Member
dan
Posts: 101
Registered: ‎03-10-2008
Posts: 101
Kudos: 5
Registered: 03-10-2008

VLAN Support on Nanostations - example scripts available...

Hi Guys, after much testing we now have successful VLAN support within our network using the following example configs...

Background

We have a management VLAN of 10.10.x.x/16 and realworld IP's for customers NAT'ing on a different VLAN. The Nanostations all end up with default gateway in all configurations of the management VLAN's default gateway so we can reach them all from our NOC.

Example 1 - Tagging all customer traffic on ethernet port onto specific customer VLAN without NAT + Management VLAN 5

################2.4ghz SM###################
#
route del default gw 0.0.0.0
#
ifconfig br0 0.0.0.0
ifconfig br0 down
brctl delif br0 eth0
brctl delif br0 ath0
brctl delbr br0
#
vconfig add ath0 5
ifconfig ath0.5 10.10.1.50 netmask 255.255.0.0 up
#
route add default gw 10.10.254.254 ath0.5
#
brctl addbr br131
vconfig add ath0 131
ifconfig ath0.131 up
brctl addif br131 ath0.131
#
brctl addif br131 eth0
ifconfig br131 0.0.0.0 up



Example 2 - Tagging all customer traffic on ethernet port onto specific customer VLAN with NAT


## NAT onto customer VLAN (management is from customer IP)
#
route del default gw 0.0.0.0
#
ifconfig br0 0.0.0.0
ifconfig br0 down
brctl delif br0 eth0
brctl delif br0 ath0
brctl delbr br0

vconfig add ath0 5
ifconfig ath0.5 222.222.15.38 netmask 255.255.255.128 up
route add default gw 222.222.15.126 ath0.5

iptables -t nat -I POSTROUTING -o ath0.5 -j MASQUERADE
iptables -t nat -D POSTROUTING 2
iptables -t nat -I PREROUTING -i ath0.5 -j PORTFORWARD
iptables -t nat -D PREROUTING 2



Example 3 - Tagging all ingress wireless AP traffic and placing onto VLAN for the likes of hotspot use + Management VLAN



################AP Hotspot######################
#
ifconfig ath0 0.0.0.0
ifconfig br0 down
brctl delif br0 ath0
brctl delif br0 eth0
brctl delbr br0
# local IP address on ethernet interface so we can manage while installing
ifconfig eth0 192.168.1.20 netmask 255.255.255.0 up
#
#
vconfig add eth0 5
ifconfig eth0.5 10.10.24.51 netmask 255.255.0.0 up
route del default gw 0.0.0.0
route add default gw 10.10.254.254 eth0.5
#
brctl addbr br10
vconfig add eth0 10
ifconfig eth0.10 0.0.0.0 up
brctl addif br10 eth0.10
ifconfig ath0 0.0.0.0 up
brctl addif br10 ath0
ifconfig br10 up


Example 4 - Downstream 5GHz Backhaul Subscriber unit with above AP connected via ethernet behind, allowing pass-through of necessary VLANs

################5ghz SM###################
#
ifconfig ath0 0.0.0.0
route del default gw 0.0.0.0
#
brctl addbr br5
vconfig add ath0 5
ifconfig ath0.5 up
brctl addif br5 ath0.5
ifconfig br5 10.10.22.51 netmask 255.255.0.0 up
#
route add default gw 10.10.254.254 br5
#
vconfig add eth0 5
ifconfig eth0.5 up
brctl addif br5 eth0.5
#
brctl addbr br10
vconfig add ath0 10
ifconfig ath0.10 up
brctl addif br10 ath0.10
#
vconfig add eth0 10
ifconfig eth0.10 up
brctl addif br10 eth0.10
ifconfig br10 0.0.0.0 up


The fine print

These scripts can be placed into the following file and then written to memory.


/etc/persistent/rc.poststart


Remember if the script isn't quite correct it may brick the radio to a point where you'll need to perform the full reset procedure. We normally run the script manually first which will apply the changes without making them permanent.
To commit the changes to the radio type the following and reset...


cfgmtd -w -p /etc/
reset


Any other questions please contact me and we will be happy to assist.

Kind Regards

Dan Clark
Technical Manager
UniFone New Zealand Ltd
Established Member
MaximumISP
Posts: 1,650
Registered: ‎01-11-2008
Posts: 1650
Kudos: 240
Registered: 01-11-2008

Re: VLAN Support on Nanostations - example scripts available...

Nice work Dan

Member
Airwip
Posts: 222
Registered: ‎11-26-2007
Posts: 222
Kudos: 6
Registered: 11-26-2007

Re: VLAN Support on Nanostations - example scripts available...

should be no big thing to intigrate that in the gui with a cgi..only change i suggest is may to not write it direktly in the /etc/persistent/rc.poststart.
I would place it in /etc/persistent as a seperat file an call it then from rc.poststart.
That way its a little easyer to write a cgi with a mechanism to prevent wrong ore
unlogical configuration. How ever it is posible to build such with the sdk.

But if i understud it right you want it done buy ubnt for the next version.
Established Member
drwho17
Posts: 2,046
Registered: ‎08-02-2008
Posts: 2046
Kudos: 118
Solutions: 3
Registered: 08-02-2008

Re: VLAN Support on Nanostations - example scripts available...

Dan, have you tried to write a file.cgi and place it in /etc/persistent/www yet? I've been messing around with it, and can't seem to get cgi's to run out of that directory, although boa.conf says it's a script alias, and the cgi extension mime should apply. I can serve up HTML and add start scripts fine from /etc/persistent/www, just can't run cgi's through boa from it.
Established Member
sbyrd
Posts: 786
Registered: ‎07-28-2009
Posts: 786
Kudos: 139
Solutions: 5
Registered: 07-28-2009

Re: VLAN Support on Nanostations - example scripts available...

Dan,

We have a vlan setup where the AP has a management vlan of 1504 and managed on the 10.150.4.x network. It passes customer vlan traffic of 1054. The connected SM has the same management vlan and ip scheme. It also tags all incoming ethernet traffic onto customer vlan 1054 as it passes out the wireless interface.

I have used your examples and have gotten vlans to work using the following configs:

#####NS5 AP############
#----Vlan Constants----
MVLAN_ID=1504
VLAN1_ID=1054
#----------------------
#
#Clear out wireless interface ip address
ifconfig ath0 0.0.0.0
#Bring down and destroy default bridge
ifconfig br0 down
brctl delif br0 ath0
brctl delif br0 eth0
brctl delbr br0
#
#--------------------------------------------------------------------
#Create and configure Management Vlan bridge (Allows pass-thru to SM)
#--------------------------------------------------------------------
#Create bridge for management vlan
brctl addbr br${MVLAN_ID}

#Add mvlan onto ethernet/wireless interface
vconfig add eth0 ${MVLAN_ID}
vconfig add ath0 ${MVLAN_ID}

#Bring up mvlanned interfaces with defaults
ifconfig eth0.${MVLAN_ID} 0.0.0.0 up
ifconfig ath0.${MVLAN_ID} 0.0.0.0 up

#Attach mvlanned ethernet/wireless interface to bridge
brctl addif br${MVLAN_ID} eth0.${MVLAN_ID}
brctl addif br${MVLAN_ID} ath0.${MVLAN_ID}

#Configure ip address for mvlanned bridge
ifconfig br${MVLAN_ID} 10.150.4.10 netmask 255.255.255.0 up
route del default gw 0.0.0.0
route add default gw 10.150.4.1 br${MVLAN_ID}
#
#---------------------------------------------------------------------
#Create bridges to pass through customer vlans
#---------------------------------------------------------------------
#Create bridge for customer vlan1
brctl addbr br${VLAN1_ID}
#
#Add vlan onto wireless/ethernet interfaces
vconfig add ath0 ${VLAN1_ID}
vconfig add eth0 ${VLAN1_ID}
#
#Bring up vlanned interfaces with defaults
ifconfig ath0.${VLAN1_ID} 0.0.0.0 up
ifconfig eth0.${VLAN1_ID} 0.0.0.0 up
#
#Attach vlanned wireless/ethernet interface to bridge
brctl addif br${VLAN1_ID} ath0.${VLAN1_ID}
brctl addif br${VLAN1_ID} eth0.${VLAN1_ID}
#
#Bring up bridge with defaults
ifconfig br${VLAN1_ID} 0.0.0.0 up

and

#####NS5 SM########
#----Vlan Constants----
MVLAN_ID=1504
VLAN_ID=1054
#----------------------
#
#Delete default gateway from device
route del default gw 0.0.0.0
#
#Bring down and destroy default bridge
ifconfig br0 0.0.0.0
ifconfig br0 down
brctl delif br0 ath0
brctl delif br0 eth0
brctl delbr br0
#
#---------------------------------------------------------------
#Create and configure Management Vlan
#---------------------------------------------------------------
#Add MVlan onto wireless interface and configure ip address
vconfig add ath0 ${MVLAN_ID}
ifconfig ath0.${MVLAN_ID} 10.150.4.11 netmask 255.255.255.0 up
route add default gw 10.150.4.1 ath0.${MVLAN_ID}
#
#---------------------------------------------------------------
#Tag ethernet traffic as it passes to wireless interface
#---------------------------------------------------------------
#Create bridge for customer vlan
brctl addbr br${VLAN_ID}
#
#Add vlan onto wireless interface
vconfig add ath0 ${VLAN_ID}
#
#Attach vlanned wireless/untagged ethernet interface to bridge
brctl addif br${VLAN_ID} ath0.${VLAN_ID}
brctl addif br${VLAN_ID} eth0
#
#Bring up interfaces with defaults
ifconfig ath0.${VLAN_ID} 0.0.0.0 up
ifconfig eth0 0.0.0.0 up
#
#Bring up bridges with defaults
ifconfig br${VLAN_ID} up


The problem I am having is that if I enable wireless encryption in AirOS, I loose connection to the SM(will not register to AP). I still can manage the AP. Once the encryption is removed the link works again. I believe this has to do with the encryption being setup before the rc.poststart script runs.

Do you know how can I have vlan tagging and use wireless encryption to secure my link? Is there a way to setup encryption in rc.poststart?
New Member
rigbyorange
Posts: 26
Registered: ‎08-22-2008
Posts: 26
Registered: 08-22-2008

Re: VLAN Support on Nanostations - example scripts available...

Hello,
I have read through these examples and am still looking for an example to resolve the following:

Place Nanostation into AP mode.
Need 2 different SSID broadcast.
Traffic from client (laptop) to Nanostation is untagged.
Tag traffic based on SSID and place each on different VLAN on wire.

Thanks,
Member
dan
Posts: 101
Registered: ‎03-10-2008
Posts: 101
Kudos: 5
Registered: 03-10-2008

Re: VLAN Support on Nanostations - example scripts available...

Gidday, we have built a modification to the GUI. This will allow everything from tagging voice traffic onto a seperate VLAN, additional SSID's on seperate VLAN's, all ingres ethernet traffic onto seperate VLAN.

Regards
Dan
New Member
rigbyorange
Posts: 26
Registered: ‎08-22-2008
Posts: 26
Registered: 08-22-2008

Re: VLAN Support on Nanostations - example scripts available...

Dan,
I am glad to hear that you have made this modification to the gui. Is this available for download to the public?

Thanks,
New Member
jmbo
Posts: 13
Registered: ‎12-08-2008
Posts: 13
Registered: 12-08-2008

Re: VLAN Support on Nanostations - example scripts available...

Hi,
does this works in bridge mode ?
JMB
New Member
jmbo
Posts: 13
Registered: ‎12-08-2008
Posts: 13
Registered: 12-08-2008

Re: VLAN Support on Nanostations - example scripts available...

Hi,

does this works in bridge mode ?

JMB



reply to myself : YES
New Member
PCaddict
Posts: 31
Registered: ‎05-26-2008
Posts: 31
Kudos: 1
Registered: 05-26-2008

good scripts some adding for me and question for coders :P

Hi , im not a coders to let you know at first....

I try to get dhcp address for the management vlan... if i do it by ssh and it's work perfectly , but if i do it in the scripts , the device lock , i can ping it at 192.168.1.20 because i put the ip on the client bridge. But no ssh and no Web interface. I have to do a recovery to get acces again to the NS2. Here a copy of my config. I add mac-nat to the client interface to get pppoe work from the client. So advice are welcome

#####NS2 SM########
#----Vlan Constants----
MVLAN_ID=1000
VLAN_ID=1001
#----------------------
#
#Delete default gateway from device
route del default gw 0.0.0.0
#
#Bring down and destroy default bridge
ifconfig br0 0.0.0.0
ifconfig br0 down
brctl delif br0 ath0
brctl delif br0 eth0
brctl delbr br0
#
#---------------------------------------------------------------
#Create and configure Management Vlan
#---------------------------------------------------------------
#Add MVlan onto wireless interface and configure ip address
vconfig add ath0 ${MVLAN_ID}
# Change ip address below if you use static ip address
ifconfig ath0.${MVLAN_ID} 0.0.0.0 up
#Activate DHCP Client over Management VLAN Interface
udhcpc -i ath0.${MVLAN_ID} -s /etc/udhcpc/udhcpc
#Remove comment below and change the ip for your gw for static IP
#route add default gw 10.100.100.1 ath0.${MVLAN_ID}
#
#---------------------------------------------------------------
#Tag ethernet traffic as it passes to wireless interface
#---------------------------------------------------------------
#Create bridge for customer vlan
brctl addbr br${VLAN_ID}
#
#Add vlan onto wireless interface
vconfig add ath0 ${VLAN_ID}
#
#Attach vlanned wireless/untagged ethernet interface to bridge
brctl addif br${VLAN_ID} ath0.${VLAN_ID}
brctl addif br${VLAN_ID} eth0
#
#Bring up interfaces with defaults
ifconfig ath0.${VLAN_ID} 0.0.0.0 up
ifconfig eth0 0.0.0.0 up
ifconfig br${VLAN_ID} 192.168.1.20
#
#Bring up bridges with defaults
ifconfig br${VLAN_ID} up
#mac-nat over client Vlan
ebtables -t nat -A PREROUTING --in-interface ath0.${VLAN_ID} -j arpnat --arpnat-target ACCEPT
ebtables -t nat -A POSTROUTING --out-interface ath0.${VLAN_ID} -j arpnat --arpnat-target ACCEPT
New Member
PCaddict
Posts: 31
Registered: ‎05-26-2008
Posts: 31
Kudos: 1
Registered: 05-26-2008

Re: VLAN Support on Nanostations - example scripts available...

ok i think i just figure out... It's waiting for the ip address for the dhcp server , but is not linked when the script is call... i just have to put the dhcp client at the end...
Newbie
tierpath
Posts: 4
Registered: ‎10-18-2009
Posts: 4
Registered: 10-18-2009

Re: VLAN Support on Nanostations - example scripts available...

Hey, I just saw this, Were the modifications ever posted?
Member
bwatson
Posts: 214
Registered: ‎07-22-2009
Posts: 214
Kudos: 10
Registered: 07-22-2009

Re: VLAN Support on Nanostations - example scripts available...

Was the GUI VLAN firmware ever released to the public?
Member
spirited
Posts: 112
Registered: ‎10-27-2009
Posts: 112
Registered: 10-27-2009

Great to see this, but

is the rc file to be created or does it exist already> as I can find in the Os5 version....
Member
spirited
Posts: 112
Registered: ‎10-27-2009
Posts: 112
Registered: 10-27-2009

Re: VLAN Support on Nanostations - example scripts available...

Hey SBYRD,
I configed the AP as you had shared, and cant access Rocket5M anymore.
Here is my switchport config, how did you have your to allow continued access
(my managed vlan is 3, customer 331)

interface FastEthernet0/6
description ROCKET AP
switchport trunk native vlan 3
switchport trunk allowed vlan 3,331
switchport mode trunk
switchport nonegotiate
speed 10
duplex full
mls qos trust cos
auto qos voip trust
macro description cisco-switch
spanning-tree link-type point-to-point

(I have tried with the native vlan on and off)
Member
RavenWing71
Posts: 243
Registered: ‎11-15-2008
Posts: 243
Kudos: 37
Registered: 11-15-2008

Re: VLAN Support on Nanostations - example scripts available...


Remember if the script isn't quite correct it may brick the radio to a point where you'll need to perform the full reset procedure. We normally run the script manually first which will apply the changes without making them permanent.

OK, I know I'm being a nubie but:
How are you running the script manually? From reading through the init scripts, the rc.poststart isn't strictly speaking a script. It is imported into the init script through an include statement...
Humble.. Humble..
Doh...
sh rc.poststart
Established Member
sbyrd
Posts: 786
Registered: ‎07-28-2009
Posts: 786
Kudos: 139
Solutions: 5
Registered: 07-28-2009

Re: VLAN Support on Nanostations - example scripts available...

Hey SBYRD,
I configed the AP as you had shared, and cant access Rocket5M anymore.
Here is my switchport config, how did you have your to allow continued access
(my managed vlan is 3, customer 331)

interface FastEthernet0/6
description ROCKET AP
switchport trunk native vlan 3
switchport trunk allowed vlan 3,331
switchport mode trunk
switchport nonegotiate
speed 10
duplex full
mls qos trust cos
auto qos voip trust
macro description cisco-switch
spanning-tree link-type point-to-point

(I have tried with the native vlan on and off)


For one I do not believe Rockets or any M series units support Vlan tagging just yet. Also below you will find an updated config for Vlan tagging on the AP and SM for non M series devices. I was able to fix my problem with vlans not working when encryption is enabled. Encryption only works on br0.


#----NS5 AP-----------
#----Vlan Constants----
MVLAN_ID=1504
VLAN1_ID=2018
#----------------------
#----IP Address--------
IP_ADDR=10.150.4.12
GATEWAY=10.150.4.1
#----------------------
#Clear out wireless interface ip address
ifconfig ath0 0.0.0.0
#Bring down and destroy default bridge
ifconfig br0 down
brctl delif br0 ath0
brctl delif br0 eth0
brctl delbr br0
#
#--------------------------------------------------------------------
#Create and configure Management Vlan bridge (Allows pass-thru to SM)
#--------------------------------------------------------------------
#Create bridge for management vlan
brctl addbr br0

#Add mvlan onto ethernet/wireless interface
vconfig add eth0 ${MVLAN_ID}
vconfig add ath0 ${MVLAN_ID}

#Bring up mvlanned interfaces with defaults
ifconfig eth0.${MVLAN_ID} 0.0.0.0 up
ifconfig ath0.${MVLAN_ID} 0.0.0.0 up

#Attach mvlanned ethernet/wireless interface to bridge
brctl addif br0 eth0.${MVLAN_ID}
brctl addif br0 ath0.${MVLAN_ID}

#Configure ip address for mvlanned bridge
ifconfig br0 ${IP_ADDR} netmask 255.255.255.0 up
route del default gw 0.0.0.0
route add default gw ${GATEWAY} br0
#
#---------------------------------------------------------------------
#Create bridge to pass through customer vlans
#---------------------------------------------------------------------
#Create bridge for customer vlan1
brctl addbr br${VLAN1_ID}
#
#Add vlan onto wireless/ethernet interfaces
vconfig add ath0 ${VLAN1_ID}
vconfig add eth0 ${VLAN1_ID}
#
#Bring up vlanned interfaces with defaults
ifconfig ath0.${VLAN1_ID} 0.0.0.0 up
ifconfig eth0.${VLAN1_ID} 0.0.0.0 up
#
#Attach vlanned wireless/ethernet interface to bridge
brctl addif br${VLAN1_ID} ath0.${VLAN1_ID}
brctl addif br${VLAN1_ID} eth0.${VLAN1_ID}
#
#Bring up bridge with defaults
ifconfig br${VLAN1_ID} 0.0.0.0 up



#----NS5 SM-----------
#----Vlan Constants----
MVLAN_ID=1504
VLAN_ID=1054
#----------------------
#----IP Information----
IP_ADDR=10.150.4.13
GATEWAY=10.150.4.1
#----------------------
#Delete default gateway from device
route del default gw 0.0.0.0
#
#Bring down and destroy default bridge
ifconfig br0 0.0.0.0
ifconfig br0 down
brctl delif br0 ath0
brctl delif br0 eth0
brctl delbr br0
#
#---------------------------------------------------------------
#Create and configure Management Vlan
#---------------------------------------------------------------
#Add MVlan onto wireless interface and configure ip address
vconfig add ath0 ${MVLAN_ID}
ifconfig ath0.${MVLAN_ID} ${IP_ADDR} netmask 255.255.255.0 up
route add default gw ${GATEWAY} ath0.${MVLAN_ID}
#
#---------------------------------------------------------------
#Tag ethernet traffic as it passes to wireless interface
#---------------------------------------------------------------
#Create bridge for customer vlan
brctl addbr br0
#
#Add vlan onto wireless interface
vconfig add ath0 ${VLAN_ID}
#
#Attach vlanned wireless/untagged ethernet interface to bridge
brctl addif br0 ath0.${VLAN_ID}
brctl addif br0 eth0
#
#Bring up interfaces with defaults
ifconfig ath0.${VLAN_ID} 0.0.0.0 up
ifconfig eth0 0.0.0.0 up
#
#Bring up bridges with defaults
ifconfig br0 up
Newbie
dizaar
Posts: 1
Registered: ‎06-26-2008
Posts: 1
Registered: 06-26-2008

Re: VLAN Support on Nanostations - example scripts available...

Gidday, we have built a modification to the GUI. This will allow everything from tagging voice traffic onto a seperate VLAN, additional SSID's on seperate VLAN's, all ingres ethernet traffic onto seperate VLAN.

Regards
Dan


Where can it be downloaded?
Member
spirited
Posts: 112
Registered: ‎10-27-2009
Posts: 112
Registered: 10-27-2009

Re: VLAN Support on Nanostations - example scripts available...

Thanks SByrd. Being new to the forum, I later saw that what you have working, which is awesome, is under the older hardware.
I wonder how hard it would be to transfer this logic?