to implement VLANs on my network for segmentation and to make things tidyer on my virtualisation hosts.
Since these routers are running OpenWRT then adding VLANs to them is fairly straight forward. Log into the router as root and modify the network config file with vi /etc/config/network
The interesting section of this file is here:
config switch_vlan 'lan_switch'
option ports '1* 2* 3* 4* 8t'
option device 'bcmsw'
option vlan '1'
config switch_vlan 'lan_switch'
option ports '1* 2* 4t 8t'
option device 'bcmsw'
option vlan '1'
config switch_vlan 'lan_switch_vlan5'
option ports '3* 4t 8t'
option device 'bcmsw'
option vlan '5'
Notice that port 3 was removed and port 4 was switched to tagged on VLAN id 1, then VLAN id 5 has been configured on port 3 untagged and port 4 tagged. I’m unsure of the significace of port 8t but in my case it works with the port included in all additional VLANs.
* - denotes untagged
t - denotes tagged
Warning: DO NOT change the name of the vlan ‘lan_switch’ doing so caused a segfault when reloading the network on my switch and soft-bricked it. The switch was left restarting the network over and over. After much trial and error, I managed to factory reset it once all physical network ports were unplugged.
Once you have made your edits, restart the network with /etc/init.d/network reload
or service network reload
depending on the OpenWRT version.
root@dsldevice:~# /etc/init.d/network reload
Success
JUMBO_PORT_MASK:0x000001FF
GPHY_0 port accepts jumbo frames.
GPHY_1 port accepts jumbo frames.
GMII_1 port accepts jumbo frames.
GMII_2 port accepts jumbo frames.
GPON_SERDES port accepts jumbo frames.
MOCA port accepts jumbo frames.
USB port accepts jumbo frames.
GPON port accepts jumbo frames.
MIPS port accepts jumbo frames.
Success
Success
CDK_E_PORT
CDK_E_PORT
If you happen to do this and find out you cannot get multicast working on your new VLANs, check out this post.
Written with StackEdit.
No comments:
Post a Comment
Please be nice! :)