Hardware not limited in terms of VLAN numbers

Hi,

Most openwrt routers I tested were limited to 15 Vlans. Do you have example hardware where there is not this limitation, or a a much larger one?

Thank's in advance!

For the sake of experimenting, I added some VLANs to my Archer C7 V2 via LuCI, up to VLAN ID 25 (that would be 24 VLANs excluding the WAN side). I only created them and tagged the CPU port and it seems to accept it. I didn't try to enable any LAN ports or networks for these VLANs though.

If I may ask, why would you want more than 15 VLANs?

1 Like

Thank's for answering.
Because I have an application were I need up to 100 vlans, for very specific purposes (Too long to explain here).

According to https://openwrt.org/docs/guide-user/network/vlan/switch_configuration

OpenWrt supports IEEE 802.1Q and IEEE 802.1ad VLAN standards.

However,

some switches only support 4-bit VLANs.

So it appears that it's only "some" routers that don't support more than 16 VLANs (well, 15 + WAN), and the rest should easily cover your needs, as the software supports IEEE 802.1Q and IEEE 802.1ad.

Even if, hypothetically, some more switches have another limitation, I would expect that to be 8-bit, so if a switch support more than 16 VLANs, it's likely to support at least 256 VLNAs.

As mentioned, I could create 25 VLANs on Archer C7 V2 (haven't tried to use them though), so you could consider it a candidate for testing, and it's an affordable router.

Ok so you were limited to 25 or you added 25 but did not reach any limitations?
I should have an Archer C7 somewhere I will test.
Thanks!

I wasn't limited. I just stopped at 25. I was creating them from LuCI one by one, so I couldn't go forever.

As mentioned, I just created them, tagged CPU port for all of them and hit Save and Apply. I didn't utilize them, but at least it didn't mind creating them, so that's a good start.

I think most of the gigabit switch chips can handle 128 vlans.

My experience with one limited to 16, it silently failed to work.

2 Likes

Many of the chips handle all 4095. The driver often limits the number that can be configured. I have not examined if that table size could be easily expanded.

2 Likes

The table is in the chip hardware, so it can't be expanded. There may be some chips with a full 4096 entry table. The others can only have so many VLANs active at a time. Unlike Cisco equipment's "trunk" mode, which by default passes through all 4095 VLANs except the ones you tell it not to, these switches require separately defining each VLAN that should pass and all others will be blocked.

The table has 128 entries but the tag number on the packets can be configured to any one of 4095. Using a VLAN tag that is different than the table index number is not supported by LuCI, it requires manually editing the config file by adding 'vid' options. Best practice when designing your own network is to start at VLAN 1 and go up by one at a time, so the tag number can stay the same as the table index. If you have to interact with an existing network then you may have to add vid's as described.

The swconfig show command reads back the live configuration that is actually loaded into the switch, so is recommended for troubleshooting when VLANs are not working as expected.

2 Likes

I think most of the gigabit switch chips can handle 128 vlans.

Zbt wg3526 is gigabyte, and handles only 16. I ordered Archer C7 V5 to see if it works.

From the QCA8337N data sheet (long form)

The QCA8337N switch supports many VLAN options, including IEEE 802.1q and port-based VLANs. The QCA8337N supports 4096 IEEE 802.1q VLAN groups and 4K VLAN table entries. The QCA8337N device checks VLAN port membership from the translation VID.

The QCA8337N supports a maximum of 4096 entries in the VLAN table. The device supports 4096 VLAN ID, ranging from 0 to 4095.

From the AR8327 data sheet

The AR8327 supports a maximum of 4096 entries in the VLAN table. The device supports 4096 VLAN ID range from 0 to 4095.

An Archer C7 v2 (v5 is very different) shows

[    0.860850] switch0: Atheros AR8327 rev. 4 switch registered on mdio-bus.0
[    1.845240] ag71xx 19000000.eth: connected to PHY at mdio-bus.0:00 [uid=004dd034, driver=Atheros AR8216/AR8236/AR8316]
jeff@garage:~$ swconfig dev switch0 help
switch0: mdio-bus.0(Atheros AR8327), ports: 7 (cpu @ 0), vlans: 128

From target/linux/generic/files/drivers/net/phy/ar8216.h

/* size of the vlan table */
#define AR8X16_MAX_VLANS        128
#define AR8X16_PROBE_RETRIES    10
#define AR8X16_MAX_PORTS        8
1 Like

Interesting. swconfig help on an ArcherC7 v4 reports an AR8337 switch but 128 VLAN capability:
switch0: ag71xx-mdio.0(Atheros AR8337), ports: 7 (cpu@0), vlans: 128
This is running a snapshot that is about a year old. I will check on another one that has a later build.

Based on @jeff's post, it seems like the linux header is setting the 128 entry limit, rather than the switch chip itself.

Does DSA affect any of this?

Dynamic Switch Architecture, my current nemesis!

DSA implementation for OpenWrt is still in development, from what I know, at least for the ipq40xx devices. There are some VLAN-related functions that haven't been implemented yet, so I think the best answer is "we'll have to see".

I tested ArcherC7 V2, I can go up to 127 Vlans, which is good!

2 Likes

As you configure it, the VLAN ID defaults to the "table entry number". I explicitly define vid in all my configs. I don't recall if I confirmed that the PVID tracked the vid, or if it needed to be set to the table entry number that is defined for the desired vid.