I've managed to lock myself out of my EA8500 after a bad VLAN configuration. Booting into failsafe mode seems to be working, since the LED flash turns rapid after a button is pushed. But all ports of the switch do not respond to ARP and so I can't make any kind of connection (SSH, telnet) to 192.168.1.1. Is the VLAN config somehow separately persisted in the switch hardware, or otherwise not fully reset to non-VLAN support in failsafe mode? Or might this be a failsafe bug on this hardware? I've already tried a full power down/unplug/wait.
1 Like
LEDE failsafe does not disable anything. It merely boots your device with default settings, and your modifications are still on the overlay, which you have to mount manually in failsafe mode. After that, you can edit them and try booting normally again.
Thanks, yes, that's what I understood too. But I misconfigured the VLAN via LuCI, locking out all connections, failsafe mode did not re-enable them. Failsafe mode apparently started - because the rapid flash began -- but none of the switch ports responds to a ping. A look on tcpdump shows that the ports aren't even responding to arp requests. That implies, to me, that the "bad" VLAN config is still active. I don't know the hardware well enough to know whether the switch "remembers" its VLAN connection across power cycles, but other than a random bug, this is the only explanation I can think of for why failsafe mode isn't allowing me to talk to the device. Because, as you point out, failsafe doesn't "reset" anything, the user remains locked out.
If that is indeed what's happening, there is an important limitation of failsafe mode that it does not protect against VLAN misconfiguration. I'm a VLAN newbie, so I obviously blew it, but the LuCI VLAN config page makes it easy to lock yourself out, and there is no logic to protect you from that kind of misconfiguration. At a minimum, if I'm on the right track, I might add some comments to the wiki to warn users that VLAN lockouts are "fatal"...
UPDATE: It seems as if there is a bug in 17.01.0:
- Do firstboot to get to a new config for the EA8500
- Enter LuCI switch configuration. Note correct CPU entries
- Don't change anything, just click "Save and apply"
- UI comes back with cleared values for CPU VLAN, and no longer connects to any switch port
MORE INFO:
I have confirmed that when the above steps are taken, LuCI writes back incorrect values back to config that omit the value "5t" from the VLANS. This cuts the switch off from the CPU and bricks the switch - and the router, if a wireless interface isn't set up as a back door. I will file a LuCI bug report in the issue tracker
Same problem here...
I think this is a huge caveat as a misconfiguration is not being rolled back.
I don't know how to unbrick my router, which is an ERX and doesn't have WiFi.
Should failsafe also issue a clearing of VLANS?
It does, to me.
Regards
Not in your permanent configuration, no. As answered earlier, failsafe just boots the device with default settings (and also only the absolute minimum in terms of running services).
When you boot into failsafe, your device will be temporarily running with the default settings which means that it will basically be as if you just reset the router. From there, you have two options: attempt to repair the broken config file(s) or reset the router to defaults.
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.