There's three modes:
- default - all ports are in the same VLAN;
- per-port - each port can be in a VLAN 'group';
- dot1q - each port can be in multiple VLAN groups, with 802.1q tagging going on.
The dot1q VLAN is for switches that support multiple VLANs, each can have an arbitrary VLAN ID (0..4095) with optional other VLAN options (like tag-in-tag support.)
The etherswitch configuration side has a few options and they're supported by different hardware:
- Each port has a port VLAN ID - this is the "native port" for dot1q support. I don't think it has any particular meaning in the per-port VLAN code in arswitch but I could be terribly wrong. I thought it did when I initially did the port, but the documentation is .. lacking.
- Then there's a set of per-port flags - eg q-in-q, 802.1q tagging, etc.
- Then there's the vlangroup - each vlangroup has a vlan ID, and then a set of port members. Each port member can be tagged or untagged.
Firstly - the AR934x SoC switch support doesn't include VLANs. I need to add that. I'm not sure which side of the wall this falls.
The switches previous to the AR8327 support per-port and VLAN configuration, but they don't support per-port-per-VLAN tagging. Ie, you can configure 802.1q VLANs, and you can enable tagging on the port - but it tags all packets that aren't the port 'VLAN ID'.
The per-port VLAN ID seems ignored by the arswitch code - it's only used by the dot1q support.
So I think (and it hasn't yet been tested) that on the earlier switches, I can use per-port VLANs with tagging by:
- Configuring per port vlans - "etherswitch config vlan_mode port"
- Adding vlangroups as appropriate with membership - tag/untag doesn't matter
- Set the CPU port up to have tagging - "etherswitch port0 addtag"
But on the AR8327, the VLAN map hardware actually supports enabling/disabling tagging on a per-port-per-VLAN basis. Ie, when the VLAN table is programmed with the port membership, it takes a list of both the ports and whether the ports are tagged/untagged/open/filtered. So, I don't think per-port VLAN tagging works - only dot1q tagging. Maybe I can make it work, but I haven't really sat down for long enough with the documentation to see what combinations are required.
- Configure the hardware - "etherswitch config vlan_mode dot1q"
- Add vlangroups as appropriate, set pvid as appropriate
- For each vlangroup membership, the port can be tagged or untagged - eg to tag the cpu port 0, you'd use '0t' as the port member. That says "port0 is a member, and it's tagged."