search

freifunk-berlin / bbb-configs

Ansible based configuration management openwrt mesh nodes in the city-wide backbone of Freifunk Berlin
GNU Affero General Public License v3.0
14 stars 24 forks source link

Implement Switchport Profiles #120

Open spolack opened 2 years ago

spolack commented 2 years ago

RFC

A switchport profile should be a hash of port config, which can be assigned to all or individual ports per device.

port_profile_name:
  networks: [network_name, ..]
  native_network: network_name
  poe_mode: type poe_mode

type poe_mode: [24_passive, 48_passive, af]

Following Profiles should be implicitly created. profile all is applied by default to every port

all:
  networks: [all networks]
  native_network: None
  poe_mode: af

all_24_passive:
  networks: [all networks]
  native_network: None
  poe_mode: 24_passive

{per network with vid}
$network_name:
  networks: [all networks]
  native_network: $network_name
  poe_mode: af
{end}

{per network with vid}
$network_name + "_24_passive":
  networks: [all networks]
  native_network: $network_name
  poe_mode: 24_passive
{end}

{per network with vid}
$network_name + "_mgmt":
  networks: [$network_name, mgmt]
  native_network: $network_name
  poe_mode: af
{end}

{per network with vid}
$network_name + "_mgmt_24_passive":
  networks: [$network_name, mgmt]
  native_network: $network_name
  poe_mode: 24_passive
{end}
PolynomialDivision commented 2 years ago

Can you give a specif example, how a config would look like, for a site? I do not understand exactly each line of the template code you wrote.

Noki commented 2 years ago

Just wanted to point out two usecases:

  1. In a setup with a core router and multiple accesspoints that all have multiple LAN ports and a WAN port the WAN port could be used to connect the AP to the core router. All other LAN ports could be configured to use VLAN 40 so users could directly connect to the APs via cable and without having to deal with a VLAN configuration. This is a well known setup to most users. This could also be setup as private VLAN so all devices connected via LAN to an AP (pc, printer, nas, tv, ...) could communicate with each other but are isolated from the rest of the setup.
  2. Devices like a webcam or server that might not have or support VLAN tagging could be connected to a seperate LAN port that is assigned to a VLAN without filtering so it could be made accessible via Freifunk and the internet.
spolack commented 2 years ago

I just gave some different techniques to prepopulate the profiles a try and found a way to use loops in templates which doesnt feel too hackish. Not sure if they are better ways though.

Commit: https://github.com/freifunk-berlin/bbb-configs/commit/d2de94a4375b3e90aa1798456330912b24ce71fc

Resulting port_profiles variable for wilgu10 networks..

all:
  native_vlan: false
  poe_mode: af
  vlans: [10, 11, 20, 42, 40, 41, 50]
all_24_passive:
  mesh_sama: null
  native_vlan: 10
  poe_mode: af
  vlans: [10, 11, 20, 42, 40, 41, 50]
dhcp_24_passive:
  native_vlan: 40
  poe_mode: 24_passive
  vlans: [10, 11, 20, 42, 40, 41, 50]
dhcp_mgmt:
  native_vlan: 40
  poe_mode: af
  vlans: [40, 42]
dhcp_mgmt_24_passive:
  native_vlan: 41
  poe_mode: af
  prdhcp: null
  vlans: [10, 11, 20, 42, 40, 41, 50]
mesh_east_2g_24_passive:
  native_vlan: 20
  poe_mode: 24_passive
  vlans: [10, 11, 20, 42, 40, 41, 50]
mesh_east_2g_mgmt:
  native_vlan: 20
  poe_mode: af
  vlans: [20, 42]
mesh_east_2g_mgmt_24_passive:
  mgmt: null
  native_vlan: 42
  poe_mode: af
  vlans: [10, 11, 20, 42, 40, 41, 50]
mesh_sama_24_passive:
  native_vlan: 10
  poe_mode: 24_passive
  vlans: [10, 11, 20, 42, 40, 41, 50]
mesh_sama_mgmt:
  native_vlan: 10
  poe_mode: af
  vlans: [10, 42]
mesh_sama_mgmt_24_passive:
  mesh_zwingli: null
  native_vlan: 11
  poe_mode: af
  vlans: [10, 11, 20, 42, 40, 41, 50]
mesh_zwingli_24_passive:
  native_vlan: 11
  poe_mode: 24_passive
  vlans: [10, 11, 20, 42, 40, 41, 50]
mesh_zwingli_mgmt:
  native_vlan: 11
  poe_mode: af
  vlans: [11, 42]
mesh_zwingli_mgmt_24_passive:
  mesh_east_2g: null
  native_vlan: 20
  poe_mode: af
  vlans: [10, 11, 20, 42, 40, 41, 50]
mgmt_24_passive:
  native_vlan: 42
  poe_mode: 24_passive
  vlans: [10, 11, 20, 42, 40, 41, 50]
mgmt_mgmt:
  native_vlan: 42
  poe_mode: af
  vlans: [42, 42]
mgmt_mgmt_24_passive:
  dhcp: null
  native_vlan: 40
  poe_mode: af
  vlans: [10, 11, 20, 42, 40, 41, 50]
prdhcp_24_passive:
  native_vlan: 41
  poe_mode: 24_passive
  vlans: [10, 11, 20, 42, 40, 41, 50]
prdhcp_mgmt:
  native_vlan: 41
  poe_mode: af
  vlans: [41, 42]
prdhcp_mgmt_24_passive:
  native_vlan: 50
  poe_mode: af
  vlans: [10, 11, 20, 42, 40, 41, 50]
  w10host: null
w10host_24_passive:
  native_vlan: 50
  poe_mode: 24_passive
  vlans: [10, 11, 20, 42, 40, 41, 50]
w10host_mgmt:
  native_vlan: 50
  poe_mode: af
  vlans: [50, 42]
w10host_mgmt_24_passive:
  native_vlan: 50
  poe_mode: 24_passive
  vlans: [50, 42]