AP not reachable on eth0, only on VLAN

longus · February 13, 2020, 11:05am

Hi everybody,

first of all, thanks for this great tool and your help in advance.
I am using openWRT on a Wifi AP Netgear EX-6150 which is now supported (thanks for that also!).
Originally I wanted to remove the IP addresses from the VLAN bridges and have OpenWRT reachable only on 192.168.1.3, which is the address configured on eth0.

However, I cannot ping the 192.168.1.1 gateway from OpenWRT but 192.168.10.1 is working and both wifi networks as well.

Question:
Why is the IP 192.168.1.3 not working?

Thanks again!
Timo

Network config:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '*:*:*::/48' #removed

config interface 'eth0'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option ipaddr '192.168.1.3'
        option netmask '255.255.255.0'
        option gateway '192.168.1.1'
        list dns '192.168.1.1'

config interface 'guest'
        option type 'bridge'
        option ifname 'eth0.30'
        option proto 'none'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.10'
        option proto 'static'
        option ipaddr '192.168.10.3'
        option gateway '192.168.10.1'
        option netmask '255.255.255.0'
        list dns '192.168.10.1'

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.10.1    0.0.0.0         UG    0      0        0 br-lan
192.168.1.0     *               255.255.255.0   U     0      0        0 br-eth0
192.168.10.0    *               255.255.255.0   U     0      0        0 br-lan

ulmwind · February 14, 2020, 10:42am

What is switch configuration?

longus · February 14, 2020, 11:20am

The switch has 802.1Q VLAN configured (TP-Link TL-SG1016DE):

VLAN ID VLAN Name  Member Ports          Tagged Ports  Untagged Ports
1       default           1-16           -             1-16
20      DMZ               15-16          15-16         -
30      GUEST             2,4,6,12,16    2, 16         4, 6, 12
10      INT               2,8,10,15-16   2,15-16       8, 10

Port 2 is the openwrt Access Point, PVID 1
Port 16 is the OPNsense Firewall, PVID 1

I thought that eth0 interface is "untagged" and therefore would be associated with VLAN1

Thanks for your help...

[update: reformatted table]

ulmwind · February 14, 2020, 11:50am

OK, my question is about switch configuration of AP. Do you see sections with 'switch' word in /etc/config/network?

longus · February 14, 2020, 12:11pm

There are no switch sections in the network file as I am using it as an Access Point, I copied the full file in the OP.

Thanks,
Timo

ulmwind · February 14, 2020, 12:47pm

Sorry, you are using eth0.10, eth0.30 VLAN's 10, and 30 should be configured.

longus · February 14, 2020, 12:51pm

That's right. I have VLAN10 for INT WLAN and VLAN30 for GUEST WLAN. Both are working.
However I thought that VLAN1 should be working on interface 'eth0' as well as I have static IP configured there.
Is that not correct?

Thanks,
Timo

ulmwind · February 14, 2020, 12:53pm

Please, give output of
swconfig list
VLAN and IP are independent! I don't understand your message about dependence of VLAN, and static IP.

trendy · February 14, 2020, 1:07pm

Is the OpenSense configured to tag vlan1 on the interface that is connected on port 16 of the switch?
The diagram of the VLAN allocation of the switch is not so clear, better use preformatted text when you paste output of devices ( the </> button).
But I presume that you have VLAN1 untagged and native on every port.
I was running into the same issue more or less and I could solve it by adding a new VLAN for what used to be VLAN1 and tag it.

Hegabo · February 14, 2020, 4:30pm

If its VLAN 1 then should be eth0.1.

Also it's a good pactice to define the interface at the VLAN level not at the physical interface level (i.e. eth0.1 not eth0); it makes it a lot more flexible.

Additionally, there is probably little point of defining eth0 as a bridge.

longus · February 14, 2020, 5:14pm

Thanks for your suggestions.

I now also tried to configure an eth0.1 which also did not work.
I am coming to the conclusion that the hardware I am using does not support mixed tagged/untagged traffic. I will now configure a VLAN50 and call it a day. Thanks for all your help.

This post seems to have a similar constraint:
https://forum.openwrt.org/t/mixed-tagged-untagged-vlan-possible/42923

[update: fixed typo on interface name]

Hegabo · February 14, 2020, 5:52pm

There is a big difference between eth1 and eth0.1.