I’m wanted to use VLANS on my Asus RT-AC88U and found out, that vlans are not working at all!
So my questions are all BCM55xx devices are affected?
I have tested multiple router of the Asus RT-AC88U all with same issue. (I tested the same configuration on same TP-Link Routers, which is working fine.)
You can see that telegram are send out of the interface for ARP requests, but nothing is received (RX: 0B)
14: lan1.10@lan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether xxx
inet 192.168.10.1/24 brd 192.168.10.255 scope global lan1.10
valid_lft forever preferred_lft forever
sudo tcpdump -i enp5s0f0.10tcpdump:
verbose output suppressed, use -v[v]... for full protocol decode
listening on enp5s0f0.10, link-type EN10MB (Ethernet), snapshot length 262144 bytes
I suspect the issue is simply that of the configuration. Let's see what is going on:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:
I also have tested bridge-vlans before. They are also not working. I test your recommendation, it just locks me out.
That’s also the reason I’m demonstrating one Vlan on a single Ethernet port (to keep the problem as simple as possible without unnecessary additions).
As I sad, I’m pretty sure there is a bug. I have tested multiple router of the Asus RT-AC88U all with same issue. (I also have tested the same configuration on same TP-Link Routers, which is working fine.)
Actually I just wanted to know if the problem is only related to the Asus s RT-AC88U or to all BCM55xx devices?
It’s pretty strange that the vlan port is sending (TX) but not receiving (RX) data.
First I thought there could be a bug in the kernel. So I implemented ‘Open vSwitch’ and found out that the same issue occurs here. Because Open vSwitch is operating entirety in the Linux userspace, the issue must be related to the Ethernet chip setup.
How are you implementing my suggestions? Are you doing this by editing the config files directly, or via LuCI web interface?
While I cannot rule this out at this moment, I am inclined to believe that this is an issue either with the configuration itself or the sequencing to get there.
It appears that the RT-AC88U uses the brcm53xx target. Although I don't have that specific model, I do have the EA6300 and that is on the same target. There re some differences in the switch hardware within, but the target architecture is the same. I do know for sure that I am able to setup VLANs without issue on the EA6300.
If you are using the same method and configs, it is not a surprise that you're getting the same results. I don't think your devices have any hardware failures which would be the only reason you'd expect a different outcome.
Are these TP-Link devices using DSA or swconfig?
Try to keep this simple... don't add new variables like this. They're unnecessary for your goal here.
At this point, it would be very helpful to see your config (just prior to being locked out) as well as a description about how you are setting up your configs (editing the files directly, CLI, or LuCI).
How are you implementing my suggestions? Are you doing this by editing the config files directly, or via LuCI web interface?
Both!
First I tried it over the GUI (Luci).
Also followed your suggestion and edited the config in the terminal. Before adding br-lan1 to the new interface (lan2) I got already locked out!
It appears that the RT-AC88U uses the brcm53xx target. Although I don't have that specific model, I do have the EA6300 and that is on the same target. There re some differences in the switch hardware within, but the target architecture is the same. I do know for sure that I am able to setup VLANs without issue on the EA6300.
Well the EA6300 is using the Broadcom switch BCM4708A0.
The Asus RT-AC88U is using the Broadcom BCM53012
Are these TP-Link devices using DSA or swconfig?
Of course DSA.
(I don’t believe the config of a swconfig would not work at all!)
Try to keep this simple... don't add new variables like this. They're unnecessary for your goal here.
I’m trying to help, as much as possible, so that a maintainer of this device could locate the bug as precise as possible.
While I cannot rule this out at this moment, I am inclined to believe that this is an issue either with the configuration itself or the sequencing to get there.
I demonstrated that the simplest version of a VLAN is not working on this device.
Although I’m working with VLAN since many years.
I have implemented your recommendation without success. (Although in my option it is not useful to use vlan bridges here. there is no reason to complicate the problem unnecessarily)
I can test whatever you want! (but I’m pretty pretty sure it wont work.)
Well I have tested many different VLAN configurations for this device and all not working. (Also checked and discussed these configs with some colleagues)
Separate one Ethernet device (lan1) from the main bridge and add a 802.1q VLAN with VID 10 for example.
... you may be able to fix this simply by deleting the 802.1q stanza:
You, recommended me to delete the 802.1q setup, which is of course total non-sense.
Than you ‘forced’ me to use VLAN bridges. I followed your instruction and copy&paste the configuration. Of course (as assumed) it locked me out again. Because VLAN not working on this device, the default bridge, which I’m connected to, is also not working anymore again.
So probably easiest way I’ll send you one device ( I have 6 spare devices )
Of course, I can also test any other configuration you send me.
Is this the current state of the config?? If not, it would be best to work with the actual current state (also, please make sure the formatting is retained).
I've got a lot of experience with VLANs on OpenWrt -- swconfig, DSA, and individually routed ports. I can tell you with absolute confidence that the 802.1q stanzas are not necessary (I have done this on my own devices as well as in literally hundreds of theads on this forum).
It's possible there is a bug, but it's also possible that there is still an issue with the config and/or the sequencing, as I've said previously.
Nobody is forcing you to do anything. My thinking on for this most recent request and trial is that:
You can show me the current config (as it is right now)
I can recommend the changes that I would expect to work
I'd ask you to edit the config file, but not apply it until after I can review it again -- this way we can catch any possible mistakes before making it the running config.
We could also add a wifi-only network which would ensure that you don't need to rely on functional Ethernet to maintain access to the device, thus alleviating the concerns of a lockout.
If you'd like to try again, I would be happy to go though this all with you. If it works, that would get you what you've wanted in terms of VLANs. If it doesn't work, it will have been a very useful exercise in terms of identifying an actual bug and/or other peculiarities of this device. I suspect that any developers who would potentially work to fix such a bug would want to see this thread as supporting evidence to prove the bug exists and to provide clues as to the nature of the problem so it can be found and addressed (right now, I don't think they'd think that it is conclusive).
Well yes!
And as I explained I have 6 devices and tested my different configurations.
So I test whatever you want.
Well I do not want to deny your experience or even skills. But deleting the VLAN 802.1q setup is absolutely non-sense and can not work, if the other Ethernet device is using a tagged Vlan with VID10.
Of course we all know that my configuration is absolutely unnecessary:
Tagging an Ethernet Connection with only ONE VID does not make any sense at all! ( yes I assume, everyone should knows this.)
But for the reason of demonstration and simplicity, I assume its the easiest VLAN config, which I always would recommend testing first.
I think I answered it now many times
But lets take the config, which I posted in my 5th post.
That would be great, but I don't believe it.
So ya, just give me any super simple configuration, which I would to test for you.
Well for the simplicity, I would always not recommend using WLAN and also not bridges!
But anyway, I have also tested this.
It does work, and you can find many examples of where I have helped others with the same advice. The underlying 802.1q devices are created automatically when you use dotted notation (for individual ports) or bridge-VLANs (for dsa based devices with built in switches).
Anyway, i will try to build out the config for you tomorrow - I am already in bed as it is late in my time zone.
Well as I explained: Lets start always with the most easiest and reliable config. (because I very sure VLANs not working on this device)
For the reason of demonstration and simplicity, I would of course not use vlan bridges.
Actually the easiest way ever is with 'ip link type vlan ...'
Also this is not working here.
To make things easier for me to provide you with a working config, please repost your config with the formatting intact.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):
Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:
( I have 6 spare devices )