DUMB AP: Vlan configuration via swconfig - no connection via wifi

Installing and Using OpenWrt Network and Wireless Configuration
1

I'm trying to figure out why my dumb aps does not work.
They're a TP-link archer C60 v1 and v3, it's based on an architecture that has not been migrated to the new DSA arch, so i'm trying to configure it via swconfig (or i think i should do so...).
A managed switch (tp-link TL-SG108E) propagate all VLAN tagged to the ap (VLAN 10 mgmt, 20 main, 30 iot, 99 guest) on the first physical port.
I've created four eth0 tagged interface (eth0.10, eth0.20.. ecc).
I've create four bridged interfaces associated with every tagged vlan (br-mgmt bridge the eth0.10). Only interface on vlan 10 is configured via dhcp, the others are in unmanaged mode.
In this way the ap gets it's ip address via dhcp.
There is no fw, no dhcp, nothing installed on the ap. I'm using a custom built image.
I can access the web interface via wired network. i can access a wired cam over the second physical port that has vlan 30 untagged and asks for it's ip address via wired network.
From these info i desume the basic wired networking is functioning ok.
The problems arrive when
I've configured four wifi networks reflecting the vlans name.
If a station connects to one of the wifi it can't get an ip address.
Seem not to be routing between wifi and wired network .
I dont know if it's a package which is missing, or something not configured correctly.
I try to attach more information possibile, now it's two days i'm banging my head over this problem.

ubus info

root@ap-pm-cucina:~# ubus call system board
{
        "kernel": "5.15.167",
        "hostname": "ap-pm-cucina",
        "system": "Qualcomm Atheros QCA956X ver 1 rev 0",
        "model": "TP-Link Archer C60 v3",
        "board_name": "tplink,archer-c60-v3",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.5",
                "revision": "r24106-10cc5fcd00",
                "target": "ath79/generic",
                "description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
        }
}

network

root@ap-pm-cucina:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '10'
        option ports '0t 4t'
        option vid '10'

config interface 'MGMT'
        option proto 'dhcp'
        option device 'br-mgmt'

config switch_vlan
        option device 'switch0'
        option vlan '20'
        option ports '0t 4t 3 2 1'
        option vid '20'

config interface 'Main'
        option proto 'none'
        option device 'br-main'

config switch_vlan
        option device 'switch0'
        option vlan '30'
        option ports '0t 4t'
        option vid '30'

config interface 'IoT'
        option proto 'none'
        option device 'br-iot'

config switch_vlan
        option device 'switch0'
        option vlan '99'
        option ports '0t 4t'
        option vid '99'

config interface 'Guest'
        option proto 'none'
        option device 'br-guest'

config device
        option name 'eth0'
        option promisc '0'
        option acceptlocal '0'
        option sendredirects '1'
        option arp_accept '0'
        option drop_gratuitous_arp '0'
        option ipv6 '0'
        option multicast '1'

config device
        option name 'eth1'
        option promisc '0'
        option acceptlocal '0'
        option sendredirects '1'
        option arp_accept '0'
        option drop_gratuitous_arp '0'
        option ipv6 '0'
        option multicast '1'

config device
        option type 'bridge'
        option name 'br-mgmt'
        list ports 'eth0.10'
        option stp '1'
        option ipv6 '0'

config device
        option type 'bridge'
        option name 'br-main'
        list ports 'eth0.20'
        option ipv6 '0'

config device
        option type 'bridge'
        option name 'br-iot'
        list ports 'eth0.30'
        option stp '1'
        option ipv6 '0'

config device
        option type 'bridge'
        option name 'br-guest'
        list ports 'eth0.99'
        option ipv6 '0'
        option stp '1'

wireless

root@ap-pm-cucina:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0'
        option channel '64'
        option band '5g'
        option htmode 'VHT80'
        option cell_density '0'
        option txpower '23'
        option country 'IT'

config wifi-iface 'radio0_shakGuest'
        option device 'radio0'
        option mode 'ap'
        option ssid 'shakGuest'
        option encryption 'psk2+tkip+aes'
        option key 'ciao'
        option network 'Guest'
        option hidden '0'
        option disassoc_low_ack '0'
        option dtim_period '2'
        option isolate '1'
        option ieee80211r '1'
        option mobility_domain '53b6'
        option ft_over_ds '0'
        option time_zone 'CET-1CEST,M3.5.0,M10.5.0/3'

config wifi-iface 'radio0_shakWifi_5G'
        option device 'radio0'
        option mode 'ap'
        option ssid 'shakWifi_5G'
        option encryption 'psk2+tkip+aes'
        option key 'ciao'
        option network 'Main'
        option hidden '0'
        option disassoc_low_ack '0'
        option dtim_period '2'
        option isolate '0'
        option ieee80211r '1'
        option mobility_domain '4fb1'
        option ft_over_ds '0'
        option bss_transition '1'
        option ieee80211k '1'
        option time_zone 'CET-1CEST,M3.5.0,M10.5.0/3'
       
config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option channel '9'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'
        option txpower '20'
        option country 'IT'

config wifi-iface 'radio1_shakGuest'
        option device 'radio1'
        option mode 'ap'
        option ssid 'shakGuest'
        option encryption 'psk2+tkip+aes'
        option key 'ciao'
        option network 'Guest'
        option hidden '0'
        option disassoc_low_ack '0'
        option dtim_period '2'
        option isolate '1'
        option ieee80211r '1'
        option mobility_domain '1a80'
        option ft_over_ds '0'
        option time_zone 'CET-1CEST,M3.5.0,M10.5.0/3'

config wifi-iface 'radio1_shakIoT'
        option device 'radio1'
        option mode 'ap'
        option ssid 'shakIoT'
        option encryption 'psk2+tkip+aes'
        option key 'ciao'
        option network 'IoT'
        option hidden '0'
        option disassoc_low_ack '0'
        option dtim_period '2'
        option isolate '0'
        option ieee80211r '1'
        option mobility_domain '0693'
        option ft_over_ds '0'
        option bss_transition '1'
        option ieee80211k '1'
        option time_zone 'CET-1CEST,M3.5.0,M10.5.0/3'
    

config wifi-iface 'radio1_shakWifi'
        option device 'radio1'
        option mode 'ap'
        option ssid 'shakWifi'
        option encryption 'psk2+tkip+aes'
        option key 'ciao'
        option network 'Main'
        option hidden '0'
        option disassoc_low_ack '0'
        option dtim_period '2'
        option isolate '0'
        option ieee80211r '1'
        option mobility_domain '5e52'
        option ft_over_ds '0'
        option bss_transition '1'
        option ieee80211k '1'
        option time_zone 'CET-1CEST,M3.5.0,M10.5.0/3'

swconfig

root@ap-pm-cucina:~# swconfig list
Found: switch0 - mdio.0:1f
root@ap-pm-cucina:~# swconfig dev switch0 show
Global attributes:
        enable_vlan: 1
        ar8xxx_mib_poll_interval: 500
        ar8xxx_mib_type: 0
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        mirror_monitor_port: 0
        mirror_source_port: 0
        arl_table: address resolution table
Port 0: MAC 84:d8:1b:c9:7a:dd
Port 4: MAC 56:e2:b9:68:0a:0a
Port 4: MAC c8:54:4b:f7:4e:a3
Port 4: MAC 56:e2:b9:68:0a:0c
Port 4: MAC ac:15:a2:4c:f4:da
Port 4: MAC 40:ae:30:c1:d9:ac
Port 4: MAC 9c:a2:f4:fd:be:4c
Port 4: MAC 00:13:b0:05:6c:4b
Port 4: MAC c8:54:4b:f7:4e:98
Port 4: MAC 40:ae:30:c1:d9:da
Port 4: MAC 00:19:66:3b:f6:6a
Port 4: MAC 50:c7:bf:2d:06:bc
Port 4: MAC 98:0d:67:fe:9a:52

Port 0:
        mib: MIB counters
RxGoodByte  : 206229469989 (192.0 GiB)
TxByte      : 58355588846 (54.3 GiB)

        pvid: 0
        link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
Port 1:
        mib: No MIB data
        pvid: 0
        link: port:1 link:down
Port 2:
        mib: No MIB data
        pvid: 0
        link: port:2 link:down
Port 3:
        mib: MIB counters
RxGoodByte  : 16779161968731 (15626.8 GiB)
TxByte      : 18798247562013 (17507.2 GiB)

        pvid: 0
        link: port:3 link:up speed:100baseT full-duplex auto
Port 4:
        mib: MIB counters
RxGoodByte  : 19638933535398 (18290.1 GiB)
TxByte      : 16970354114500 (15804.8 GiB)

        pvid: 0
        link: port:4 link:up speed:100baseT full-duplex auto
VLAN 10:
        vid: 10
        ports: 0t 4t

last but not least the list of packages with which i generated the image via firmwareselector

-ppp -ppp-mod-pppoe -ip6tables -odhcp6c -kmod-ipv6 -kmod-ip6tables -odhcpd-ipv6only -odhcpd -iptables -luci-proto-ppp -luci-light -firewall4 -kmod-nft-offload -kmod-nft-core -kmod-nft-fib -kmod-nft-nat -libnftnl11 -nftables-json libustream-mbedtls base-files busybox ca-bundle dropbear fstools kmod-gpio-button-hotplug kmod-leds-gpio libc libgcc logd mtd netifd opkg procd procd-seccomp procd-ujail swconfig uci uclient-fetch urandom-seed urngd wpad-mbedtls luci-mod-rpc rpcd-mod-file uhttpd-mod-ubus lm-sensors shadow-useradd shadow-usermod shadow-groupadd sudo luci-app-opkg dawn luci-base luci-app-opkg luci-lib-base luci-lib-ip luci-lib-json luci-lib-jsonc luci-lib-nixio luci-lua-runtime luci-mod-admin-full luci-mod-network luci-mod-rpc luci-mod-status luci-mod-system luci-theme-bootstrap kmod-ath9k kmod-ath10k-ct-smallbuffers ath10k-firmware-qca9888-ct uboot-envtools coreutils-sha1sum coreutils-md5sum coreutils-base64 dawn luci-app-dawn
2

I would try to disable the STP on the interfaces and also check in the logs if there is anything providing clues dmesg and logread
Does the wifi work fine on first boot? Did you test it? If not, can you take a backup, restore to defaults, and test with just one wifi on the main lan bridge?

3

There's a lot of rather unusual stuff happening here... For example:

Are there specific reasons you have enabled/disabled all these options?

I'd recommend resetting to defaults and then only changing the minimum necessary to start... if you actually need to change these other things, you can do that after you get the device working properly.

So... my recommendation... reset to defaults and then post the default config here, and we'll go from there.

Also useful would be the port-VLAN membership, most critically the uplink. Please confirm that what I see here is correct:

  • VLAN 10 (management) tagged on logical port 4
  • VLAN 20 (main) tagged on on logical port 4, logical ports 1-3 unatagged
  • VLAN 30 (iot) tagged on logical port 4
  • VLAN 99 (guest) tagged on logical port 4
4

I've already tried to disable the stp but no success.
the wifi is working correctly as you can see from the logs.

Tue Feb  4 18:23:54 2025 daemon.notice hostapd: phy0-ap0: AP-STA-DISCONNECTED 3c:61:05:3e:26:70
Tue Feb  4 18:23:54 2025 daemon.info hostapd: phy0-ap0: STA 3c:61:05:3e:26:70 IEEE 802.11: disassociated
Tue Feb  4 18:23:54 2025 daemon.info hostapd: phy0-ap0: STA 3c:61:05:3e:26:70 IEEE 802.11: authenticated
Tue Feb  4 18:23:54 2025 daemon.info hostapd: phy0-ap0: STA 3c:61:05:3e:26:70 IEEE 802.11: associated (aid 1)
Tue Feb  4 18:23:54 2025 daemon.notice hostapd: phy0-ap0: AP-STA-CONNECTED 3c:61:05:3e:26:70 auth_alg=open
Tue Feb  4 18:23:54 2025 daemon.info hostapd: phy0-ap0: STA 3c:61:05:3e:26:70 RADIUS: starting accounting session 82D7F366511450E7
Tue Feb  4 18:23:54 2025 daemon.info hostapd: phy0-ap0: STA 3c:61:05:3e:26:70 WPA: pairwise key handshake completed (RSN)
Tue Feb  4 18:23:54 2025 daemon.notice hostapd: phy0-ap0: EAPOL-4WAY-HS-COMPLETED 3c:61:05:3e:26:70

The station (an iot device in this specific scenario that connects at the shakIoT wifi - vlan 30) but does not get the dhcp address.

If i wire a device on the switch it's working.

5

well, i simply confirmed the default options explicitly. Apart from ipv6 that i do not have in my network.

well, i'll try to start from scratch again, even if i've already tried it.

what you see on the vlan switch is correct.
Uplink port is logical port 4 (physical port nr. 1) with all vlan tagged.
Port 1-3 untagged 20
Cpu all tagged
the image should confirm this

image
image998×780 30.3 KB

do not understand if it's a problem of the device (all the same models have the same issue, the archer c6 does not suffer of this issue) or if it's a missing packet

6

Let's just start from scratch.... I'm pretty sure we can get this working from a clean slate.

7

@psherman and @trendy
Well, what can i say except thank you very much!!
You were right, as always!!!!
I forgot the KISS principle.

It was the stp option that was causing problem on the unmanaged interface.
If i can ask: where and when should i enable the stp option?
only on the managed central switch? ore is it unesuful?

8

STP should typically only be used in situations where there is a reasonable chance of a physical network loop. Keep in mind that not all switch chips properly implement STP, too, and in those cases enabling STP may specifically break things.

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile:

1 Like
9

Most if not all of the QCA 100 Mb switches within the SoC require special configuration to properly handle VLAN tag numbers higher than 16.

Archer C60 is such an example. Archer C6 has a separate Gb switch chip which can handle 4096 VLANs.

1 Like
10

Do you have any suggestion about special config for this soc to handle these vlans?

i'm searching over the forum and internet, but at the moment the only choice for me is to change all 3 devices. It's a pity, because they should handle only 3-4 device for ap.

11

These switches have a 16 entry hardware table that defines the vlans. You can see this with swconfig help dev switch0; near the top it will say VLANs 16.

To configure use this syntax:

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '0t 4t 3 2 1'
        option vid '20'

vlan is a number between 1 and 15 which is the position in the table. It must be unique among all the switch_vlans, meaning that the hardware is limited to 15 or 16 vlans passing through it. I don't know which of the edge numbers 0 and 16 is valid.
vid is the number that will be detected or inserted into packets on the cable. It can be any number allowed by 802.3Q.
Luci should do this automatically as you build a vlan table with the Switch page. If you configure with CLI you must do it manually.
Another workaround if you control both ends of the network is to only use VLAN numbers between 1 and 15. If vid is not present, the same number from the vlan option will be used for tags.

1 Like
12

@mk24 thank you very much for your explanation.
It worked great.
I have searched a lot on the internet but this is not documented anywhere and without your suggestion I would have been struggling with this problem forever.
I've learned something new.
Thank you very much.

13

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.