Bridge device not forwarding onto 802.1q device

wangnick · December 1, 2021, 6:45pm

I'm upgrading one of my APs from TL-WR940N to Cudy-WR2100 with OpenWrt 21.2.1 stable.

The WR2100 has one WAN and four LAN 1000BASE-T ports.

The WAN connection is an Ethernet trunk carrying tagged 802.1q VLANs 2, 4 and 5.

802.1q wan.2 is used by bridge device br-private, which bridges to a WLAN private3. br-private is used in a static IP address interface PRIVATE. Works fine and I can connect to the WR2100 over wan.2.

802.1q wan.5 is used by bridge device br-guest, which bridges to a WLAN guest3. br-guest is used in an unmanaged interface GUEST. Works fine as well.

802.1q wan.4 is used together with lan1, lan2, lan3 and lan4 by a bridge device br-offsite. br-offsite is used in an unmanaged interface OFFSITE. A Raspberry PI is connected untagged to lan4.

The issue is that I can't reach the RasPi on lan4 over wan.4.

To check what's going on I turned OFFSITE into a static IP address interface. I can then log into the WR2100 over wan.4, I can ping back to my main router over wan.4. I can also ssh from the WR2100 to the RasPi, and pinging the WR2100 back from the RasPi works fine as well.

However, pinging my main router from the RasPi does not work. What I observe using tcpdump is that the ARP who-has request is visible on lan4 and on br-offsite, but not on wan.4 (and neither on wan with VLAN 4).

What am I doing wrong?

Kind regards, Sebastian

/etc/config/network:

config interface 'loopback'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
        option device 'lo'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd19:bb72:c09d::/48'

config device
        option type '8021q'
        option ifname 'wan'
        option vid '2'
        option name 'wan.2'

config device
        option type '8021q'
        option ifname 'wan'
        option vid '4'
        option name 'wan.4'

config device
        option type '8021q'
        option ifname 'wan'
        option vid '5'
        option name 'wan.5'

config device
        option type 'bridge'
        option name 'br-private'
        list ports 'wan.2'

config device
        option type 'bridge'
        option name 'br-offsite'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan.4'

config device
        option type 'bridge'
        option name 'br-guest'
        list ports 'wan.5'

config interface 'PRIVATE'
        option proto 'static'
        option device 'br-private'
        option ipaddr '192.168.2.129'
        option netmask '255.255.255.0'
        option gateway '192.168.2.1'
        list dns '192.168.2.1'

config interface 'OFFSITE'
        option device 'br-offsite'
        option proto 'static'
        option ipaddr '192.168.4.129'
        option netmask '255.255.255.0'

config interface 'GUEST'
        option proto 'none'
        option device 'br-guest'
        option force_link '1'

wangnick · December 1, 2021, 10:27pm

Ok, I solved my issue. I'm not sure what exactly solved it, though. I did two things: a) I abandoned the use on the wan port and rather perform all switch forwarding solely between lan ports (and wlan), and b) I avoided the manual creation of 802.1q type devices and multiple bridges devoted to one VLAN each, and rather use one single bridge device br-lan where I configure bridge VLAN filtering of all three VLANs and their allocation to lan ports.

/etc/config/network:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fddf:7b64:cc89::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config bridge-vlan
        option device 'br-lan'
        list ports 'lan4:t'
        option vlan '2'

config bridge-vlan
        option device 'br-lan'
        option vlan '4'
        list ports 'lan1:u*'
        list ports 'lan2:u*'
        list ports 'lan3:u*'
        list ports 'lan4:t'

config bridge-vlan
        option device 'br-lan'
        list ports 'lan4:t'
        option vlan '5'

config interface 'PRIVATE'
        option proto 'static'
        option device 'br-lan.2'
        option ipaddr '192.168.2.129'
        option netmask '255.255.255.0'
        list dns '192.168.2.1'
        option gateway '192.168.2.1'

config interface 'OFFSITE'
        option proto 'static'
        option device 'br-lan.4'
        option ipaddr '192.168.4.129'
        option netmask '255.255.255.0'

config interface 'GUEST'
        option proto 'none'
        option device 'br-lan.5'

tmomas · December 11, 2021, 10:28pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.