Bananian

Create a switch and bridge ports on BPI-R1

28 17853
lmsilva  
Dear all,

Can anybody tell me how to create a switch between all five ports on a BPI-R1 and bridge them?

Basically, I want devices on any of the 5 ports to be able to connect to each other on the same network and I need to be able to sniff all traffic between them.

Any thoughts?

I was able to make the BPI-R1 communicate with the network using any port by using the following if-pre-up swconfig script:
root@appliance:~# cat /etc/network/if-pre-up.d/swconfig
#!/bin/sh

#---------------------------#
# BPI-R1 VLAN configuration #
#---------------------------#
#
# This will create the following ethernet ports:
# - eth0.101 = WAN (single port)
# - eth0.102 = LAN (4 port switch)
#
# You have to adjust your /etc/network/interfaces
#
# Comment out the next line to enable the VLAN configuration:
#exit 0

ifconfig eth0 up

# The swconfig port number are:
# |2|1|0|4|  |3|
# (looking at front of ports)

swconfig dev eth0 set reset 1
swconfig dev eth0 set enable_vlan 0
swconfig dev eth0 port 0 set pvid 0
swconfig dev eth0 port 1 set pvid 0
swconfig dev eth0 port 2 set pvid 0
swconfig dev eth0 port 3 set pvid 0
swconfig dev eth0 port 4 set pvid 0
swconfig dev eth0 set apply 1
root@appliance:~#

I can connect to any port and eth0 is, apparently, able to communicate just fine.

What I now want to do is be able to get traffic from one port to flow to the other ones (e.g. if there's a cable coming from my network connecting to port 0 on the BPI-R1, I want devices connected to port 1 on the BPI-R1 to be able to connect to that network too).

In other words, if one of the devices hooked to one of the ports is answering dhcp replies, I expect dhcp requests from the other ports to be forwarded so the devices can get a dynamic ip address.

I assumed that, now that I have all ports switched, I should be able to create a bridge between all the ports.
e.g.
brctl addbr br0
brctl addif br0 eth0.1
brctl addif br0 eth1.2
...

But I can't get dedicated access to each of the ports on eth0...

Any thoughts on how I do what I need? This is my first time using a multi port NIC so I'm really lost here \

Thanks,
Luis
lmsilva  
Argh, I'm going nuts here... )

Here's what I found so far...
- if I set my /etc/network/if-pre-up.d/swconfig script like this...

  1. ifconfig eth0 up

  2. # The swconfig port number are:
  3. # |2|1|0|4|  |3|
  4. # (looking at front of ports)

  5. swconfig dev eth0 set reset 1
  6. swconfig dev eth0 set enable_vlan 0
  7. swconfig dev eth0 port 0 set pvid 0
  8. swconfig dev eth0 port 1 set pvid 0
  9. swconfig dev eth0 port 2 set pvid 0
  10. swconfig dev eth0 port 3 set pvid 0
  11. swconfig dev eth0 port 4 set pvid 0
  12. swconfig dev eth0 set apply 1
Copy the Code
-- then I can connect to my network through the WAN port AND connect to devices hooked up to the "switch" ports
-- but the machines on the switch port can only reach my WAN port ip and NOT the rest of the machines connected to the WAN port (no traffic is forwarded from the WAN port)

- and if I set up my /etc/network/if-pre-up.d/swconfig script like this...

  1. ifconfig eth0 up

  2. # The swconfig port number are:
  3. # |2|1|0|4|  |3|
  4. # (looking at front of ports)

  5. swconfig dev eth0 set reset 1
  6. swconfig dev eth0 set enable_vlan 1
  7. #swconfig dev eth0 vlan 101 set ports '3 0t'
  8. swconfig dev eth0 vlan 102 set ports '4 0 1 2 3'
  9. swconfig dev eth0 set apply 1
Copy the Code
-- if I connect the WAN network cable to the switch port...
--- then devices on the switch ports can connect to the network just fine!
--- BUT, I can't actually connect anywhere FROM the BPI-R1 (no matter if I connect the WAN cable to the switch ports OR to the WAN port)...
----- also, eth0 shows no RX traffic, just TX!

  1. RX bytes:0 (0.0 B) TX bytes: 468 (468.0 B)
Copy the Code
Any thoughts??

lmsilva  
Ok, I think I finally got it to work! ))

Here's how I ended up configuring everything:

  1. root@appliance:~# cat /etc/network/if-pre-up.d/swconfig
  2. #!/bin/sh

  3. #---------------------------#
  4. # BPI-R1 VLAN configuration #
  5. #---------------------------#
  6. #
  7. # This will create the following ethernet ports:
  8. # - eth0.101 = WAN (single port)
  9. # - eth0.102 = LAN (4 port switch)
  10. #
  11. # You have to adjust your /etc/network/interfaces
  12. #
  13. # Comment out the next line to enable the VLAN configuration:
  14. #exit 0

  15. ifconfig eth0 up

  16. # The swconfig port number are:
  17. # |2|1|0|4|  |3|
  18. # (looking at front of ports)

  19. swconfig dev eth0 set reset 1
  20. swconfig dev eth0 set enable_vlan 1
  21. swconfig dev eth0 vlan 101 set ports '3 8t'
  22. swconfig dev eth0 vlan 102 set ports '0 1 2 4 8t'
  23. swconfig dev eth0 port 0 set pvid 102
  24. swconfig dev eth0 port 1 set pvid 102
  25. swconfig dev eth0 port 2 set pvid 102
  26. swconfig dev eth0 port 3 set pvid 101
  27. swconfig dev eth0 port 4 set pvid 102
  28. swconfig dev eth0 set apply 1
  29. root@appliance:~# cat /etc/network/interfaces
  30. # interfaces(5) file used by ifup(8) and ifdown(8)
  31. auto lo
  32. iface lo inet loopback

  33. auto eth0.101 eth0.102 br0

  34. iface br0 inet static
  35.         bridge_ports eth0.101 eth0.102
  36.         address 192.168.200.234
  37.         netmask 255.255.255.0
  38.         gateway 192.168.200.1

  39. root@appliance:~#
Copy the Code
Here's what I'm doing:
- I'm adding port 3 to vlan 101 and ports 0, 1, 2 and 4 to vlan 102
- Then I set the default PVID for each port to match the correct vlan (so that untagged traffic gets tagged with the appropriate vlan)
- And then I'm setting up a bridge "br0", that hooks up eth0.101 and eth0.102 together )

I can now connect to wherever I want in the network, as well as route traffic to devices connected to BPI-R1's switch.

Hope this can be of help to someone else!

Comments

Even though your post has pass through a long time ,but i really think i should thanks for it. You have really do a great favor to me! thank you very much buddy!  Post time Aug 14, 2015 03:25

tkaiser  
Why do you create two virtual interfaces and bridge them together afterwards? The BPi-R1 is not a routerboard as advertised but a simple board using one single switch chip connecting 6 ports (the A20's gmac that's using the BCM53125 switch as PHY and all 5 ports externally present). If you don't separate eth0.101 eth0.102 artificially using different VLANs you will end up with a six-port-switch where the A20 is connected to one of these ports and bridging/switching is done internally inside the BCM53125.

lmsilva  
I could not get it to work my friend! \
This was the only way I could get all machines to talk with each other (while still having control over the traffic that routes through it).

lmsilva  
Were you suggesting that I simply ignore the swconfig configuration altogether and eth0 will work as a standalone NIC, as well as being able to sniff traffic going through it?

tkaiser  
Edited by tkaiser at Tue Feb 3, 2015 04:22
lmsilva replied at Tue Feb 3, 2015 04:06
as well as being able to sniff traffic going through it


No I've overseen the sniffing requirement

With your setup you're able to sniff unicast packets between e.g. port 1 and port 2?

lmsilva  
I just tried NOT setting up the vlans with swconfig and I end up with the same behavior as when I setup swconfig like this:

  1. ifconfig eth0 up

  2. # The swconfig port number are:
  3. # |2|1|0|4|  |3|
  4. # (looking at front of ports)

  5. swconfig dev eth0 set reset 1
  6. swconfig dev eth0 set enable_vlan 0
  7. swconfig dev eth0 port 0 set pvid 0
  8. swconfig dev eth0 port 1 set pvid 0
  9. swconfig dev eth0 port 2 set pvid 0
  10. swconfig dev eth0 port 3 set pvid 0
  11. swconfig dev eth0 port 4 set pvid 0
  12. swconfig dev eth0 set apply 1
Copy the Code
-- I can connect to my network through the WAN port AND connect to devices hooked up to the "switch" ports
-- but the machines on the switch port can only reach my WAN port ip and NOT the rest of the machines connected to the WAN port (no traffic is forwarded from the WAN port)

Reverting back and bridging the vlan interfaces worked like a charm )

And, to answer your question, yes, I can sniff unicast because I'm bridging both vlans and sniffing br0.
As long as ALL machines connect through the "switch" ports and my WAN port connects to my router, I can sniff all traffic that goes through the network (even though I'm not routing between different network segments ))

tkaiser  
I wonder how performant this setup is

Have you done any tests with iperf between hosts connected to the switch ports? And had a try with a sniffer to see whether you experience packet drops?

Regarding the machines on the switch unable to see each other. Can this be something similar to the issue/fix described here? http://www.dd-wrt.com/wiki/index.php/Buffalo_WZR-HP-G300NH

lmsilva  
I'll be doing some tests over the following weeks )
I did come across that page on the Buffalo chipset, and it may very well be the same sort of problem, but I don't actually have that chipset on my BPI-R1 so..it would be weird that two different drivers had the same issue (right?).

You have to log in before you can reply Login | Sign Up

Points Rules