Loading...
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 | .. SPDX-License-Identifier: GPL-2.0 ======================================= DSA switch configuration from userspace ======================================= The DSA switch configuration is not integrated into the main userspace network configuration suites by now and has to be performed manualy. .. _dsa-config-showcases: Configuration showcases ----------------------- To configure a DSA switch a couple of commands need to be executed. In this documentation some common configuration scenarios are handled as showcases: *single port* Every switch port acts as a different configurable Ethernet port *bridge* Every switch port is part of one configurable Ethernet bridge *gateway* Every switch port except one upstream port is part of a configurable Ethernet bridge. The upstream port acts as different configurable Ethernet port. All configurations are performed with tools from iproute2, which is available at https://www.kernel.org/pub/linux/utils/net/iproute2/ Through DSA every port of a switch is handled like a normal linux Ethernet interface. The CPU port is the switch port connected to an Ethernet MAC chip. The corresponding linux Ethernet interface is called the master interface. All other corresponding linux interfaces are called slave interfaces. The slave interfaces depend on the master interface being up in order for them to send or receive traffic. Prior to kernel v5.12, the state of the master interface had to be managed explicitly by the user. Starting with kernel v5.12, the behavior is as follows: - when a DSA slave interface is brought up, the master interface is automatically brought up. - when the master interface is brought down, all DSA slave interfaces are automatically brought down. In this documentation the following Ethernet interfaces are used: *eth0* the master interface *lan1* a slave interface *lan2* another slave interface *lan3* a third slave interface *wan* A slave interface dedicated for upstream traffic Further Ethernet interfaces can be configured similar. The configured IPs and networks are: *single port* * lan1: 192.0.2.1/30 (192.0.2.0 - 192.0.2.3) * lan2: 192.0.2.5/30 (192.0.2.4 - 192.0.2.7) * lan3: 192.0.2.9/30 (192.0.2.8 - 192.0.2.11) *bridge* * br0: 192.0.2.129/25 (192.0.2.128 - 192.0.2.255) *gateway* * br0: 192.0.2.129/25 (192.0.2.128 - 192.0.2.255) * wan: 192.0.2.1/30 (192.0.2.0 - 192.0.2.3) .. _dsa-tagged-configuration: Configuration with tagging support ---------------------------------- The tagging based configuration is desired and supported by the majority of DSA switches. These switches are capable to tag incoming and outgoing traffic without using a VLAN based configuration. *single port* .. code-block:: sh # configure each interface ip addr add 192.0.2.1/30 dev lan1 ip addr add 192.0.2.5/30 dev lan2 ip addr add 192.0.2.9/30 dev lan3 # For kernels earlier than v5.12, the master interface needs to be # brought up manually before the slave ports. ip link set eth0 up # bring up the slave interfaces ip link set lan1 up ip link set lan2 up ip link set lan3 up *bridge* .. code-block:: sh # For kernels earlier than v5.12, the master interface needs to be # brought up manually before the slave ports. ip link set eth0 up # bring up the slave interfaces ip link set lan1 up ip link set lan2 up ip link set lan3 up # create bridge ip link add name br0 type bridge # add ports to bridge ip link set dev lan1 master br0 ip link set dev lan2 master br0 ip link set dev lan3 master br0 # configure the bridge ip addr add 192.0.2.129/25 dev br0 # bring up the bridge ip link set dev br0 up *gateway* .. code-block:: sh # For kernels earlier than v5.12, the master interface needs to be # brought up manually before the slave ports. ip link set eth0 up # bring up the slave interfaces ip link set wan up ip link set lan1 up ip link set lan2 up # configure the upstream port ip addr add 192.0.2.1/30 dev wan # create bridge ip link add name br0 type bridge # add ports to bridge ip link set dev lan1 master br0 ip link set dev lan2 master br0 # configure the bridge ip addr add 192.0.2.129/25 dev br0 # bring up the bridge ip link set dev br0 up .. _dsa-vlan-configuration: Configuration without tagging support ------------------------------------- A minority of switches are not capable to use a taging protocol (DSA_TAG_PROTO_NONE). These switches can be configured by a VLAN based configuration. *single port* The configuration can only be set up via VLAN tagging and bridge setup. .. code-block:: sh # tag traffic on CPU port ip link add link eth0 name eth0.1 type vlan id 1 ip link add link eth0 name eth0.2 type vlan id 2 ip link add link eth0 name eth0.3 type vlan id 3 # For kernels earlier than v5.12, the master interface needs to be # brought up manually before the slave ports. ip link set eth0 up ip link set eth0.1 up ip link set eth0.2 up ip link set eth0.3 up # bring up the slave interfaces ip link set lan1 up ip link set lan2 up ip link set lan3 up # create bridge ip link add name br0 type bridge # activate VLAN filtering ip link set dev br0 type bridge vlan_filtering 1 # add ports to bridges ip link set dev lan1 master br0 ip link set dev lan2 master br0 ip link set dev lan3 master br0 # tag traffic on ports bridge vlan add dev lan1 vid 1 pvid untagged bridge vlan add dev lan2 vid 2 pvid untagged bridge vlan add dev lan3 vid 3 pvid untagged # configure the VLANs ip addr add 192.0.2.1/30 dev eth0.1 ip addr add 192.0.2.5/30 dev eth0.2 ip addr add 192.0.2.9/30 dev eth0.3 # bring up the bridge devices ip link set br0 up *bridge* .. code-block:: sh # tag traffic on CPU port ip link add link eth0 name eth0.1 type vlan id 1 # For kernels earlier than v5.12, the master interface needs to be # brought up manually before the slave ports. ip link set eth0 up ip link set eth0.1 up # bring up the slave interfaces ip link set lan1 up ip link set lan2 up ip link set lan3 up # create bridge ip link add name br0 type bridge # activate VLAN filtering ip link set dev br0 type bridge vlan_filtering 1 # add ports to bridge ip link set dev lan1 master br0 ip link set dev lan2 master br0 ip link set dev lan3 master br0 ip link set eth0.1 master br0 # tag traffic on ports bridge vlan add dev lan1 vid 1 pvid untagged bridge vlan add dev lan2 vid 1 pvid untagged bridge vlan add dev lan3 vid 1 pvid untagged # configure the bridge ip addr add 192.0.2.129/25 dev br0 # bring up the bridge ip link set dev br0 up *gateway* .. code-block:: sh # tag traffic on CPU port ip link add link eth0 name eth0.1 type vlan id 1 ip link add link eth0 name eth0.2 type vlan id 2 # For kernels earlier than v5.12, the master interface needs to be # brought up manually before the slave ports. ip link set eth0 up ip link set eth0.1 up ip link set eth0.2 up # bring up the slave interfaces ip link set wan up ip link set lan1 up ip link set lan2 up # create bridge ip link add name br0 type bridge # activate VLAN filtering ip link set dev br0 type bridge vlan_filtering 1 # add ports to bridges ip link set dev wan master br0 ip link set eth0.1 master br0 ip link set dev lan1 master br0 ip link set dev lan2 master br0 # tag traffic on ports bridge vlan add dev lan1 vid 1 pvid untagged bridge vlan add dev lan2 vid 1 pvid untagged bridge vlan add dev wan vid 2 pvid untagged # configure the VLANs ip addr add 192.0.2.1/30 dev eth0.2 ip addr add 192.0.2.129/25 dev br0 # bring up the bridge devices ip link set br0 up |