Add vlan on GL-MT300N-V2

Try to add pvid, as I have described above.

Sorry, I tried your suggestion (default tagging wan and lan port) but I forgot to answer!
it did also not work...

I really guess it's a hardware problem.

I'm curious...

  • What happens if you don't include the CPU in the vlan100 switch config? This would allow the vlan to pass through the switch, but obviously won't allow you to bridge it to wifi and/or have any other interaction, but if you only need it to pass through, this might achieve the goal (traditionally it would, but obviously something isn't happy here).

This also might help us understand if the problem is the switch or the CPU. (not that I have any solutions for this potential new knowledge).

sorry for the late answer!
I'm curious too and setup a serial agetty to ease debricking which took me a while...

I'm not much further with the following outcome:

here is my test setup (working since years):

          β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”
          β”‚Switch Aβ”‚
          β””β”¬β”€β”€β”€β”€β”€β”€β”¬β”˜
           β”‚      β”‚
   β”Œβ”€β”€β”€β”€β”€β”€β”€β”΄β”    β”Œβ”΄β”€β”€β”€β”
   β”‚Switch Bβ”‚    β”‚PC 1β”‚
   β””β”¬β”€β”€β”€β”€β”€β”€β”¬β”˜    β””β”€β”€β”€β”€β”˜
    β”‚      β”‚
β”Œβ”€β”€β”€β”΄β”   β”Œβ”€β”΄β”€β”€β”€β”€β”
β”‚PC 2β”‚   β”‚MT300Nβ”‚
β””β”€β”€β”€β”€β”˜   β””β”€β”€β”€β”€β”€β”€β”˜

if i tag a vlan like this:

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '0t 1t 6t'

then:

  • other openwrt routers (DSA and non DSA) than MT300N are accessible
  • the MT300N is not accessible anymore with my test-PC (PC 2)
  • the MT300N is not accessible when replacing PC 2 with other hardware and OS
  • the MT300N is not accessible when replacing Switch B with a manageable switch
  • the MT300N is accessible from PC 1 and any other device on Switch A

I'm really at a loss

First I'd recommend just make a new static interface on lan zone with dhcp, with an admin SSID. That way you'll always have access and don't need to mess with "unbricking" the device.

Thank you for your suggestions, but with the serial console i'm "always online" now.
But you are right: the "static interface on lan zone with dhcp" is less hassle to set up.

I'm dealing with the same device in a similar situation: I want to maintain the default untagged LAN port but also send tagged VLAN frames over the same physical port. In theory this can be accomplished with the config:

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 6t'

config switch_vlan
        option device 'switch0'
        option vlan '101'
        option ports '0t 6t'

In theory, with this config I should be getting untagged frames through both ports (0 and 1), and tagged (VLAN 101) frames through port 0. The VLAN 101 frames actually do come through correctly, but the untagged frames no longer make it through port 0.

Running swconfig dev switch0 show I notice:

VLAN 1:
        ports: 1 6t
VLAN 2:
        ports: 0t 6t
VLAN 101:
        ports: 0t 6t

It looks like it's sending tagged packets for VLAN 2 out of port 0? Despite being set to untagged in the config.

Also notable is the untag: 0 where maybe it's supposed to be untag: 1? (ignore the link status, I was shuffling cables while testing)

Port 0:
        disable: 0
        doubletag: 0
        untag: 0
        led: 5
        lan: 0
        recv_bad: 0
        recv_good: 4849
        tr_bad: 0
        tr_good: 8339
        pvid: 2
        link: port:0 link:down
Port 1:
        disable: 0
        doubletag: 0
        untag: 1
        led: 5
        lan: 1
        recv_bad: 0
        recv_good: 9965
        tr_bad: 0
        tr_good: 7570
        pvid: 1
        link: port:1 link:up speed:100baseT full-duplex

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

With some further testing it looks like on this device a port cannot be configured as untagged for any VLAN while configured as tagged for another VLAN.

However, it does appear to work correctly with multiple tagged VLANs. Therefore, a solution is to have everything be a tagged VLAN on this device (or at least on this port), and then use a managed switch to provide untagged access ports where necessary.

Some hardware does indeed have a limitation where untagged + tagged does not work. It is also a preference of some people to never use untagged networks on a trunk.

root@OpenWrt:~# ubus call system board
{
        "kernel": "5.10.176",
        "hostname": "OpenWrt",
        "system": "MediaTek MT7628AN ver:1 eco:2",
        "model": "GL-MT300N-V2",
        "board_name": "glinet,gl-mt300n-v2",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.5",
                "revision": "r20134-5f15225c1e",
                "target": "ramips/mt76x8",
                "description": "OpenWrt 22.03.5 r20134-5f15225c1e"
        }
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '2001:0DB8:dead::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '6t 1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '6t 0'

config switch_vlan
        option device 'switch0'
        option ports '6t 0t'
        option vlan '101'

The other options should not be relevant as this is a fully default install (fresh flash) with just the switch options adjusted for testing.

Note that the examples from my original message were taken from the OEM-supplied firmware (19.x) but I've now reproduced those test results in the supported OpenWrt firmware.

In my particular case I don't really mind either way - I default to an untagged management VLAN to make it easier to regain access in case of a misconfig but it's easy enough to adjust the switch to tag it instead.

It is a bit unintuitive that the configured option in the UI is not what is actually happening, and this doesn't seem to be visible until someone runs swconfig to check. Would it be possible to make the UI more accurately reflect what the hardware is doing?

In any case I hope this helps the @rwalli with their issue - it looks like they were testing for untagged ports, but the ports were only sending out tagged frames even when configured otherwise.

Thank you for your information!
I have no room for a switch.
Do you know a router (GL-AR300M16-Ext?) with small form factor with working VLAN?