Since I upgraded my openwrt install to the latest version, I m unable to get vlans working.
My setup, on the 4 port switch that my tp link router has was the following
vlan
cpu
p1
p2
p3
p4
1
T
U
off
off
U
2
off
T
U
off
off
3
off
T
off
U
off
But I can't replicate it "DSA" style...
I have made the vlan inderfaces with doing "ethX.vlan" under Network-> interfaces, but now I'm at a point that even if I plug the cable in the port, I get no link! ( yes... The cable works). Plus I don't know how to bring the traffic from ports 2,3 to the trunk 1
The old way of doing it was such more clear to me, that much intuitive for how to do it...
I have read all the blog posts and wikis about it but I still cannot get it to work like before...
If you post your config, we can advise on how to achieve this. If it's in bad shape, we may find it easiest to reset the device to defaults and start fresh.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
We'll just focus on the network config (and not worry about wifi, dhcp, or firewall), as that should be (mostly) the same as before.
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd8c:8fca:494c::/48'
config atm-bridge 'atm'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
option vci '35'
option vpi '8'
config dsl 'dsl'
option annex 'a'
option tone 'av'
option ds_snr_offset '0'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.2.1'
config device
option name 'dsl0'
option macaddr 'redacted'
config interface 'wan'
option device 'dsl0'
option proto 'pppoe'
option ipv6 '1'
option username 'Username'
option password 'password'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config device
option type 'bridge'
option name 'Port2'
option bridge_empty '1'
list ports 'lan2'
list ports 'lan1.2'
config device
option type 'bridge'
option name 'Port3'
list ports 'lan3'
list ports 'lan1.3'
this is the cfg i have been able to put togeher using the web Interface after the upgrade to DSA (since my old cfg was deleted with the openwrt upgrade ... the router was "rtfded" )
(and not worry about wifi, dhcp, or firewall), as that should be (mostly) the same as before.
well these worked like first try , so idguess they are OK
Ok.... so a quick question here before I make any suggestions:
What I see in the VLAN table in the first entry suggests that VLANs 2 and 3 did not originate on this router, but rather somewhere else. Is this router serving as a dumb AP and switch? It looks like port 1 is the uplink trunk, and ports 2-4 are setup on a 1-port-per-network scenario?
EDIT: I'm going to assume that my understanding is correct and suggest the DSA method of achieving that. If I've misunderstood, we'll correct in future posts.
start by deleting these:
Then we'll restore br-lan to have all 4 ports... it'll look like this:
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
Now we can create bridge-vlan stanzas:
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan4:u*'
config bridge-vlan
option device 'br-lan'
option vlan '2'
list ports 'lan1:t'
list ports 'lan2:u*'
config bridge-vlan
option device 'br-lan'
option vlan '3'
list ports 'lan1:t'
list ports 'lan3:u*'
Next, we'll edit the lan interface to use br-lan.1 like this:
Finally, restart and you should have the above configuration.
Note that VLANs 2 and 3 don't have any connection to this router -- they're simply passing through from port 1 where they're tagged > ports 2 and 3 respectively. They also won't connect with a wireless radio on this device yet, so if that is a goal, we'll need to add some unmanaged network stanzas.
on port 1 there is connected a Debian Box , That connects to the openwrt network & recives internet via port's 1 native Vlan 1 ,Ports 2 & 3 are connected with the "managment" ports of 2 devices , (untagged trafic) that i "grab" on to the TPlink's swich , and "inject " the vlans on port 1 ...our trunk
So within debian (with the help of nmtui i create 3 interfaces 1 for the native and 2 for the Vlans )
on the debian macine run some scripts that using the managment port monitor our main network (smt completly seperete) and should a problem occurs it uses the openwrt internet connection to inform the IT person (me ) that there is work to do ....
here comes the part that conserns me or i simply do not understand with the config you provided .
P2 & 3 MUST have nothing to do with the openwrt network they are smt sepere and they only connect to the TPlink to use it as a smart swich and help me inject it into the trunk so i can conenct it to the Debian box.
said that ,
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
why do you put them on the br-lan bridge ? P2 and P3 do not belong here (i thought i made it clear by not tagging them to the CPU)
Note that VLANs 2 and 3 don't have any connection to this router -- they're simply passing through from port 1 where they're tagged > ports 2 and 3 respectively. They also won't connect with a wireless radio on this device yet, so if that is a goal, we'll need to add some unmanaged network stanzas.
THATS correct they are just a passthrough
ps
Sorry if my Vlan terminology is off ... im still trying to learn all this, i almost "had" it with the old swich setup and the DSA threw me off for good .
Yes, that is consistent with how I have recommended the configuration.
The reason all ports must be in the bridge is simple...
A physical port can only be assigned once (i.e. to a single interface or a single bridge)
Port 1, in this case, needs to be bridged (on a per-vlan basis) to each of the other 3 ports. This means we need:
port 1 (vlan1 untagged) <-> port 4 (vlan1 untagged)
port 1 (vlan2 tagged) <-> port 2 (vlan2 untagged)
port 1 (vlan3 tagged) <-> port 3 (vlan3 untagged)
The only way to achieve this is to put all 4 ports into a single bridge.
Then, the bridge-VLANs build on top of the main bridge to provide specific VLAN port memberships (and tagging status).
So above, we see that ports 1 and 4 are members of vlan1 (untagged+PVID), and the other two ports are excluded.
Likewise...
ports 1 and 3 are members of vlan3 (tagged and untagged+pvid on the respective ports), while the other two ports are excluded from this vlan. Same deal with VLAN2.
Although it would seem that you could use multiple bridges for the same result, DSA parsing presently requires all physical ports on the switch to be in the same bridge, then bridge-vlans within that one bridge. The bridge-vlans prevent any traffic between ports that are in different vlans. So you will achieve the desired result that two of the ports are hardware switched only with no interaction with the kernel.
this was PnP everything went 'live" as it was before DSA ,
one litle thing (that i will troubleshoot tomorow since its almost 2AM here)
the Device from P3 & P2 was able to comnunicate to the debian macine on P1 but i noticed that while previusly i was able to ssh to it with connecting to either p4 or The TPlink's wifi now i cannot even ping it
i will surly look into debian's firewall cfg tomorow but i cant see how this could be affected since the only change that was done to this system was on the routers /config/network
anyway , thanks again @psherman and i will return when i finish troubleshooting
the Device from P3 & P2 was able to comnunicate to the debian macine on P1 but i noticed that while previusly i was able to ssh to it with connecting to either p4 or The TPlink's wifi now i cannot even ping it
it just worked . Somehow got fixed (thats the worst kind of "fixed" since you dont know what fixed it in case it happens again)
@psherman thank you again for the help ,i set the topic as solved .
) that there is work to do ....