I installed openWRT on my ZyXEL XGS1250-12 switch and now I can only interact with the switch using Serial connection (earlier post with more info). I initially installed OpenWrt version 23.05.5, and when that did not work I tried installing 22.03.7, which also did not fix the issue I'm encountering. It looks to me like my experience is similar to the one described in this issue.
Since I would like to have the switch working with OpenWrt, I'm hoping someone with a working ZyXEL XGS1250-12 can post their firmware version and /etc/config/network contents.
Since you've got a serial connection, let's see the following:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
config defaults
option syn_flood 1
option input REJECT
option output ACCEPT
option forward REJECT
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
Note: I've tried to turn the firewall off by running /etc/init.d/firewall stop
Also, I can't ssh or interact with the web interface. As far as I can tell, none of the Ethernet ports are working.
If that doesn't work.... try editing the network config file... specifically:
Delete these two stanzas:
And replace them with these:
config device 'switch'
option name 'switch'
option type 'bridge'
option macaddr REDACTED
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
list ports 'lan8'
list ports 'lan12'
config bridge-vlan
options device 'switch'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
list ports 'lan5:u*'
list ports 'lan6:u*'
list ports 'lan7:u*'
list ports 'lan8:u*'
list ports 'lan12:u*'
Then reboot the switch and try again (same procedure as my previous comment -- static IP on your computer, ping the switch).
If you can ping, ssh should work. I would not expect to see the LuCI web interface, though, because you've got a snapshot installed.
I connected a computer with no other network connections to the switch, and gave that computer and IP of 192.168.1.3.
I found I could not ping the switch, ping 192.168.1.1 gave me this output:
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 192.168.1.3 icmp_seq=1 Destination Host Unreachable
From 192.168.1.3 icmp_seq=2 Destination Host Unreachable
From 192.168.1.3 icmp_seq=3 Destination Host Unreachable
I change the network config file contents to:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd10:219e0021:be0600be::/48'
config device 'switch'
option name 'switch'
option type 'bridge'
option macaddr REDACTED
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
list ports 'lan8'
list ports 'lan12'
config bridge-vlan
options device 'switch'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
list ports 'lan5:u*'
list ports 'lan6:u*'
list ports 'lan7:u*'
list ports 'lan8:u*'
list ports 'lan12:u*'
config device
option name 'switch.1'
option macaddr REDACTED
config interface 'lan'
option device 'switch.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
and then rebooted, but I found I also did not get a response when I tired ping 192.168.1.1
Also, thank you for pointing out that I did not have the firmware version I thought I had. I must have transferred the wrong file when downgrading. Should I try your suggestions again, but with different firmware installed?
The 24.10.0 image I installed did not allow me to ping the switch with either configuration network file. On the download page, installed the "Kernel" image, should I be installing the "Snapshot" image instead?
On the switch, I tried ping6 to see if I could ping the connected computer using the computer's IPv6 address, but the computer did not ping back.
I can't tell what the switch's IPv6 address is, and I have not tried to find it or ssh into the switch using its IPv6 address. Can you tell me how to find the switch's IPv6 address?
Out of curiosity, have you tried simply passing traffic through the switch? This doesn't solve anything, but I am curious if the switch operates as a switch should. So if you plug your upstream router into this switch, does your computer get an IP and then access as expected to the internet (not the switch, though).
Obviously, if you run this test, make sure that the switch doesn't have the same IP as your router or anything else on your network... even though it's not responding properly, no need to introduce a potential source of issues.
I have some old image that I think it's working (with some manual patches taken from githubs), I had one fully working, even the SPF+ cages, but spanning tree was not working correctly, I was missing an entry in the driver, then I tried something new and I it didn't work anymore, then I didn't had time to bisect what commit was the culprit and now I just reverted to original firmware, I can share you the image if you want, but I can't vouch it's the fully functional one as I made the dumb mistake to overwrite the one I know as working.
Ping from your PC/laptop ping ff02::1%interface, like eth0 or eno1 or which ever interface you use.
One response is from you, the other one from the router. You can use this link local address with the interface identifier to connect via ssh.
Thanks, I didn't know the syntax you shared. When I tried your command using my computers Ethernet interface, there was only one response. The one response was my computer's IPv6 address.
Following up with @Borromini, I don't know what is on /dev/mtd5, but the idea of overwriting storage with random info seems a little scary. I have a copy of the stock firmware, is there a reason I could not install the stock firmware by transfering the firmware over the serial connection and installing with sysupgrade?
I can share you the image if you want, but I can't vouch it's the fully functional one as I made the dumb mistake to overwrite the one I know as working.
Yeah, @lucize, if you can point me to a firmware version that sort of works, any network connectivity is still an improvement.
Yeah @psherman, I have tried this. I find that if I connect the switch to my WAN connection or to the rest of the network, no computer connected to the switch can connect to the internet or to other computers on my network.
To test for internet connectivity I pinged a DNS server with ping 4.2.2.1, and to test for connectivity within my network, I tried ping but with another computers IP.
