Network

    Routing

    source

    Failover IP - double wan

    Installation: opkg install mwan3

    Status: mwan3 status

    /etc/config/mwan3:

    config globals 'globals'
            option mmx_mask '0x3F00'
    
    config interface 'wan'
            option enabled '1'
            list track_ip '8.8.4.4'
            list track_ip '8.8.8.8'
            list track_ip '208.67.222.222'
            list track_ip '208.67.220.220'
            option family 'ipv4'
            option reliability '1'
    
    config interface 'wan6'
            option enabled '0'
            list track_ip '2001:4860:4860::8844'
            list track_ip '2001:4860:4860::8888'
            list track_ip '2620:0:ccd::2'
            list track_ip '2620:0:ccc::2'
            option family 'ipv6'
            option reliability '2'
    
    config interface 'wanb'
            option enabled '1'
            list track_ip '8.8.4.4'
            list track_ip '8.8.8.8'
            list track_ip '208.67.222.222'
            list track_ip '208.67.220.220'
            option family 'ipv4'
            option reliability '1'
    
    config interface 'wanb6'
            option enabled '0'
            list track_ip '2001:4860:4860::8844'
            list track_ip '2001:4860:4860::8888'
            list track_ip '2620:0:ccd::2'
            list track_ip '2620:0:ccc::2'
            option family 'ipv6'
            option reliability '1'
    
    config member 'wan_m1_w3'
            option interface 'wan'
            option metric '1'
            option weight '3'
    
    config member 'wan_m2_w3'
            option interface 'wan'
            option metric '2'
            option weight '3'
    
    config member 'wanb_m1_w2'
            option interface 'wanb'
            option metric '1'
            option weight '2'
    
    config member 'wanb_m2_w2'
            option interface 'wanb'
            option metric '2'
            option weight '2'
    
    config member 'wan6_m1_w3'
            option interface 'wan6'
            option metric '1'
            option weight '3'
    
    config member 'wan6_m2_w3'
            option interface 'wan6'
            option metric '2'
            option weight '3'
    
    config member 'wanb6_m1_w2'
            option interface 'wanb6'
            option metric '1'
            option weight '2'
    
    config member 'wanb6_m2_w2'
            option interface 'wanb6'
            option metric '2'
            option weight '2'
    
    #config policy 'wan_only'
    #       list use_member 'wan_m1_w3'
    #       list use_member 'wan6_m1_w3'
    
    #config policy 'wanb_only'
    #       list use_member 'wanb_m1_w2'
    #       list use_member 'wanb6_m1_w2'
    
    #config policy 'balanced'
    #       list use_member 'wan_m1_w3'
    #       list use_member 'wanb_m1_w2'
    #       list use_member 'wan6_m1_w3'
    #       list use_member 'wanb6_m1_w2'
    
    config policy 'wan_wanb'
            list use_member 'wan_m1_w3'
            list use_member 'wanb_m2_w2'
            list use_member 'wan6_m1_w3'
    #       list use_member 'wanb6_m2_w2'
    
    #config rule 'https'
    #       option sticky '1'
    #       option dest_port '443'
    #       option proto 'tcp'
    #       option use_policy 'balanced'
    
    config rule 'default_rule_v4'
            option dest_ip '0.0.0.0/0'
            option use_policy 'wan_wanb'
            option family 'ipv4'
            option sticky '0'
    
    #config rule 'default_rule_v6'
    #       option dest_ip '::/0'
    #       option use_policy 'wan_wanb'
    #       option family 'ipv6'
    

    Note: please add option metric in /etc/config/network for each interface

    References:

    List connected client

    On router

    ip neighbor
    
    cat /tmp/dhcp.leases
    
    ubus call dhcp ipv4leases
    ubus call dhcp ipv6leases
    

    source

    On wireless device

    # Universal
    iwinfo wlan0 assoclist
    
    # Proprietary Broadcom (wl)
    wl -i wl0 assoclist
    
    # Proprietary Atheros (madwifi)
    wlanconfig ath0 list sta
    
    # MAC80211
    iw dev wlan0 station dump
    

    On switch

    # arp does not show those on other vlan, so you should use:
    bridge fdb show | grep self # not optimized, it show all active+old/inactive connections 
    

    source

    Tips/shortcut on all wireless intefaces:

    ip a | grep wlan | cut -d: -f2 | tr -d " " | xargs -i iwinfo {} assoclist | grep -E "^\w"
    

    Note: require findutils-xargs

    List wireless network

    iwinfo wlan0 scan
    

    source

    Add dhcp to an interface

    /etc/config/dhcp

    config dhcp 'management'
            option interface 'management'
            option start '100'
            option limit '150'
            option leasetime '12h'
    

    DHCP options

    config dhcp 'management'
      ...
      list dhcp_option '6,192.168.1.10,192.168.1.11'
      list dhcp_option '66,192.168.0.15'
    

    Notes:

    • 6 for DNS server followg by primary,secondary (optional for secondary)
    • 66 for tftp/ipxe

    Configure an interface as a dhclient

    /etc/config/network

    config interface 'lan'
            ...
            option proto 'dhcp'
    

    Add a vlan

    /etc/config/network

    config bridge-vlan
            option device 'br-lan'
            option vlan '100'
            list ports 'eth0:t'
    

    IMPORTANT: if its the first time you add a vlan and the interface has a DHCP protocol, change the device of the interface to make it works (see below with br-lan.100), else the device will not be accessible anymore.

    /etc/config/network

    config interface 'lan'
            option device 'br-lan.100'
            option proto 'dhcp'
    

    Set static ip to an interface

    /etc/config/network

    config device
            option name 'management'
            option type 'bridge'
            list ports 'lan8'
    
    config interface 'management'
            option device 'management'
            option proto 'static'
            option netmask '255.255.255.0'
            option ipaddr '192.168.20.1'
    

    Note: replace lan8, use ls -l /sys/class/net/ to find existing ports

    Select DNS Server for a network interface

    /etc/config/network

    config interface 'lan'
      ...
      list dns '192.168.2.227'
    

    dnsmasq with PXE

    /etc/dnsmasq.conf

    dhcp-match=set:ipxeclient,60,IPXEClient*
    dhcp-match=set:bios,60,PXEClient:Arch:00000
    dhcp-boot=tag:bios,netboot.xyz.kpxe,,192.168.4.146
    dhcp-match=set:efi32,60,PXEClient:Arch:00002
    dhcp-boot=tag:efi32,netboot.xyz.efi,,192.168.4.146
    dhcp-match=set:efi32-1,60,PXEClient:Arch:00006
    dhcp-boot=tag:efi32-1,netboot.xyz.efi,,192.168.4.146
    dhcp-match=set:efi64,60,PXEClient:Arch:00007
    dhcp-boot=tag:efi64,netboot.xyz.efi,,192.168.4.146
    dhcp-match=set:efi64-1,60,PXEClient:Arch:00008
    dhcp-boot=tag:efi64-1,netboot.xyz.efi,,192.168.4.146
    dhcp-match=set:efi64-2,60,PXEClient:Arch:00009
    dhcp-boot=tag:efi64-2,netboot.xyz.efi,,192.168.4.146
    

    Note:

    • ensure a tftp server is running at 192.168.4.146
    • not sure but i think it is only required if you need to change the default boot filenames .efi, .kpxe

    source

    Add static lease on the DHCP

    /etc/config/dhcp

    config host
            option ip '192.168.2.227'
            option mac '62:34:29:95:F9:56'
    

    Spanning Tree Protocol (STP)

    /etc/config/network

    config interface 'lan'
            ...
            option stp      1
    

    example in mesh

    Port Mirroring

    /etc/firewall.user

    iptables -A POSTROUTING -t mangle -o br-lan ! -s 192.168.2.227 -j TEE --gateway 192.168.2.227
    iptables -A PREROUTING -t mangle -i br-lan ! -d 192.168.2.227 -j TEE --gateway 192.168.2.227
    

    Note: require opkg install iptables-mod-tee kmod-ipt-tee

    Then /etc/init.d/firewall restart

    Source