Enabling tagged VLAN over a LAN port

Installing and Using OpenWrt
1

Hi,

my OpenWrt is working perfectly. :slight_smile: This is the setup:

  • OpenWrt on Netgear XR500, 4x LAN-Ports (eth1), 1x WAN (eth0)
  • I use: Wifi -> LAN1 -> external managed switch -> DHCP/DNS/internet
  • I don't use WAN, and openwrt's DHCP server is disabled
  • I use Luci only (could switch one day to ssh/config editing)

VLAN is on, all defaults:

  • VLAN1: CPU (wan) off, CPU (lan) tagged, LAN1-4 untagged, WAN off
  • VLAN2: CPU (wan) tagged, CPU (lan) off, LAN1-4 off, WAN untagged

What I try to achieve:

I would like to configure LAN2 to not send/receive untagged, but TAGGED frames from/to the external managed switch. This shall be the only plugged LAN cable then. (I would like to keep LAN1 untagged as-is, but only for temporary openwrt management purposes.)

So I changed openwrt's vlan setup:

  • VLAN1 (changed): ... LAN2: off ...
  • VLAN20 (new): CPU (wan) off, CPU (lan) tagged, LAN1/3/4 off, LAN2 tagged, WAN off

The managed external switch config is:

  • Allow any kind of incoming frame (with/without VLAN tag)
  • On the LAN port towards openwrt's LAN2: Include traffic tagged VLAN 20
  • PVID: 10 (probably not relevant)
  • Not tagging untagged incoming frames

Then I pull LAN1 and plug LAN2 to the external managed switch. Then I start wifi clients.

Problem:

Wifi clients get connected to wifi but do not seem to pass the external managed switch. They do not reach DHCP/DNS/internet behind the external switch.

As a test:

When I configure the external managed switch to forcefully tag the frames with VLAN 20, then it works.

Question:

I assume, my openwrt setup does not really send out VLAN 20 tagged frames. What may I missing?

FYI: I saw the new VLAN20 be added automatically in openwrt to the "LAN"'s bridge configuration as eth1.20.

2

It's a bit difficult to follow the changes just from your explanation, I think you should post your network config file, and some screenshots from the switch config page.

3

I agree that this description is hard to follow.... let's have a look at the configuration:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like
4

I am sorry I expressed myself unclearly. Anyway, the issue is solved.

My question was simply: How can I make openwrt send out tagged frames over a LAN port instead of sending out untagged frames.

Openwrt is indeed working correctly, and sends out tagged frames when a LAN port x is configured to, well, "tagged". That's all.

FYI: The reason why my setup did not work was a misconfiguration of the managed Netgear switch behind openwrt. Netgear managed switches present their VLAN configuration options a bit redundant and thus misleading sometimes. For anyone having Netgear managed switches: For a given port on the switch you need to list all VLAN IDs to be allowed in "vlan members" as well as in "vlan tag", no matter whether "admit all frames" is enabled or not.

5

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.