前面试过openwrt下把个别的端口单独划分到独立的vlan,使得连到这个端口的机器的IP是单独一个vlan的IP。今天测试了一下单个端口直接绑定到多个vlan,客户端机器自己使用vlan id来标记。
config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' option ifname 'eth1.0' option type 'bridge' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' config interface 'lan1' option ifname 'eth1.1' option type 'bridge' option proto 'static' option ipaddr '192.168.100.1' option netmask '255.255.255.0' config interface 'lan2' option ifname 'eth1.2' option type 'bridge' option proto 'static' option ipaddr '192.168.200.1' option netmask '255.255.255.0' config interface 'wan' option ifname 'eth0' option proto 'dhcp' config interface 'wwan' option proto 'dhcp' config switch eth1 option reset 1 option enable_vlan 1 config switch_vlan option device eth1 option vlan 0 option ports '0 1 2t 5*' config switch_vlan option device eth1 option vlan 1 option ports '2t 5*' config switch_vlan option device eth1 option vlan 2 option ports '2t 5*'
以上就是把db120的eth3除了在默认的vlan 0内,还在vlan1和vlan2里面,vlan1使用192.168.100.0/24的段,而vlan2使用192.168.200.0/24的段。
dnsmasq加上对于的dhcp配置
config dnsmasq option domainneeded 1 option boguspriv 1 option filterwin2k 0 # enable for dial on demand option localise_queries 1 option rebind_protection 1 # disable if upstream must serve RFC1918 addresses option rebind_localhost 1 # enable for RBL checking and similar services #list rebind_domain example.lan # whitelist RFC1918 responses for domains option local '/lan/' option domain 'lan' option expandhosts 1 option nonegcache 0 option authoritative 1 option readethers 1 option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.auto' #list server '/mycompany.local/1.2.3.4' #option nonwildcard 1 #list interface br-lan #list notinterface lo #list bogusnxdomain '64.94.110.11' config dhcp lan option interface lan option start 100 option limit 150 option leasetime 12h config dhcp lan1 option interface lan1 option start 10 option limit 20 option leasetime 12h config dhcp lan2 option interface lan2 option start 20 option limit 30 option leasetime 12h config dhcp wan option interface wan option ignore 1
别忘记了修改lan1和lan2对应防火墙规则
config forwarding option src 'lan' option dest 'wan' config forwarding option src 'lan1' option dest 'wan' config forwarding option src 'lan2' option dest 'wan' config zone option name 'lan' option network 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' config zone option name 'lan1' option network 'lan1' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' config zone option name 'lan2' option network 'lan2' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT'
配置修改好后重启路由器或者是把network,dnsmasq,firewall都重启了。
然后自己电脑连上LAN3口后,可以修改/etc/network/interfaces带上vlan tag,此时获取到的IP是 192.168.100.x
auto eth0.1
iface eth0.1 inet dhcp
vlan-raw-device eth0
这样就带vlan tag1,同理可以改为带vlan tag2.此时获取到的IP是 192.168.200.x
auto eth0.2
iface eth0.2 inet dhcp
vlan-raw-device eth0
如果恢复默认的配置,则获取到的IP是 192.168.1.x。
参考:
https://wiki.debian.org/NetworkConfiguration
http://www.lanis.nl/twiki/bin/view/Main/CreatingVLANsInOpenWRT
http://wiki.openwrt.org/doc/uci/network/switch
发表评论