1*4882a593Smuzhiyun.. SPDX-License-Identifier: GPL-2.0 2*4882a593Smuzhiyun 3*4882a593Smuzhiyun======================================= 4*4882a593SmuzhiyunDSA switch configuration from userspace 5*4882a593Smuzhiyun======================================= 6*4882a593Smuzhiyun 7*4882a593SmuzhiyunThe DSA switch configuration is not integrated into the main userspace 8*4882a593Smuzhiyunnetwork configuration suites by now and has to be performed manualy. 9*4882a593Smuzhiyun 10*4882a593Smuzhiyun.. _dsa-config-showcases: 11*4882a593Smuzhiyun 12*4882a593SmuzhiyunConfiguration showcases 13*4882a593Smuzhiyun----------------------- 14*4882a593Smuzhiyun 15*4882a593SmuzhiyunTo configure a DSA switch a couple of commands need to be executed. In this 16*4882a593Smuzhiyundocumentation some common configuration scenarios are handled as showcases: 17*4882a593Smuzhiyun 18*4882a593Smuzhiyun*single port* 19*4882a593Smuzhiyun Every switch port acts as a different configurable Ethernet port 20*4882a593Smuzhiyun 21*4882a593Smuzhiyun*bridge* 22*4882a593Smuzhiyun Every switch port is part of one configurable Ethernet bridge 23*4882a593Smuzhiyun 24*4882a593Smuzhiyun*gateway* 25*4882a593Smuzhiyun Every switch port except one upstream port is part of a configurable 26*4882a593Smuzhiyun Ethernet bridge. 27*4882a593Smuzhiyun The upstream port acts as different configurable Ethernet port. 28*4882a593Smuzhiyun 29*4882a593SmuzhiyunAll configurations are performed with tools from iproute2, which is available 30*4882a593Smuzhiyunat https://www.kernel.org/pub/linux/utils/net/iproute2/ 31*4882a593Smuzhiyun 32*4882a593SmuzhiyunThrough DSA every port of a switch is handled like a normal linux Ethernet 33*4882a593Smuzhiyuninterface. The CPU port is the switch port connected to an Ethernet MAC chip. 34*4882a593SmuzhiyunThe corresponding linux Ethernet interface is called the master interface. 35*4882a593SmuzhiyunAll other corresponding linux interfaces are called slave interfaces. 36*4882a593Smuzhiyun 37*4882a593SmuzhiyunThe slave interfaces depend on the master interface. They can only brought up, 38*4882a593Smuzhiyunwhen the master interface is up. 39*4882a593Smuzhiyun 40*4882a593SmuzhiyunIn this documentation the following Ethernet interfaces are used: 41*4882a593Smuzhiyun 42*4882a593Smuzhiyun*eth0* 43*4882a593Smuzhiyun the master interface 44*4882a593Smuzhiyun 45*4882a593Smuzhiyun*lan1* 46*4882a593Smuzhiyun a slave interface 47*4882a593Smuzhiyun 48*4882a593Smuzhiyun*lan2* 49*4882a593Smuzhiyun another slave interface 50*4882a593Smuzhiyun 51*4882a593Smuzhiyun*lan3* 52*4882a593Smuzhiyun a third slave interface 53*4882a593Smuzhiyun 54*4882a593Smuzhiyun*wan* 55*4882a593Smuzhiyun A slave interface dedicated for upstream traffic 56*4882a593Smuzhiyun 57*4882a593SmuzhiyunFurther Ethernet interfaces can be configured similar. 58*4882a593SmuzhiyunThe configured IPs and networks are: 59*4882a593Smuzhiyun 60*4882a593Smuzhiyun*single port* 61*4882a593Smuzhiyun * lan1: 192.0.2.1/30 (192.0.2.0 - 192.0.2.3) 62*4882a593Smuzhiyun * lan2: 192.0.2.5/30 (192.0.2.4 - 192.0.2.7) 63*4882a593Smuzhiyun * lan3: 192.0.2.9/30 (192.0.2.8 - 192.0.2.11) 64*4882a593Smuzhiyun 65*4882a593Smuzhiyun*bridge* 66*4882a593Smuzhiyun * br0: 192.0.2.129/25 (192.0.2.128 - 192.0.2.255) 67*4882a593Smuzhiyun 68*4882a593Smuzhiyun*gateway* 69*4882a593Smuzhiyun * br0: 192.0.2.129/25 (192.0.2.128 - 192.0.2.255) 70*4882a593Smuzhiyun * wan: 192.0.2.1/30 (192.0.2.0 - 192.0.2.3) 71*4882a593Smuzhiyun 72*4882a593Smuzhiyun.. _dsa-tagged-configuration: 73*4882a593Smuzhiyun 74*4882a593SmuzhiyunConfiguration with tagging support 75*4882a593Smuzhiyun---------------------------------- 76*4882a593Smuzhiyun 77*4882a593SmuzhiyunThe tagging based configuration is desired and supported by the majority of 78*4882a593SmuzhiyunDSA switches. These switches are capable to tag incoming and outgoing traffic 79*4882a593Smuzhiyunwithout using a VLAN based configuration. 80*4882a593Smuzhiyun 81*4882a593Smuzhiyunsingle port 82*4882a593Smuzhiyun~~~~~~~~~~~ 83*4882a593Smuzhiyun 84*4882a593Smuzhiyun.. code-block:: sh 85*4882a593Smuzhiyun 86*4882a593Smuzhiyun # configure each interface 87*4882a593Smuzhiyun ip addr add 192.0.2.1/30 dev lan1 88*4882a593Smuzhiyun ip addr add 192.0.2.5/30 dev lan2 89*4882a593Smuzhiyun ip addr add 192.0.2.9/30 dev lan3 90*4882a593Smuzhiyun 91*4882a593Smuzhiyun # The master interface needs to be brought up before the slave ports. 92*4882a593Smuzhiyun ip link set eth0 up 93*4882a593Smuzhiyun 94*4882a593Smuzhiyun # bring up the slave interfaces 95*4882a593Smuzhiyun ip link set lan1 up 96*4882a593Smuzhiyun ip link set lan2 up 97*4882a593Smuzhiyun ip link set lan3 up 98*4882a593Smuzhiyun 99*4882a593Smuzhiyunbridge 100*4882a593Smuzhiyun~~~~~~ 101*4882a593Smuzhiyun 102*4882a593Smuzhiyun.. code-block:: sh 103*4882a593Smuzhiyun 104*4882a593Smuzhiyun # The master interface needs to be brought up before the slave ports. 105*4882a593Smuzhiyun ip link set eth0 up 106*4882a593Smuzhiyun 107*4882a593Smuzhiyun # bring up the slave interfaces 108*4882a593Smuzhiyun ip link set lan1 up 109*4882a593Smuzhiyun ip link set lan2 up 110*4882a593Smuzhiyun ip link set lan3 up 111*4882a593Smuzhiyun 112*4882a593Smuzhiyun # create bridge 113*4882a593Smuzhiyun ip link add name br0 type bridge 114*4882a593Smuzhiyun 115*4882a593Smuzhiyun # add ports to bridge 116*4882a593Smuzhiyun ip link set dev lan1 master br0 117*4882a593Smuzhiyun ip link set dev lan2 master br0 118*4882a593Smuzhiyun ip link set dev lan3 master br0 119*4882a593Smuzhiyun 120*4882a593Smuzhiyun # configure the bridge 121*4882a593Smuzhiyun ip addr add 192.0.2.129/25 dev br0 122*4882a593Smuzhiyun 123*4882a593Smuzhiyun # bring up the bridge 124*4882a593Smuzhiyun ip link set dev br0 up 125*4882a593Smuzhiyun 126*4882a593Smuzhiyungateway 127*4882a593Smuzhiyun~~~~~~~ 128*4882a593Smuzhiyun 129*4882a593Smuzhiyun.. code-block:: sh 130*4882a593Smuzhiyun 131*4882a593Smuzhiyun # The master interface needs to be brought up before the slave ports. 132*4882a593Smuzhiyun ip link set eth0 up 133*4882a593Smuzhiyun 134*4882a593Smuzhiyun # bring up the slave interfaces 135*4882a593Smuzhiyun ip link set wan up 136*4882a593Smuzhiyun ip link set lan1 up 137*4882a593Smuzhiyun ip link set lan2 up 138*4882a593Smuzhiyun 139*4882a593Smuzhiyun # configure the upstream port 140*4882a593Smuzhiyun ip addr add 192.0.2.1/30 dev wan 141*4882a593Smuzhiyun 142*4882a593Smuzhiyun # create bridge 143*4882a593Smuzhiyun ip link add name br0 type bridge 144*4882a593Smuzhiyun 145*4882a593Smuzhiyun # add ports to bridge 146*4882a593Smuzhiyun ip link set dev lan1 master br0 147*4882a593Smuzhiyun ip link set dev lan2 master br0 148*4882a593Smuzhiyun 149*4882a593Smuzhiyun # configure the bridge 150*4882a593Smuzhiyun ip addr add 192.0.2.129/25 dev br0 151*4882a593Smuzhiyun 152*4882a593Smuzhiyun # bring up the bridge 153*4882a593Smuzhiyun ip link set dev br0 up 154*4882a593Smuzhiyun 155*4882a593Smuzhiyun.. _dsa-vlan-configuration: 156*4882a593Smuzhiyun 157*4882a593SmuzhiyunConfiguration without tagging support 158*4882a593Smuzhiyun------------------------------------- 159*4882a593Smuzhiyun 160*4882a593SmuzhiyunA minority of switches are not capable to use a taging protocol 161*4882a593Smuzhiyun(DSA_TAG_PROTO_NONE). These switches can be configured by a VLAN based 162*4882a593Smuzhiyunconfiguration. 163*4882a593Smuzhiyun 164*4882a593Smuzhiyunsingle port 165*4882a593Smuzhiyun~~~~~~~~~~~ 166*4882a593SmuzhiyunThe configuration can only be set up via VLAN tagging and bridge setup. 167*4882a593Smuzhiyun 168*4882a593Smuzhiyun.. code-block:: sh 169*4882a593Smuzhiyun 170*4882a593Smuzhiyun # tag traffic on CPU port 171*4882a593Smuzhiyun ip link add link eth0 name eth0.1 type vlan id 1 172*4882a593Smuzhiyun ip link add link eth0 name eth0.2 type vlan id 2 173*4882a593Smuzhiyun ip link add link eth0 name eth0.3 type vlan id 3 174*4882a593Smuzhiyun 175*4882a593Smuzhiyun # The master interface needs to be brought up before the slave ports. 176*4882a593Smuzhiyun ip link set eth0 up 177*4882a593Smuzhiyun ip link set eth0.1 up 178*4882a593Smuzhiyun ip link set eth0.2 up 179*4882a593Smuzhiyun ip link set eth0.3 up 180*4882a593Smuzhiyun 181*4882a593Smuzhiyun # bring up the slave interfaces 182*4882a593Smuzhiyun ip link set lan1 up 183*4882a593Smuzhiyun ip link set lan2 up 184*4882a593Smuzhiyun ip link set lan3 up 185*4882a593Smuzhiyun 186*4882a593Smuzhiyun # create bridge 187*4882a593Smuzhiyun ip link add name br0 type bridge 188*4882a593Smuzhiyun 189*4882a593Smuzhiyun # activate VLAN filtering 190*4882a593Smuzhiyun ip link set dev br0 type bridge vlan_filtering 1 191*4882a593Smuzhiyun 192*4882a593Smuzhiyun # add ports to bridges 193*4882a593Smuzhiyun ip link set dev lan1 master br0 194*4882a593Smuzhiyun ip link set dev lan2 master br0 195*4882a593Smuzhiyun ip link set dev lan3 master br0 196*4882a593Smuzhiyun 197*4882a593Smuzhiyun # tag traffic on ports 198*4882a593Smuzhiyun bridge vlan add dev lan1 vid 1 pvid untagged 199*4882a593Smuzhiyun bridge vlan add dev lan2 vid 2 pvid untagged 200*4882a593Smuzhiyun bridge vlan add dev lan3 vid 3 pvid untagged 201*4882a593Smuzhiyun 202*4882a593Smuzhiyun # configure the VLANs 203*4882a593Smuzhiyun ip addr add 192.0.2.1/30 dev eth0.1 204*4882a593Smuzhiyun ip addr add 192.0.2.5/30 dev eth0.2 205*4882a593Smuzhiyun ip addr add 192.0.2.9/30 dev eth0.3 206*4882a593Smuzhiyun 207*4882a593Smuzhiyun # bring up the bridge devices 208*4882a593Smuzhiyun ip link set br0 up 209*4882a593Smuzhiyun 210*4882a593Smuzhiyun 211*4882a593Smuzhiyunbridge 212*4882a593Smuzhiyun~~~~~~ 213*4882a593Smuzhiyun 214*4882a593Smuzhiyun.. code-block:: sh 215*4882a593Smuzhiyun 216*4882a593Smuzhiyun # tag traffic on CPU port 217*4882a593Smuzhiyun ip link add link eth0 name eth0.1 type vlan id 1 218*4882a593Smuzhiyun 219*4882a593Smuzhiyun # The master interface needs to be brought up before the slave ports. 220*4882a593Smuzhiyun ip link set eth0 up 221*4882a593Smuzhiyun ip link set eth0.1 up 222*4882a593Smuzhiyun 223*4882a593Smuzhiyun # bring up the slave interfaces 224*4882a593Smuzhiyun ip link set lan1 up 225*4882a593Smuzhiyun ip link set lan2 up 226*4882a593Smuzhiyun ip link set lan3 up 227*4882a593Smuzhiyun 228*4882a593Smuzhiyun # create bridge 229*4882a593Smuzhiyun ip link add name br0 type bridge 230*4882a593Smuzhiyun 231*4882a593Smuzhiyun # activate VLAN filtering 232*4882a593Smuzhiyun ip link set dev br0 type bridge vlan_filtering 1 233*4882a593Smuzhiyun 234*4882a593Smuzhiyun # add ports to bridge 235*4882a593Smuzhiyun ip link set dev lan1 master br0 236*4882a593Smuzhiyun ip link set dev lan2 master br0 237*4882a593Smuzhiyun ip link set dev lan3 master br0 238*4882a593Smuzhiyun ip link set eth0.1 master br0 239*4882a593Smuzhiyun 240*4882a593Smuzhiyun # tag traffic on ports 241*4882a593Smuzhiyun bridge vlan add dev lan1 vid 1 pvid untagged 242*4882a593Smuzhiyun bridge vlan add dev lan2 vid 1 pvid untagged 243*4882a593Smuzhiyun bridge vlan add dev lan3 vid 1 pvid untagged 244*4882a593Smuzhiyun 245*4882a593Smuzhiyun # configure the bridge 246*4882a593Smuzhiyun ip addr add 192.0.2.129/25 dev br0 247*4882a593Smuzhiyun 248*4882a593Smuzhiyun # bring up the bridge 249*4882a593Smuzhiyun ip link set dev br0 up 250*4882a593Smuzhiyun 251*4882a593Smuzhiyungateway 252*4882a593Smuzhiyun~~~~~~~ 253*4882a593Smuzhiyun 254*4882a593Smuzhiyun.. code-block:: sh 255*4882a593Smuzhiyun 256*4882a593Smuzhiyun # tag traffic on CPU port 257*4882a593Smuzhiyun ip link add link eth0 name eth0.1 type vlan id 1 258*4882a593Smuzhiyun ip link add link eth0 name eth0.2 type vlan id 2 259*4882a593Smuzhiyun 260*4882a593Smuzhiyun # The master interface needs to be brought up before the slave ports. 261*4882a593Smuzhiyun ip link set eth0 up 262*4882a593Smuzhiyun ip link set eth0.1 up 263*4882a593Smuzhiyun ip link set eth0.2 up 264*4882a593Smuzhiyun 265*4882a593Smuzhiyun # bring up the slave interfaces 266*4882a593Smuzhiyun ip link set wan up 267*4882a593Smuzhiyun ip link set lan1 up 268*4882a593Smuzhiyun ip link set lan2 up 269*4882a593Smuzhiyun 270*4882a593Smuzhiyun # create bridge 271*4882a593Smuzhiyun ip link add name br0 type bridge 272*4882a593Smuzhiyun 273*4882a593Smuzhiyun # activate VLAN filtering 274*4882a593Smuzhiyun ip link set dev br0 type bridge vlan_filtering 1 275*4882a593Smuzhiyun 276*4882a593Smuzhiyun # add ports to bridges 277*4882a593Smuzhiyun ip link set dev wan master br0 278*4882a593Smuzhiyun ip link set eth0.1 master br0 279*4882a593Smuzhiyun ip link set dev lan1 master br0 280*4882a593Smuzhiyun ip link set dev lan2 master br0 281*4882a593Smuzhiyun 282*4882a593Smuzhiyun # tag traffic on ports 283*4882a593Smuzhiyun bridge vlan add dev lan1 vid 1 pvid untagged 284*4882a593Smuzhiyun bridge vlan add dev lan2 vid 1 pvid untagged 285*4882a593Smuzhiyun bridge vlan add dev wan vid 2 pvid untagged 286*4882a593Smuzhiyun 287*4882a593Smuzhiyun # configure the VLANs 288*4882a593Smuzhiyun ip addr add 192.0.2.1/30 dev eth0.2 289*4882a593Smuzhiyun ip addr add 192.0.2.129/25 dev br0 290*4882a593Smuzhiyun 291*4882a593Smuzhiyun # bring up the bridge devices 292*4882a593Smuzhiyun ip link set br0 up 293