Omnia networking - Use SFP for LAN, and lan4 for WAN?

fredrikj · August 24, 2023, 3:37pm

Hi all,

Just like another user my internet connection comes via ethernet and I want to use the SFP port as a LAN port instead, mostly because its fun. I have a Turris Omnia 2020, and AFAIU the thread indicates that it should be possible, but I fail to figure out how to do it.

l am familiar to Linux and networking, but OpenWRT and uci is completely new to me, and I have failed to find any documentation that matches what’s configured by default in Turrisos 6.4.1 and Turris Omnia 2020.

When I plug in a SFP module, the Ethernet WAN port stops working as expected. Instead I therefore assume that I need to use one of lan0 - lan4 as WAN port for ISP traffic. The documentation indicates that eth0 and eth1 on the SOC are both connected separate ports on a “fully managed switch” together with lan0 - lan4, and that lan0 - lan3 should be connected to eth0 via port 5 while lan4 should be connected to eth1 via port 6 on the switch.

Unfortunately this does not at all reflect what the uci configuration or the command ip link shows. See the quoted command outputs below. Instead it appears that eth0 is DOWN by default, and lan0 - lan4 are all connected to eth1. The uci network section makes no reference to neither eth0 nor eth1, so no hint about how that is configured there. Only eth2 is explicitly referenced in the wan interface section. Hence it isn’t apparent to me how the lanX interfaces are connected to eth1, if that’s configurable, and if so how I can change that.

So, I’d be grateful if someone could help me get going here.

BTW, I have not found which tool to use to list and manage the switch or query which switch port is connected to what network interface by default. Neither uci export nor the command swconfig provides any hints.

Thanks in advance!

root@turris:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1024
    link/ether d8:58:d7:01:d5:4a brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1508 qdisc mq state UP mode DEFAULT group default qlen 1024
    link/ether d8:58:d7:01:d5:48 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1024
    link/ether d8:58:d7:01:d5:49 brd ff:ff:ff:ff:ff:ff
5: lan0@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:01:d5:48 brd ff:ff:ff:ff:ff:ff
6: lan1@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:01:d5:48 brd ff:ff:ff:ff:ff:ff
7: lan2@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:01:d5:48 brd ff:ff:ff:ff:ff:ff
8: lan3@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:01:d5:48 brd ff:ff:ff:ff:ff:ff
9: lan4@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:01:d5:48 brd ff:ff:ff:ff:ff:ff
10: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/tunnel6 :: brd :: permaddr da49:778c:84::
11: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/sit 0.0.0.0 brd 0.0.0.0
12: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
13: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
14: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
46: br-guest-turris: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 8a:0e:ef:ce:64:57 brd ff:ff:ff:ff:ff:ff
47: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 9c:b7:0d:d5:bb:bd brd ff:ff:ff:ff:ff:ff
48: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
    link/ether 9c:b7:0d:d5:bb:bd brd ff:ff:ff:ff:ff:ff
49: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
    link/ether c4:4b:d1:90:19:1f brd ff:ff:ff:ff:ff:ff

root@turris:~# uci export network
package network

config interface 'loopback'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'
	option device 'lo'

config globals 'globals'
	option ula_prefix 'fd38:eb19:6663::/48'

config interface 'lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option device 'br-lan'

config interface 'wan'
	option proto 'dhcp'
	option ipv6 '1'
	option device 'eth2'

config interface 'guest_turris'
	option enabled '1'
	option proto 'static'
	option ipaddr '10.111.222.1'
	option netmask '255.255.255.0'
	option device 'br-guest-turris'

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'

config device 'br_lan'
	option name 'br-lan'
	option bridge_empty '1'
	list ports 'lan0'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	option type 'bridge'

config device 'br_guest_turris'
	option bridge_empty '1'
	option type 'bridge'
	option name 'br-guest-turris'

peci1 · August 24, 2023, 4:10pm

On TurrisOS 6, you cannot utilize both eth0 and eth1 - that’s a limitation of the DSA framework the switch uses. So practically, the bandwidth between CPU and switch is limited to 1 Gbps.

Also, what you see between WAN and SFP on the referenced scheme, is a switch (in the meaning of a light bulb switch), which selects between the two ports. It can be configured from software, but at any time, only one of the two ports will be connected. There’s no way to connect them both.

fredrikj · August 24, 2023, 5:31pm

Ok, if I understand @peci1 correctly then, the documentation is out of date and incorrect:

Either eth0 or eth1 can be connected - or active on, or whatever - to the internal switch which connects the SOC interfaces to to the ethernet ports lan0 to lan4. There is no way to, at a hardware or link level, in the switch route traffic from eth0 to say specifically lan0 only, and all other traffic to lan1 - lan4 via eth1 only.

Correct? If so, I do wonder what exactly the phrase “fully manageable switch” actually entails in this case? What can I in reality manage? Turn of and off the switch ports 0 - 6? BTW, I do still wonder, what tool do I use to query and manage the switch? uci? swconfig? Something else?

About the WAN ports, I do understand that it is a hardware limitation that makes it impossible to use the WAN ethernet port at the same time as the SFP port. I’m fine with that, not like I have much choice anyway.

So, then to get back to my plan: The eth2 device will be “just another lan port”, which as I mentioned implies that I must configure the Omnia to use one of lan0 - lan4 as its WAN port; because the eth2 ethernet port will stop working as soon as I plug in the SFP module in the SFP slot.

It seems then, that I need to separate, f.x lan4, from the other lanX interfaces and adjust routing, firewall and dhcp configuration accordingly. Which circles the wagon back to my original ask, how?

Had this been just another Debian installation I could have cobbled something togheter with some ip forwarding, and a few simple iproute2 commands. But given OpenWRT / TurrisOS I’m flailing. I have no idea what uci config does and must manage. It’s like trying to admin some BSD variant or SunOs; same same, but very diffirent.

peci1 · August 24, 2023, 6:14pm

Mangaeable switch means that you can set up VLAN tagging, port mirroring etc. between the ports. Managing the switch is done through uci and the standard ip command.

For using one of the lan ports as wan, I think ypu have to put its traffic into a VLAN and then route all local trafic to internet via this VLAN. It shouldn’t need any iptables.

AreYouLoco · August 24, 2023, 7:13pm

@fredrikj You can easily use SFP WAN for lan and LAN4 for WAN.

Just remove lan4 from br-lan and use lan4 as a standalone interface and add eth2 to br-lan and you are there. You can even incorporate VLAN of new WAN side by using lan4.52 for tagged VLAN 52.

Just dont think of DSA at all. For now its using only one eth of the two underneat but that could change in the future if fixed. But that limitation should not bother you now. Just forget eth0 and eth1 that they are there.

system · September 29, 2023, 7:48am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.