DSA routing between Vlans

Hello Together,
my Hardware a DL-WRX36

I am trying to route between 2 vlans... but i can not ping the Host on the other side...

i ping from the wifi from stixilan to an host on lan

can anybody help me?!?

Firewall:

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'stixilan'
	option output 'ACCEPT'
	list network 'Lanstixi'
	option input 'ACCEPT'
	option forward 'ACCEPT'

config forwarding
	option src 'lan'
	option dest 'stixilan'

config forwarding
	option src 'stixilan'
	option dest 'lan'

config rule
	option name 'stixilan-lan'
	list proto 'all'
	option src 'stixilan'
	option dest 'lan'
	option target 'ACCEPT'

config rule
	option name 'lan-stixilan'
	list proto 'all'
	option src 'lan'
	option dest 'stixilan'
	option target 'ACCEPT'

Network:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdae:823e:ea35::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'wan'

config interface 'lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option device 'br-lan.10'
	option ipaddr '192.168.2.30'

config interface 'wan'
	option proto 'dhcp'
	option auto '0'

config interface 'wan6'
	option proto 'dhcpv6'
	option auto '0'
	option reqaddress 'try'
	option reqprefix 'auto'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'lan1:t'
	list ports 'lan4:u*'
	list ports 'wan:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '310'
	list ports 'lan1:t'
	list ports 'lan3:u*'
	list ports 'wan:t'

config interface 'Lanstixi'
	option proto 'static'
	option device 'br-lan.310'
	option ipaddr '192.168.31.30'
	option netmask '255.255.255.0'

wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/c000000.wifi'
	option channel '36'
	option band '5g'
	option htmode 'HE80'
	option disabled '1'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/c000000.wifi+1'
	option channel '1'
	option band '2g'
	option htmode 'HE20'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option mode 'ap'
	option ssid 'OpenWrttest'
	option encryption 'psk2+ccmp'
	option key 'ichteste'
	option network 'Lanstixi'

The following two rules are unnecessary and should be removed:

Do devices on each VLAN have addresses in the correct network?
Is this the only router in the network? If so, why is the wan in your lan bridge?

Just to be clear, ipq807x (and with that the dl-wrx36) does not use DSA so far, the switchdev based driver just makes it look that way (to some limited extent). Yes, all 1 GBit/s ports are on a single switch, but the current driver only makes them appear as individual ethernet interfaces.

ok... thanks...

is there a possibility that there will be a solution for this in the near future?

normal Vlan works... only the routing between 2 Vlans wan't work!

is there another way to use Vlan with the dl-wrx36?!?

CONFIG_SWCONFIG=y ??

There is no swconfig driver either (which would be a dead-end anyways), unless you write a DSA driver, there won't be any.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.