Due to a ransomware attack, the wiki was reverted to a July 2022 version. . We apologize for the lack of a more recent valid backup.
The residential gateway is a regular home wireless router running OpenWRT. The hardware we are using is NETGEAR WNDRMACv2 (also known as WNDR3700v2). I've provisioned these with OpenWRT Barrier Breaker 14.07.
Setup
The RG has an OVS OpenFlow switch sitting between the LAN side (wired ethernet ports and wireless network) and the WAN side (yellow ethernet port that connects to ONU). The OVS switch is using in-band control to connect to an OpenFlow controller in the network. It uses wpa_supplicant to authenticate with the the network using EAPOL.
When the RG boots up and is connected to the network, the workflow is as follows:
- wpa_supplicant does 802.1X and authenticates the box
- OVS internal port uses DHCP to receive an IP address for the switch
- OVS initiates an in-band OpenFlow connection to the controller using the IP address it just received.
Once these steps are complete, the OpenFlow controller can set up flows to allow the LAN-side devices to access the vCPE.
Usage
There are a few things that need to be configured on the box before it will work in a new environment.
...
Certificates can be copied into /etc/certscert.
Then edit /etc/config/wpa_supplicant.conf with the correct identity and certificate paths.
...