Can't manage switch VLANs using web interface

tokmk · February 24, 2020, 10:23pm

Hi guys,
I am having issue with configuration of the Switch VLANs using a web interface.

Basically I have two issues:
When I try to add new VLAN under Switch 0 in UI is added new VLAN 1 under switch 0 and switch 1. But commands for uci are generated for switch 1 only. Then after hit Save & Apply the configuration is written only for switch 1 into /etc/config/network.

Second issue is if I want to change port definition from off to tagged or untagged under switch 1 it is reset back to off.

For better understanding see short video of recorder UI: https://gifyu.com/image/7awE

My original /etc/config/network is:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fde4:1404:60df::/48'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
        option ar8xxx_mib_type '0'
        option ar8xxx_mib_poll_interval '500'

config switch
        option name 'switch1'
        option reset '1'
        option enable_vlan '1'

config interface 'wlan_guest'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '10.0.100.1'

trendy · February 24, 2020, 10:27pm

Which device is this and which version of OpenWrt are you running?

tokmk · February 24, 2020, 10:28pm

The device is Mikrotik RB2011UiAS-IN and version is Powered by LuCI openwrt-19.07 branch (git-20.053.76840-087e6ac) / OpenWrt 19.07.1 r10911-c155900f66

mk24 · February 24, 2020, 10:46pm

Was this firmware obtained from downloads.openwrt.org?

That doesn't look like a default /etc/config/network -- there's no lan network.

Dual switches is probably beyond what LuCI can handle. It looks like there is the internal AR9344 switch for 5 of the ports (10/100 only), then some sort of external GBe switch on the other CPU port.

And that's a lot of stuff to hang off of an AR9344.

psherman · February 24, 2020, 10:48pm

If you want to set a VLAN to untagged on a specific port, you must first make sure that all other VLANs are set to off or tagged for that port. This is because you cannot have multiple untagged networks on a single switch port.

Can you either verify that you have already done this? If you haven't, try ensuring that the switchport has no untagged VLANs before you try to assign the VLAN of interest as untagged (I'm pretty sure that you can apply the settings after you do both operations, but it is possible you'll need to apply between). Please report back with your status.

tokmk · February 24, 2020, 11:15pm

Yes, the firmware was downloaded from downloads.openwrt.org

The version of /etc/config/network is not after insttallation. I deleted the lan interface (bridge) which I didn't need.

tokmk · February 24, 2020, 11:19pm

Yes, I did that. I am creating VLANs from scratch so all ports are in off state. The changes from off state to tagged or untagged are not applied no matter if I hit "save" or "save & apply".

mk24 · February 24, 2020, 11:22pm

Usually you keep lan as the administrative network, and launch a wifi AP on it. Since you have a console port there isn't as much concern about losing access but when there isn't one its typical to log in to lan via wifi while configuring ethernet.

The firstboot scripts try to build out a default switch configuration which has all the external ports in the switch untagged in one VLAN-- that's usually a good place to work from. Between that and running swconfig help and swconfig show you can deduce the hardware topology and configure the switch in /etc/config/network.

Like I said don't expect LuCI to handle this situation.

tokmk · February 24, 2020, 11:49pm

There is outputs of swconfig...

$ swconfig list
Found: switch0 - ag71xx-mdio.0
Found: switch1 - eth1

$ swconfig dev switch0 show
Global attributes:
        enable_vlan: 1
        ar8xxx_mib_poll_interval: 500
        ar8xxx_mib_type: 0
        mib: MIB counters
RxGoodByte  : 161067409 (153.6 MiB)

        enable_eee: 0
        igmp_snooping: 0
        vlan_prio: 0
        pvid: 2
        link: port:1 link:up speed:1000baseT full-duplex txflow rxflow auto

Port 2:
        mib: No MIB data
        enable_eee: 0
        igmp_snooping: 0
        vlan_prio: 0
        pvid: 1
        link: port:2 link:down
Port 3:
        mib: No MIB data
        enable_eee: 0
        igmp_snooping: 0
        vlan_prio: 0
        pvid: 0
        link: port:3 link:down
Port 4:
        mib: MIB counters
RxGoodByte  : 110200 (107.6 KiB)
TxByte      : 540

        enable_eee: 0
        igmp_snooping: 0
        vlan_prio: 0
        pvid: 0
        link: port:4 link:down
Port 5:
        mib: No MIB data
        enable_eee: 0
        igmp_snooping: 0
        vlan_prio: 0
        pvid: 0
        link: port:5 link:down
Port 6:
        mib: MIB counters
RxGoodByte  : 0
TxByte      : 540

        enable_eee: ???
        igmp_snooping: 0
        vlan_prio: 0
        pvid: 0
        link: port:6 link:down
VLAN 1:
        vid: 1
        ports: 0t 2 
VLAN 2:
        vid: 2
        ports: 0t 1

$ swconfig dev switch1 show
Global attributes:
        enable_vlan: 1
        mirror_monitor_port: 15
Port 0:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
Port 1:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 2
        link: port:1 link:down
Port 2:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 1
        link: port:2 link:down
Port 3:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:3 link:down
Port 4:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:4 link:down
Port 5:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:5 link:down
VLAN 0:
        vid: 0
        ports: 0t 3 4 5 
VLAN 1:
        vid: 1
        ports: 0t 2 
VLAN 2:
        vid: 2
        ports: 0t 1

So if I understand you correctly you suggest to revert back to firmware defaults and configure VLANs directly in /etc/config/network and not using LuCI?

tokmk · February 24, 2020, 11:52pm

I see there is three VLANs configured under switch 1. From where swconfig loads this configuration?

mk24 · February 25, 2020, 1:13am

Ports that aren't configured stay in VLAN0. That's a dead end not a third VLAN. Valid VLAN numbers start at 1.

Ultimately the configuration is all stored in /etc/config/network. LuCI and uci are only indirect means to edit that file. I suggest starting with a default configuration and make small changes at a time rather than hacking it all to pieces and trying to "build from scratch."

misterti · April 29, 2021, 8:09am

@tokmk

Same router, same issue, just installed. Before i continue with this excercise, does it work out separating the ports on both switches?

lleachii · April 29, 2021, 3:41pm

@misterti, welcome to the community!

A year later, you may wish to make a new thread for your issue.

There's no issue with managing VLANs (as long as you don't lock yourself out).