meier4489
Feb 22, 2015, updated at Feb 23, 2015 (UTC)
view4706
view1
0
Goto Top

VLAN-Netzwerk mit OpenWRT

GermanQuestionRouters, RoutingNetworks
Hallo Leute,

ich habe da ein Problem bei meinen VLAN Einstellungen.
Ich möchte meinen Router auf dem zwei Netzwerke laufen, mit einem AP über eine "tagged" mit einander verbinden.

Ich habe mir fleißig die Anleitungen hier im Forum und auch auf der OpenWRT Seite durchgelesen, leider muss ich wohl einen Fehler gemacht haben den ich einfach nicht finden kann.

[Router port5]---------cat6-------[AP port1]

Ich habe den Router über Port 5 mit dem AP über den Port1 mit einem cat6 verbinden, wenn ich mich nun mit dem Router verbinde und den AP an pingen will bekomme ich keine Rückmeldung, das gleich wenn ich es über den AP versuche und den Router an pingen will.

Hier mal noch meine "network" Dateien
Router
config interface 'loopback'  
	option ifname 'lo'  
	option proto 'static'  
	option ipaddr '127.0.0.1'  
	option netmask '255.0.0.0'  

config globals 'globals'  
	option ula_prefix 'fd13:3398:1bbf::/48'  

config interface 'wan'  
	option _orig_ifname 'eth0.2'  
	option _orig_bridge 'false'  
	option proto 'static'  
	option ipaddr '192.168.178.100'  
	option netmask '255.255.255.0'  
	option gateway '192.168.178.1'  
	option broadcast '192.168.178.255'  
	option dns '192.168.178.1'  
	option ifname 'eth0.1'  

config interface 'wan6'  
	option ifname '@wan'  
	option proto 'dhcpv6'  
	option reqaddress 'try'  
	option reqprefix 'auto'  

config switch
	option name 'switch0'  
	option reset '1'  
	option enable_vlan '1'  

config switch_vlan
	option device 'switch0'  
	option vlan '1'  
	option vid '1'  
	option ports '0t 1'  

config switch_vlan
	option device 'switch0'  
	option vlan '5'  
	option vid '5'  
	option ports '0t 2 3 4 5t'  

config switch_vlan
	option device 'switch0'  
	option vlan '10'  
	option vid '10'  
	option ports '0t 5t'  

config interface 'home'  
	option proto 'static'  
	option ipaddr '192.168.20.254'  
	option netmask '255.255.255.0'  
	option macaddr '64:66:B3:DE:F6:D2'  
	option type 'bridge'  
	option _orig_ifname 'eth0.20 wlan0 wlan1'  
	option _orig_bridge 'true'  
	option ifname 'eth0.5'  
	option gateway '192.168.178.1'  
	option broadcast '192.168.20.255'  

config interface 'gast'  
	option proto 'static'  
	option ipaddr '192.168.40.254'  
	option netmask '255.255.255.0'  
	option broadcast '192.168.40.255'  
	option macaddr '64:66:B3:DE:F6:D3'  
	option type 'bridge'  
	option _orig_ifname 'eth0.40 wlan0-1 wlan1-1'  
	option _orig_bridge 'true'  
	option ifname 'eth0.10'
AP
config interface 'loopback'  
	option ifname 'lo'  
	option proto 'static'  
	option ipaddr '127.0.0.1'  
	option netmask '255.0.0.0'  

config globals 'globals'  
	option ula_prefix 'fd36:9848:1965::/48'  

config switch
	option name 'mt762x'  
	option reset '1'  
	option enable_vlan '1'  

config switch_vlan
	option device 'mt762x'  
	option vlan '5'  
	option vid '5'  
	option ports '0 1t 2t 3t 4t 5t 6t'  

config switch_vlan
	option device 'mt762x'  
	option vlan '10'  
	option vid '10'  
	option ports '1t 2t 3t 4t 5t 6t'  

config interface 'home'  
	option proto 'static'  
	option ipaddr '192.168.20.239'  
	option netmask '255.255.255.0'  
	option macaddr '64:66:B3:DE:F6:F2'  
	option type 'bridge'  
	option _orig_ifname 'eth0.20 wlan0 wlan1'  
	option _orig_bridge 'true'  
	option broadcast '192.168.20.255'  
	option gateway '192.168.20.254'  
	option ifname 'eth0.5'  

config interface 'gast'  
	option proto 'static'  
	option ipaddr '192.168.40.239'  
	option gateway '192.168.40.254'  
	option netmask '255.255.255.0'  
	option broadcast '192.168.40.255'  
	option macaddr '64:66:B3:DE:F6:F3'  
	option type 'bridge'  
	option _orig_ifname 'eth0.40 wlan0-1 wlan1-1'  
	option _orig_bridge 'true'  
	option ifname 'eth0.10'
Und die "firewall" Datei
Router
config defaults
	option syn_flood '1'  
	option input 'ACCEPT'  
	option output 'ACCEPT'  
	option forward 'REJECT'  

config zone
	option name 'lan'  
	option input 'ACCEPT'  
	option output 'ACCEPT'  
	option forward 'ACCEPT'  
	option network 'home lan'  

config zone
	option name 'wan'  
	option input 'REJECT'  
	option output 'ACCEPT'  
	option forward 'REJECT'  
	option masq '1'  
	option mtu_fix '1'  
	option network 'wan'  

config rule
	option name 'Allow-DHCP-Renew'  
	option src 'wan'  
	option proto 'udp'  
	option dest_port '68'  
	option target 'ACCEPT'  
	option family 'ipv4'  

config rule
	option name 'Allow-Ping'  
	option src 'wan'  
	option proto 'icmp'  
	option icmp_type 'echo-request'  
	option family 'ipv4'  
	option target 'ACCEPT'  

config rule
	option name 'Allow-DHCPv6'  
	option src 'wan'  
	option proto 'udp'  
	option src_ip 'fe80::/10'  
	option src_port '547'  
	option dest_ip 'fe80::/10'  
	option dest_port '546'  
	option family 'ipv6'  
	option target 'ACCEPT'  

config rule
	option name 'Allow-ICMPv6-Input'  
	option src 'wan'  
	option proto 'icmp'  
	list icmp_type 'echo-request'  
	list icmp_type 'echo-reply'  
	list icmp_type 'destination-unreachable'  
	list icmp_type 'packet-too-big'  
	list icmp_type 'time-exceeded'  
	list icmp_type 'bad-header'  
	list icmp_type 'unknown-header-type'  
	list icmp_type 'router-solicitation'  
	list icmp_type 'neighbour-solicitation'  
	list icmp_type 'router-advertisement'  
	list icmp_type 'neighbour-advertisement'  
	option limit '1000/sec'  
	option family 'ipv6'  
	option target 'ACCEPT'  

config rule
	option name 'Allow-ICMPv6-Forward'  
	option src 'wan'  
	option dest '*'  
	option proto 'icmp'  
	list icmp_type 'echo-request'  
	list icmp_type 'echo-reply'  
	list icmp_type 'destination-unreachable'  
	list icmp_type 'packet-too-big'  
	list icmp_type 'time-exceeded'  
	list icmp_type 'bad-header'  
	list icmp_type 'unknown-header-type'  
	option limit '1000/sec'  
	option family 'ipv6'  
	option target 'ACCEPT'  

config include
	option path '/etc/firewall.user'  

config forwarding
	option dest 'wan'  
	option src 'lan'  

config zone
	option forward 'REJECT'  
	option output 'ACCEPT'  
	option input 'REJECT'  
	option name 'gast'  
	option network 'gast'  

config forwarding
	option dest 'wan'  
	option src 'gast'  

config rule
	option src_port '67-68'  
	option dest_port '67-68'  
	option proto 'udp'  
	option target 'ACCEPT'  
	option name 'Allow DHCP request'  
	option src 'gast'  

config rule
	option dest_port '53'  
	option proto 'tcpudp'  
	option target 'ACCEPT'  
	option name 'Allow DNS Queries'  
	option src 'gast'  

config rule
	option target 'DROP'  
	option name 'Deny Access to router'  
	option src 'gast'  

config rule
	option dest 'lan'  
	option name 'Deny Gast -> LAN'  
	option proto 'all'  
	option target 'DROP'  
	option src 'gast'  

config rule
	option target 'ACCEPT'  
	option dest 'wan'  
	option name 'Allow Gast -> WAN http'  
	option proto 'tcp'  
	option dest_port '80'  
	option src 'gast'  

config rule
	option target 'ACCEPT'  
	option dest 'wan'  
	option name 'Allow Gast -> WAN https'  
	option proto 'tcp'  
	option dest_port '443'  
	option src 'gast'  

config rule
	option target 'ACCEPT'  
	option dest 'wan'  
	option name 'Allow Gast -> WAN port 993'  
	option dest_port '993'  
	option src 'gast'  
	option proto 'all'  

config rule
	option target 'ACCEPT'  
	option dest 'wan'  
	option name 'Allow Gast -> WAN port 465'  
	option dest_port '465'  
	option src 'gast'  
	option proto 'all'  

config rule
	option target 'ACCEPT'  
	option dest 'wan'  
	option name 'Allow Gast -> WAN port 993'  
	option dest_port '993'  
	option src 'gast'  
	option proto 'all'  

config rule
	option target 'ACCEPT'  
	option dest 'wan'  
	option name 'Allow Gast -> WAN port 110'  
	option dest_port '110'  
	option src 'gast'  
	option proto 'all'  

config rule
	option target 'ACCEPT'  
	option dest 'wan'  
	option name 'Allow Gast -> WAN port 143'  
	option dest_port '143'  
	option src 'gast'  
	option proto 'all'  

config rule
	option target 'ACCEPT'  
	option dest 'wan'  
	option name 'Allow Gast -> WAN port 25'  
	option dest_port '25'  
	option src 'gast'  
	option proto 'all'  

config rule
	option target 'ACCEPT'  
	option dest 'wan'  
	option name 'Allow Gast -> WAN port 587'  
	option dest_port '587'  
	option src 'gast'  
	option proto 'all'  

config rule
	option target 'ACCEPT'  
	option dest 'wan'  
	option name 'Allow Gast -> WAN port 2525'  
	option dest_port '2525'  
	option src 'gast'  
	option proto 'all'  

config rule
	option dest 'wan'  
	option name 'Deny Gast -> WAN'  
	option proto 'all'  
	option target 'DROP'  
	option src 'gast'

Router
9a108e9e3827abdfaa83a89318141bc6
efb95e2b11c92372c587663a8425d9b5
AP
4d851a0d7b565b787d6cb27c5a280a97
b63616146e03e479a03f95a19175bd84
comment-contentCommentShareShare
Share on Facebook Share on Twitter Share on Reddit Share on Linkedin

Content-Key: 264231

Url: https://administrator.de/contentid/264231

Printed on: April 16, 2024 at 13:04 o'clock

1 Comment
Goto Top
Member: aqui
aqui Feb 23, 2015 at 09:50:18 (UTC)
Goto Top
Ist der Thread jetzt gelöst, weil auf "Gelöst" geklickt ?!

Falls nicht lies dir diesen Thread durch:
2 getrennte Netze, wenn DHCP auf dem SBS läuft
Dort steht alles drin was du wissen musst dazu um es zum Fliegen zu bringen.
Mit 167 Threads brauchst du allerdings etwas Geduld face-wink
GermanQuestionRouters, RoutingNetworks