Help need about bridges and vlan

Hello everyone.
I'm setting up a 21.02 x86 VM on a rhel host, pass whole mellanox nic port as wan and one intel vf device as lan.
The problem is i can't get the ip with dhcp from isp's private network with tagged vlan. I can only get the ip on wan's tagged interface, no luck with lan side.
I have tried with create the bridge using luci 's device tab under interface page. The bridge i tried is wan+lan with VLAN filtering enabled, direct bridge tagged wan+lan.
Could anyone help? Or just where to start?

hi,
could you please elaborate your setup?
openwrt VM WAN port is bind to which device and where that device is connected to?
openwrt VM LAN port is bind to which device and where that device is connected to?

have you checked that which external device is mapped to which owrt internal device? i.e. are you sure your owrt network config is actually properly mapped to your hard or virtualized device? can you paste /etc/config/network and output of command ip link?

sorry for the mac mask and the tag num as example


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'prefix'

config device
	option type '8021q'
	option ifname 'eth1'
	option vid '11'
	option name 'eth1.11'

config interface 'WAN'
	option proto 'pppoe'
	option device 'eth1.11'
	option username 'user'
	option password 'pass'
	option ipv6 'auto'

config device
	option type '8021q'
	option ifname 'eth0'
	option vid '64'
	option name 'eth0.64'

config interface 'LAN'
	option proto 'static'
	option device 'eth0.64'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '64'
	list ip6class 'WAN_6'

config device
	option type 'bridge'
	option name 'br-test'
	option ipv6 '0'
	option promisc '1'
	list ports 'eth0.2'
	list ports 'eth1.2'

config device
	option type '8021q'
	option ifname 'eth0'
	option vid '2'
	option name 'eth0.2'

config device
	option type '8021q'
	option ifname 'eth1'
	option vid '2'
	option name 'eth1.2'

config interface 'test'
	option device 'br-test'
	option proto 'static'
	option ipaddr '10.55.0.54'
	option netmask '32'
	option defaultroute '0'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    link/ether 52:54:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether b8:59:yy:yy:yy:yy brd ff:ff:ff:ff:ff:ff
57: eth0.64@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 52:54:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
59: eth1.11@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether b8:59:yy:yy:yy:yy brd ff:ff:ff:ff:ff:ff
60: pppoe-WAN: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN qlen 3
    link/ppp 
61: br-test: <BROADCAST,MULTICAST,UP,LOWER_UP100> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 52:54:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
62: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-tel-cm state UP qlen 1000
    link/ether 52:54:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
63: eth1.2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-tel-cm state UP qlen 1000
    link/ether b8:59:yy:yy:yy:yy brd ff:ff:ff:ff:ff:ff

WAN is eth1, use tag 11 for internet, and tag 2 for the service i want to passthrough directly to my lan network. LAN is eth0 with 64. The internet access hasn't problem, just the tagged vlan from isp can't passthrough bridge.

did you add these devices types by hand?

as i know - can be wrong - it is not required, simply using vlan notation is enough. something like below would work without explicit 8021q type devices:

config interface 'WAN'
option proto 'pppoe'
option device 'eth1.11'
[..]

config interface 'LAN'
option proto 'static'
option device 'eth0.64'
[..]

config device
option type 'bridge'
option name 'br-test'
list ports 'eth0.2'
list ports 'eth1.2'

config interface 'test'
option proto 'static'
option device 'br-test'
[..]

whether you receive vlan2 tagging from your host/isp is another question though. tcpdump on eth1 with option -e should reveal what vlan tags you receive actually.

the 8021q type devices are created by luci after edited something and apply, maybe i have remeber wrong. it wont hurts, so i leave it.
the vlan is the main problem: eth1 as the wan get ip with vlan 2 form isp correctly, but not eth0/lan. as i connect isp's cable directly to my switch, lan user with acess port also get tagged vlan 2. it looks like just bridge wan and lan(br-test here) in openwrt, the packet with tagged vlan are dropped.

hm, i don't agree with your conclusion: your wan is eth1.11 not eth1.2. you say "get ip with vlan2 from isp" but you don't have any interface with dhcp on eth1.2, your interface test has static proto?

if understand correctly this is your setup:

isp - vlan 64 - eth1.64 - wan (pppoe)  (-> creates pppoe-wan)
isp - vlan 2 - eth1.2  +
                       + -- bridge with static ip
?   - vlan 2 - eth0.2  +
?   - vlan 64 - eth0.64 - lan static ip

so i don't see where would any device get an ip address in vlan2. how do you separate tagged traffic on eth0 client side?

sorry for confusing. the config i posted is the last edited(so no interface on eth1.2, tagged eth0/1 bridge and etc). what i want:

for internet usage:
isp - vlan 11 - eth1.11 - wan (pppoe)  (-> creates pppoe-wan)
      vlan 64 - eth0.64 - lan static ip - to users

isp's service inside its private network use dhcp:
isp - vlan 2 - eth1.2  +
                       + -- bridge 
                       + vlan 2 - eth0.2  -- to lan

p.s.
bridge's static ip is i've seen somewahere use static ip instead unmanaged can solve the problem.

ok,i'm confused. tcpdump on br-test with this config

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'prefix'

config device
	option type '8021q'
	option ifname 'eth1'
	option vid '11'
	option name 'eth1.11'

config interface 'WAN_CM'
	option proto 'pppoe'
	option device 'eth1.11'
	option username 'user'
	option password 'pass'
	option ipv6 'auto'

config device
	option type '8021q'
	option ifname 'eth0'
	option vid '64'
	option name 'eth0.64'

config interface 'LAN'
	option proto 'static'
	option device 'eth0.64'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '64'
	list ip6class 'WAN_6'

config device
	option type 'bridge'
	option name 'br-test'
	option ipv6 '0'
	option promisc '1'
	list ports 'eth0.2'
	list ports 'eth1.2'

config device
	option type '8021q'
	option ifname 'eth0'
	option vid '2'
	option name 'eth0.2'

config device
	option type '8021q'
	option ifname 'eth1'
	option vid '2'
	option name 'eth1.2'

config interface 'test_bridge'
	option proto 'none'
	option defaultroute '0'
	option peerdns '0'
	option device 'br-tel-cm.2'

config interface 'test_lanside'
	option proto 'dhcp'
	option device 'eth0.2'
	option force_link '1'

config device
	option name 'eth1'

config device
	option name 'eth0'

config device
	option type '8021q'
	option ifname 'br-test'
	option vid '2'
	option name 'br-test.2'
	option multicast '0'

i get arp request from isp's dhcp server, but nothing from eth0.2?
Request who-has a.a.a.a (bb:bb:bb:bb:bb:bb (oui Unknown)) tell c.c.c.c, length 46

tcpdump on eth0.2 gets
IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from dd:dd:dd:dd:dd:dd (oui Unknown), length 300
and
Request who-has a.a.a.a (bb:bb:bb:bb:bb:bb (oui Unknown)) tell c.c.c.c, length 46

and also all two device shows
0 packets dropped by kernel

whats wrong?

Does it really work that way though, including VLAN tagging? You likely have to make the hypervisor aware of the VLAN tagging, perhaps by setting set up a bridge with the physical host port tagged then bridged to an untagged (or tagged, if you want to make it unnecessarily complicated) virtual port which is the link into OpenWrt.

i dont think thats the problem, as now i can use pppoe with vlan 11/ recieve vlan 2 arp request from isp's dhcp server.
this post above shows it looks like lan side wont trans packet to bridge.

Sorry, you guys are right, its driver's problem. but not tagging, just mac. default setting host driver drops dmac none match, disable checking then everything goes.

wait,maybe something went wrong, i need more check...

Finally I figured it out, its intel's driver/hw problem. no promisc in vf, even turned trust mode on in host and promisc in guest. changed to mellanox, eveything works.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.