blob: 10d543443054f47fb641c4093accca52a1a97c4b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
= NixOS as switch
The Linux system uses DSA to manage on board switch. DSA provides switch
configuration abstraction in such a way that every LAN port of the switch is
actually available for the network configuration. Thus switch configuration is
as simple as assigning the correct port to the bridge.
NOTE: The examples shown here are for Turris Mox with 4 port switch but
modification required for Omnia and other Mox configurations should be clear
from them.
The default single LAN setting would look something like this:
[sources,nix]
----
networking = {
bridges.brlan <3> = {
interfaces = [
"eth0" "lan1" "lan2" "lan3" "lan4" <2>
];
};
dhcpcd.allowInterfaces = [ "brlan" ]; <3>
};
----
<1> The bridge interface name.
<2> Bridge WAN port with all LAN ports. Note that this automatically disables
DHCP on these ports in NixOS.
<3> Set DHCP server on our new bridge as it ignores bridges automatically.
The more complex setup with VLANs might look like this. Let's consider that WAN
port is connected to the router that provides three VLANs and we want to assign
VLAN 1 to `lan1` and VLAN 2 to `lan2` while connecting `lan3` and `lan4` with
WAN. The VLAN100 is administation and switch should listen only on that network
with static IP.
[sources,nix]
----
networking = {
vlans = { <1>
"brlan.1" = {
id = 1;
interface = "brlan";
};
"brlan.2" = {
id = 2;
interface = "brlan";
};
"brlan.100" = {
id = 100;
interface = "brlan";
};
};
bridges = {
brlan.interfaces = [
"eth0" "lan3" "lan4" <2>
];
brlan1.interfaces = [
"brlan.1" "lan1"
];
brlan2.interfaces = [
"brlan.2" "lan2"
];
};
interfaces."brlan.100" = { <3>
ipv4 = {
addresses = [{
address = "192.168.100.42";
prefixLength = 24;
}];
};
};
defaultGateway = "192.168.100.1";
nameservers = [ "192.168.100.1" "1.1.1.1" "8.8.8.8" ];
networking.useDHCP = false; <4>
};
----
<1> Create VLAN interfaces used in bridges and to actually access the router.
<2> This bridge provides inteconnection between WAN and `lan3` and `lan4` while
serving as base for our VLANs.
<3> Static IPv4 configuration for our management port. The IPv6 should be
assigned by SLAAC.
<4> Disable DHCP as we do not want access to the router from any other interface
than statically configured one.
WARNING: The vlan filtering can't be easilly configured and obvious way of
adding `lan0.1` to `br1` and `lan0` to `br2` results in tagged traffic being
included in both `br1` and `br2`. The "correct" way of configuring the complex
example here would be by using single bridge and filtering VLANs.
|
