You are here

Raspberry Pi as VLAN switch?

20 posts / 0 new
Last post
KD2EVR
KD2EVR's picture
Raspberry Pi as VLAN switch?
I have a Raspi in the shack connected via ethernet to my node to host meshchat and the onboard camera. 

I know enough to think it should be possible to bridge the WAN vlan of the node to my home router via wifi from the pi.  However, all the linux networking configuration tutorials I've found seem to assume I already know what I'm doing (big mistake). 

Can anyone walk me though it? 

PS I'd like the Pi to have internet access at the same time, either directly or roundabout through the node. 
 
W2TTT
W2TTT's picture
RPI Services

If you simply want access to the camera, meshchat and ssh servers on the RPi,  then define those services on the serving node's Port Forwarding table on the node's gui.
If you want access to them from outside your home, then you will need to forward ports on your home router in its forwarding table.  You will need to translate external ports to internal address and port combinations.  Some carriers block ports so you may need to experiment.

73,
Gordon, W2TTT
201.314.6964

 

KE6UPI
AREDN<->RasPi ETH0<->RasPi
AREDN<->RasPi ETH0<->RasPi WiFi <-> Home router. 

Bridge one network to another.

https://wiki.debian.org/BridgeNetworkConnections#Manual_bridge_setup

POS you will bridge your home network to the mesh. 
CON you will bridge the AREDN network to your home network. We will see your computers.
I would read up on iptables (Firewall rules)

I use a mikrotik router. I can route and firewall both networks. Cheap 100 bucks amazon or ebay.

David
 
KD2EVR
KD2EVR's picture
"CON you will bridge the

"CON you will bridge the AREDN network to your home network. We will see your computers."
That's not my intention - I simply want to give the node an internet connection, the same way you would with a managed switch to connect vlan1 to a WAN router. 
KG6JEI
Then bridge eth0.1 to WiFi.
Then bridge eth0.1 to WiFi.

NOTE: WiFi to Ethernet  bridging is a hodgepodge of issues, you will want to research them to understand all limitations this may have however it should provide st least a functional base to work with.
K5DLQ
K5DLQ's picture
get a VLAN switch
  • get a VLAN switch
  • plug your node into it
  • plug your Pi into it (node's LAN port)
  • plug your home network into the switch's WAN VLAN port
  • leave the "Mesh Gateway" unchecked.
Your node will have internet. (ie. home network access)
Your pi will have internet via the node. (ie. home network access)
You will NOT be "sharing" internet across the mesh
 
KD2EVR
KD2EVR's picture
Side question:
Side question:
If I keep "Mesh Gateway" checked, the entire mesh have internet access through my home internet connection. 
Can you confirm that in addition, anyone on the mesh will be essentially "inside" my home network? 

 
K5DLQ
K5DLQ's picture
Essentially yes.
Essentially yes.
If you get the "Mesh Gateway", you are broadcasting to the entire mesh that if their traffic cannot be routed locally, then, send it out YOUR "WAN" port.
KD2EVR
KD2EVR's picture
I got the part about everyone
I got the part about everyone having access to my WAN connection, but they also have access to my internal LAN unless special steps are taken to create a separate network (and I suspect the typical home router lacks the necessary features.)

In retrospect it seems obvious but I was not aware of it initially.  Perhaps some cautionary note should be added to the docs. 
 
KG6JEI
I believe there is already a
I believe there is already a small bit about that in the help file, 

"When a node has internet access from either the WAN or LAN, that access is available to the node itself and to any computer connected to the LAN port. When the Mesh Gateway is enabled this node will gate(route) traffic from the mesh onto this network and the internet. "

If you feel it isn't enough an enhancement ticket in bloodhound (http://bloodhound.aredn.org) wouldn't hurt (bonus points for a suggested wording)
KE0RSX
KE0RSX's picture
A possible alternative
Hi, there,
First of all, I realize this is an old thread. But in reading it, I realized that I may have an alternative to the problem you have with the mesh "seeing" your home network. My home router has a "Guest WiFi" capability, as well as the normal WiFi. It gives the devices internet access but isolates them from your home network. Using that, you could connect the R-Pi to the Guest WiFi instead of your normal WiFi. While the Mesh would be able to use your Internet, they wouldn't see your LAN at all.

Just my .02 worth in case someone else is considering this (especially since I'm considering almost the exact same setup as you have).

Have a great day. :)
Patrick.
W2TTT
W2TTT's picture
Gateway to Intetnet
Somewhere on the AREDN site there is a VLAN 1 SWITCH config with one port on the household router. Just set the node to gateway by checking the box. If you have no switch, do that but connect the node to the household switch. If it is a Nanostation use the primary port. 73, Gordon, W2TTT 201.314.6964
W2TTT
W2TTT's picture
Gateway to Intetnet
To clarify the difference between checking and not checking the gateway option, I was suggesting an architecture where your gateway wouldn't need a VLAN switch and instead would give your nodes and their devices access to to Internet. Both approaches work fine. For in-house use, I have been using old Bullets and AirGrid radios mostly on 5 GHz in an IoT type of mesh configuration. For EMCOMM, field deployments, this can simplify the local LAN deployments. Now.for other applications, we use VLAN switches, but usually in prepared packages. Experiment and enjoy! 73, Gordon Beattie, W2TTT 201.314.6964
KD2EVR
KD2EVR's picture
Lemme rephrase the question:
Lemme rephrase the question:
Can I replace the VLAN switch with a correctly configured linux computer? 
If so, does anyone have step-by-step instructions for said configuration they can share?
If not, never mind. 

 
KX5DX
Do you mean, as in having an
Do you mean, as in having an end-point device(in this case a linux PC) being able to talk directly to vlans, without a switch? 
Yes, you will need a NIC that supports tagging, like a server NIC or the higher end Intel NICs.
KG6JEI
Virtually all Linux nic have
Virtually all Linux nic have tagging support these days. I’m sure there is some unique card that doesn’t but the odds are the cards you will run across so Support tagging. Even the  low cost Realtek 10/100 cards support tagging.

As I noted above even the Pi can do it with the eth0.1 interface.

The real trick to all of this is being skilled enough at Linux networking to know how to do it. I’m sorry to say however I don’t have the time to sit down and do a step by step howto that goes into all the unique issues that can come up especially around WiFi bridging.

I’ll be honest your post above about the network switch is ultimately the easiest (and honestly more reliable way IMHO) to do it but it’s certainly not as rare a capability as high end server gear.
KD2EVR
KD2EVR's picture
So I had some success:
So I had some success:
Mesh node - ethernet - Ubuntu laptop - wifi - home router
edit connections>add>vlan
select eth0 as the parent interface (not "wired connection 1 as eth0")
select vlan id 1
under ipv4 settings tab select "shared to other computers"

on the node:
select: disable default route

Seems to work.  if I enable mesh gateway all the nodes get internet.
KE6UPI
Just my two cents. Once you
Just my two cents. Once you connect AREDN to your home network your compromised.

 M0N0wall has vlan support.

Amazon 4 port nic. http://a.co/iY8rXaI

You can use a MikroTik router. http://a.co/3xVVmkg i.e. not all MikroTik routers has 10/100/1000 ports. Also MikroTik does not support AREDN MESH network via WiFi. 

I use the MikroTik router. I configured it to have multiple LANs. I can use AREDN as a back up (2 WANs) if needed. 

But for fun check out HSMM-Pi. Google it. It worked for me. Play around with it..

David
KE6UPI
Sorry Thomas, Your first

Sorry Thomas, Your first questions was how to route Raspberry Pi's network port to WiFi.

Check this out. https://www.revsys.com/writings/quicktips/nat.html 
You'll still need to read up on iptables.

David

AA7AU
AA7AU's picture
Alternative to WiFi as second adapter connection

When you have already used eth0 and are needing a second network connection to/from a Raspberry PI, the natural inclination is to use WiFi/wlan0. I solved several issues doing this for a couple PI3s earlier, but then worried about all that extra 2.4G floating around and burning up power to produce heat, not to mention it felt kinda sloppy to use WiFi (I prefer hard-wired).

Then I realized that I could use an inexpensive 2.0 USB-to-Ethernet adapter for my second [wired] connection (eth1) and then turn off WiFi (and BT as well) on the PI3 (in boot/config.txt).

So, whether you're building a bridge or just wanting to stand in two different worlds/networks at the same time, get one and check it out. You can get a pack of two white ones at Amazon for $13 (and even write on them; you do NOT need or even want USB3):
https://smile.amazon.com/gp/product/B017NI9MAU


HTH.
- Don - AA7AU
 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer