search

negan07 / ancistrus

Netgear's D7000 Nighthawk Router Experience Distributed Project
https://negan07.github.io/ancistrus/
GNU General Public License v2.0
66 stars 17 forks source link

VLAN Tagging Wifi #60

Closed Cranial closed 3 years ago

Cranial commented 4 years ago

Hi Negan, looking to see if you can help.

I'm trying to figure out if I can vlan tag the Guest WiFi on the D7000. Currently it's setup as an Access Point, connected to my Ubiquiti USG LAN 1. I want to tag Guest network so I can pass that to the guest portal on my controller.

Looking on the D7000, I can see a utility vlanctl, but haven't found any available documentation online.

root@D7000:~$ vlanctl --help

VLAN Control Utility:

::: Usage:

vlanctl

        --if <if_name> Sets the target Interface of a composite vlanctl command to <if_name>.

        --rx Sets the direction of a composite vlanctl command to RECEIVE

        --tx Sets the direction of a composite vlanctl command to TRANSMIT

        --tags <nbr_of_tags> Sets the number of tags of a composite vlanctl command to <nbr_of_tags>

        --if-create <real_if_name> <if_index> Creates a new VOPI named <real_if_name>.v<if_index> and attaches it to the real device
         <real_if_name>. For instance, if this command were executed for the eth0 real interface and the VOPI interface index were
         set to 3, the resulting interface would have been named eth0.v3.

        --if-create-name <real_if_name> <vlan_if_name> Creates a new VOPI named <vlan_if_name> and attaches it to the real device

        --if-delete <vlan_if_name> Destroy the VOPI named <vlan_if_name>.

        --rule-append Inserts a new Tagging Rule as the last rule of the specified Tagging Rule Table. Dependencies: --if, --rx or
         --tx, and --tags.

        --rule-insert-before <rule-id> Inserts a new Tagging Rule before the Tagging Rule whose identifier matches <rule-id> in the
        specified Tagging Rule Table. Dependencies: --if, --rx or --tx, and --tags.

        --rule-insert-after <rule-id> Inserts a new Tagging Rule after the Tagging Rule whose identifier matches <rule-id> in the
        specified Tagging Rule Table. Dependencies: --if, --rx or --tx, and --tags.

        --rule-remove <rule-id> Removes the Tagging Rule that matches <rule-id> from the specified Tagging Rule Table. Dependencies:
        --if, --rx or --tx, and --tags.

        --rule-remove-all <real_if_name> <vlan_if_name> Removes all the Tagging Rules for the vlan device. 

        --show-table Lists all Tagging Rules stored in the specified Tagging Rule Table. Dependencies: --if, --rx or --tx, and
        --tags.

        --default-tpid <tpid> Sets the default TPID value of a tagging rule table to <tpid>. When a table is created, its default
        TPID value is set to 0x8100. Dependencies: --if, --rx or --tx, and --tags.

        --default-pbits <pbits> Sets the default PBITS value of a tagging rule table to <pbits>. When a table is created, its 
        default PBITS value is set to 0. Dependencies: --if, --rx or --tx, and --tags.

        --default-cfi <cfi> Sets the default CFI value of a tagging rule table to <cfi>. When a table is created, its default CFI 
        value is set to 0. Dependencies: --if, --rx or --tx, and --tags.

        --default-vid <vid> Sets the default VID value of a tagging rule table to <vid>. When a table is created, its default VID 
        value is set to 1 (as per IEEE 802.1Q). Dependencies: --if, --rx or --tx, and --tags.

        --cfg-dscp2pbits <dscp> <pbits> Programs the entry number <dscp> of the DSCP-TO-PBITS translation table of a Real Device to
        the value specified by <pbits>. When a tagging rule table is created, the default values of the DSCP-TO-PBITS table are 
        set by copying the lowest 3 bits of each DSCP value as the PBITS value, for each entry in the table. For instance, the 
        following entries are programmed by default: DSCP=5:PBITS=5, DSCP=15:PBITS=7, etc. The DSCP-TO-PBITS translation table 
        has 64 entries. Dependencies: --if.

        --show-dscp2pbits Lists the values programmed in the DSCP-TO-PBITS table of the specified Real Device. Dependencies: 
        --if.

        --cfg-tpid <tpid0> <tpid1> <tpid2> <tpid3> Configures the TPID Table entries of a given Real Interface. The configured 
        TPID values are used to identify VLAN Headers of packets received from and transmitted to the VOPIs created for a given
        Real Interface. Four values must always be specified. The default TPID values are 0x8100, 0x8100, 0x8100, and 0x8100. 
        Dependencies: --if.

        --show-tpid Lists the values programmed in the TPID Table of the specified Real Device. Dependencies: --if.

        --local-stats <vlan_if_name> Shows the statistics counters maintained for the VOPI named <vlan_if_name>. These counters 
        are complimentary to the standard counters maintained for the device, which can be read via the Linux ifconfig 
        command.

        --filter-ethertype <ethertype> Match the Ethertype field in the Ethernet Header of incoming frames against <ethertype>.

        --filter-pbits <pbits> <tag_nbr> Match the PBITS value of VLAN Header number <tag_nbr> of incoming frames against 
        <pbits>.

        --filter-cfi <cfi> <tag_nbr> Match the CFI bit of VLAN Header number <tag_nbr> of incoming frames against <cfi>.

        --filter-vid <vid> <tag_nbr> Match the VID value of VLAN Header number <tag_nbr> of incoming frames against <vid>.

        --filter-tag-ethertype <ethertype> <tag_nbr> Match the Ethertype field of the VLAN Header number <tag_nbr> of incoming 
        frames against <ethertype>.

        --filter-dscp <dscp> Match the DSCP value in the IPv4 header of incoming frames against <dscp>.
        --filter-rxif <real_if_name> Match the rx VOPI of the transmitting packet against <real-if-name>. This filter can be used to bind a Tagging 
        Rule to a specific rx VOPI on the TRANSMIT direction. This filter is not applicable for rules in the RECEIVE direction.

        --filter-txif <vlan_if_name> Match the transmitting VOPI against <vlan-if-name>. This filter can be used to bind a Tagging 
        Rule to a specific VOPI on the TRANSMIT direction. This filter is not applicable for rules in the RECEIVE direction. 
        TRANSMIT rules without this filter will apply to all frames transmitted from all VOPIs attached to the Real Device.

        --filter-skb-prio <priority> Match the SKB priority of incoming frames against <priority>.

        --filter-skb-mark-flowid <flowid> Match the Flow ID subfield of the SKB Mark field against <flowid>. The SKB Mark Flow ID 
        subfield can be used as a way to correlate packet classification made by other Linux modules (such as ebtables and 
        iptables) with Tagging Rules. A possible usage for this filter would be to direct packets generated by an application to 
        a specific port of a real interface (such as a GPON port) based on layer 3 filters. In this example a socket would be 
        created on a VOPI,IP Tables rules would be created to identify flows and set Flow IDs, and Tagging rules would be 
        created to match on such Flow IDs and apply treatments, such as setting the destination GEM Port and Queue.

        --filter-skb-mark-port <port> Match the Port subfield of the SKB Mark field against <port>. This filter can be used to bind
         certain Tagging Rules with a specific Real Interface port (for instance a GPON Port).

        --filter-vlan-dev-mac-addr <ignore_if_multicast> Match the recv frame dest MAC addr against the recv virtual interface.
         Set <ignore_if_multicast> to 0 to apply filter on all recv frames.
         Set <ignore_if_multicast> to 1 to apply filter on unicast frames only.
         This filter is not applicable for rules in the TRANSMIT direction.

        --pop-tag Remove the outermost VLAN tag. If multiple tags are to be removed, this treatment should be specified for each 
        VLAN tag to be removed.

        --push-tag Add the default VLAN tag of the corresponding Tagging Rule Table as the new outer tag. The default TPID value
        will be used as the new Ethertype value in the Ethernet header, the existing Ethertype of the Ethernet Header will be used
        as the Tag Ethertype field of the new tag, and the default PBITS, CFI and VID will be used as the TCI of the new tag. If
        multiple tags are to be inserted, this treatment must be specified for each VLAN tag to be inserted.

        --set-ethertype <ethertype> Set the Ethertype value of the Ethernet Header to <ethertype>.

        --set-pbits <pbits> <tag_nbr> Set the PBITS value of the VLAN Header number <tag_nbr> to <pbits>.

        --set-cfi <cfi> <tag_nbr> Set the CFI bit of the VLAN Heade number <tag_nbr> to <cfi>.

        --set-vid <vid> <tag_nbr> Set the VID of the VLAN Header number <tag_nbr> to <vid>.

        --set-tag-ethertype <ethertype> Set the Ethertype field of the VLAN Header number <tag_nbr> to <ethertype>.

        --set-dscp <dscp> Set the IPv4 DSCP value of the matching frame to <dscp>.

        --copy-pbits <from_tag_nbr> <to_tag_nbr> Copy the PBITS value from VLAN Header number <from_tag_nbr> to VLAN Header number 
        <to_tag_nbr>.

        --copy-cfi <from_tag_nbr> <to_tag_nbr> Copy the CFI value from VLAN Header number <from_tag_nbr> to VLAN Header number 
        <to_tag_nbr>.

        --copy-vid <from_tag_nbr> <to_tag_nbr> Copy the VID value from VLAN Header number <from_tag_nbr> to VLAN Header number 
        <to_tag_nbr>.

        --copy-tag-ethertype <from_tag_nbr> <to_tag_nbr> Copy the Ethertype value from VLAN Header number <from_tag_nbr> to VLAN 
        Header number <to_tag_nbr>.

        --dscp2pbits <tag_nbr> Translate the IPv4 DSCP into a PIBTS value, and write the translated PBITS value in the VLAN Header 
        number <tag_nbr>. The DSCP-To-PBITS table of the respective Real Device is used for translation.

        --set-rxif <vlan_if_name> Forward frames in the RECEIVE direction that match this rule to the VOPI specified in 
        <vlan_if_name>. If not specified, the frame will be forwarded to a randomly chosen VOPI. Using this treatment in the 
        TRANSMIT direction has no effect.

        --set-if-mode-ont Set real device mode to ONT.

        --set-if-mode-rg  Set real device mode to RG.

        --drop-frame Drop the matching frame.
        --set-skb-prio <priority> Set the SKB priority to <priority>.

        --set-skb-mark-port <port> Set the Port subfield of the SKB Mark field to <port>. The SKB Mark Port subfield is used by 
        the Broadcom device drivers to send a frame to a specific port within a Real Interface. For instance, a GPON Real 
        Interface may have been configured with multiple GEM Ports. When a packet is sent to that interface, the driver uses 
        the SKB Mark Port subfield as the GEM Port to which the packets will be transmitted.

        --set-skb-mark-queue <queue> Set the Queue subfield of the SKB Mark field to <queue>. The SKB Mark Queue subfield is used 
        by the Broadcom device drivers to determine the queue to which transmit a frame.

        --set-skb-mark-flowid <flowid> Set the Flow ID subfield of the SKB Mark field to <flowID>. The SKB Mark Flow ID subfield 
        can be used as a way to correlate packet classification made by Tagging Rules with other Linux modules (such as 
        ebtables and iptables).

        --rule-type <type> set the type of rule. 0: flow; 1: qos; 

        --create-flows <rx_vlan_ifname> <tx_vlan_ifname> Setup vlan flows for the path (rx_vlan_ifname->tx_vlan_ifname).

        --delete-flows <rx_vlan_ifname> <tx_vlan_ifname> Remove vlan flows for the path (rx_vlan_ifname->tx_vlan_ifname).

I want to tag Interface wl0.1 (I think that's guest wifi)

root@D7000:~$ ifconfig
bcmsw     Link encap:Ethernet  HWaddr 40:5D:82:D8:24:C8  
          UP BROADCAST RUNNING MULTICAST  MTU:2048  Metric:1
          RX packets:57388923 errors:0 dropped:0 overruns:0 frame:0
          TX packets:187090643 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1317442107 (1.2 GiB)  TX bytes:2576848083 (2.3 GiB)
          Base address:0xffff 

eth0      Link encap:Ethernet  HWaddr 40:5D:82:D8:24:CC  
          inet6 addr: fe80::425d:82ff:fed8:24cc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:2048  Metric:1
          RX packets:243534438 errors:1 dropped:0 overruns:0 frame:0
          TX packets:173423702 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1548347112 (1.4 GiB)  TX bytes:3737972809 (3.4 GiB)

eth0.1    Link encap:Ethernet  HWaddr 40:5D:82:D8:24:CC  
          inet6 addr: fe80::425d:82ff:fed8:24cc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:2048  Metric:1
          RX packets:198344581 errors:0 dropped:39855 overruns:0 frame:0
          TX packets:140572281 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3141536371 (2.9 GiB)  TX bytes:1655291526 (1.5 GiB)

eth1      Link encap:Ethernet  HWaddr 40:5D:82:D8:24:C8  
          inet6 addr: fe80::425d:82ff:fed8:24c8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:2048  Metric:1
          RX packets:359719451 errors:0 dropped:0 overruns:0 frame:0
          TX packets:279528765 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:418828707 (399.4 MiB)  TX bytes:1551234438 (1.4 GiB)

eth2      Link encap:Ethernet  HWaddr 40:5D:82:D8:24:C8  
          inet6 addr: fe80::425d:82ff:fed8:24c8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:2048  Metric:1
          RX packets:165085110 errors:0 dropped:0 overruns:0 frame:0
          TX packets:146230722 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3915063361 (3.6 GiB)  TX bytes:316831828 (302.1 MiB)

eth3      Link encap:Ethernet  HWaddr 40:5D:82:D8:24:C8  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth4      Link encap:Ethernet  HWaddr 40:5D:82:D8:24:C8  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

group1    Link encap:Ethernet  HWaddr 40:5D:82:D8:24:C8  
          inet addr:192.168.1.20  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::425d:82ff:fed8:24c8/64 Scope:Link
          UP BROADCAST RUNNING ALLMULTI  MTU:1500  Metric:1
          RX packets:7994388 errors:0 dropped:5681 overruns:0 frame:0
          TX packets:1024457 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1822534444 (1.6 GiB)  TX bytes:302877582 (288.8 MiB)

group2    Link encap:Ethernet  HWaddr 5A:0C:20:E4:70:D8  
          inet6 addr: fe80::580c:20ff:fee4:70d8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:2818 (2.7 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2030817 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2030817 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:486961177 (464.4 MiB)  TX bytes:486961177 (464.4 MiB)

wl0       Link encap:Ethernet  HWaddr 40:5D:82:D8:24:C8  
          inet6 addr: fe80::425d:82ff:X:X/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:29833381 errors:0 dropped:15 overruns:0 frame:33465316
          TX packets:29911759 errors:4514 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4168385661 (3.8 GiB)  TX bytes:353953371 (337.5 MiB)
          Interrupt:92 

wl0.1     Link encap:Ethernet  HWaddr 62:5D:82:D8:24:C9  
          inet6 addr: fe80::605d:82ff:X:X/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:33465316
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wl1       Link encap:Ethernet  HWaddr 40:5D:82:D8:24:CA  
          inet6 addr: fe80::425d:82ff:X:X/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:127636241 errors:0 dropped:1 overruns:0 frame:31205843
          TX packets:324202192 errors:51244 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:671185127 (640.0 MiB)  TX bytes:1335835440 (1.2 GiB)
          Interrupt:93

I'm not sure if this is possible at all, with the native vlanctl package or with an external package, but thought you would know more about this than me.

negan07 commented 4 years ago

have a look at https://github.com/RMerl/asuswrt-merlin.ng/blob/master/release/src/router/vlanctl/unitTest/vlantest should share the same broadcom (?) utility

have also a look at VLAN/IPTV config hidden web page under advanced/install menu

Cranial commented 4 years ago

have a look at https://github.com/RMerl/asuswrt-merlin.ng/blob/master/release/src/router/vlanctl/unitTest/vlantest should share the same broadcom (?) utility ...

@negan07 thanks Negan, I’ll check it out. If I have any success I’ll update here for anyone else it might help.

Sent with GitHawk

negan07 commented 4 years ago

any other improvement ?

Cranial commented 4 years ago

No chance to work on it yet, been travelling for work again. Will update when I can.

prophecy4you commented 8 months ago

The hidden iptv page did the trick to enable the VLAN (and trunking), just had to manually add the guest network to the br created in the hidden page 👍