Help with cpmaccfg / multiple VLAN's

[mtp]

Hi there,

First of all I'd like to apologize for posting in English. Unfortunately I don't speak German and therefor have problems understanding the posts in this forum.

Last week I bought a Fritzbox 7170 to replace my Linksys WRT54GL router. I want my Fritzbox to use the DSL interface as uplink, have ethernet port 1+2+3 and WLAN in one VLAN and ethernet port 4 in a different VLAN.

I know the working of cpmaccfg is very well documented on this page:

http://www.freetz.org/wiki/help/howtos/security/switch_config

...but unfortunately Google Translate doesn't succeed in giving me a good translation.

Can anybody give me some hints how to fix this?

 

[joesy23]

What is the problem? I understand that you want to split the switch in two devices.

Joesy

 

[mtp]

What is the problem? I understand that you want to split the switch in two devices.

First of all, thank you for responding. Let me describe my situation:

With my Linksys WRT54GL I configured two different network:

- One network that consists of switchport 1-3 bridged to the wireless device, range: 10.0.0.0/27
- One network that consists of switchport 4, range: 10.0.0.32/28

I use the first network for personal equipment, and I connected an extra wireless access point to the second network for public usage.

My problem is that I have difficulties understanding the inner workings of cpmaccfg described at the Freetz wiki. Ofcourse I have already looked at the output of the binary itself but I'm still a bit puzzled.

Having a decent translation of said wiki page would probably help me a lot, but as I realize this is too much to ask maybe someone can give me some directions on how to set this up.

 

[joesy23]

@mtp
I will try to give you a short description to configure.

You have to use FREETZ to build your own firmware. Otherwise you don't have the necessary modules to split and configure the switch. You can use the FREETZ package CPMACCFG-GUI to configure the switch.

I will describe the steps to manually configure the switch.

To configure the switch you need to know the value of each port to define the desired portmask. You have to include the cpu port to each interface so the fritzbox can "see" the traffic:

LAN 1 = 0x01
LAN 2 = 0x02
LAN 3 = 0x04
LAN 4 = 0x08
CPU-Port = 0x20

If you want to split the switch in two device eth0 with lan1-lan3 and eth0 with lan4 you can use the following commands to define and activate the settings:

cpmaccfg ssms eth0 0x27 eth1 0x28
cpmaccfg ssm special

Normally the fritzbox put all interfaces in a bridge. To have different interface you have to unselect the option 'Alle Computer befinden sich im selben Netzwerk' to enable the router mode. Then you have three interfaces eth0, eth1 and wlan.

Then you can use ifconfig to configure the interfaces. With brctl you can bridge wlan and eth0. But the fritzbox will route all packets between the interfaces. You need iptables to separate the interfaces.

Joesy

 

[mtp]

@mtp
I will try to give you a short description to configure.

You have to use FREETZ to build your own firmware. Otherwise you don't have the necessary modules to split and configure the switch. You can use the FREETZ package CPMACCFG-GUI to configure the switch.

I will describe the steps to manually configure the switch.

To configure the switch you need to know the value of each port to define the desired portmask. You have to include the cpu port to each interface so the fritzbox can "see" the traffic:

LAN 1 = 0x01
LAN 2 = 0x02
LAN 3 = 0x04
LAN 4 = 0x08
CPU-Port = 0x20

If you want to split the switch in two device eth0 with lan1-lan3 and eth0 with lan4 you can use the following commands to define and activate the settings:

cpmaccfg ssms eth0 0x27 eth1 0x28
cpmaccfg ssm special

Normally the fritzbox put all interfaces in a bridge. To have different interface you have to unselect the option 'Alle Computer befinden sich im selben Netzwerk' to enable the router mode. Then you have three interfaces eth0, eth1 and wlan.

Then you can use ifconfig to configure the interfaces. With brctl you can bridge wlan and eth0. But the fritzbox will route all packets between the interfaces. You need iptables to separate the interfaces.

Joesy

First of all, thank you for your thorough explanation Joesy!

I was already aware I had to run Freetz. In fact, my 7170 already runs a custom image I had created.

The only thing I'm not quite sure about is the cpmaccfg gui - I can't find a package for it. However, I think I can work out a working solution with the command-line tool thanks to your help.

Cheers,

Maarten

 

[mtp]

The only thing I'm not quite sure about is the cpmaccfg gui - I can't find a package for it. However, I think I can work out a working solution with the command-line tool thanks to your help.

OK, I now understand I have to use the checkout the SVN trunk to get the latest features. I did so, but it will take me some time to get the beta-firmware from AVM to work. I'm getting the "The specified file does not contain any valid firmware for your device" error, which seems to be well documented here:

http://www.ip-phone-forum.de/showthread.php?t=97250&highlight=/proc/sys/urlader/environment

Anyway, I'm slowly making progress...