Help with VLAN config

kvoit · June 5, 2023, 3:06pm

My parents are getting a fiber connection in Germany. Last time I visited them, I thought I prepared everything sufficiently with pictures which cables to replug, but unfortunately, I just learned that the OpenWRT router needs to be reconfigured to PPPoE AND VLAN tag 7 needs to be set.

Currently, the WAN interface just gets an IP assigned via DHCP, untagged.

My parents are around 80 and "computer knowledge resistant". I probably would have been able with a lot of tears to guide them through the process of changing over the WAN interface, but whole new interfaces are pretty much out of question.

I wonder if it is possible to just add the tagged interface now remotely, and then just guide them via phone to change to PPPoE and set the already existing VLAN device as new device for WAN.

The thing is, I absolutely cannot break anything and lose access. Driving there is a 500km roundtrip, for which I will not have time for at least 2 weeks. It would mean 2 seniors without even a phone in that time. Same for when the access switches to fiber, though, so at some point I have to do something ...

So, is this correct?:

config device                                                                                                                                                                                                                               
        option name 'wan'                                                                                                                                                                                                                   
        option macaddr '...'                                                                                                                                                                                                  
                                                                                                                                                                                                                                            
config interface 'wan'                                                                                                                                                                                                                      
        option device 'wan'                                                                                                                                                                                                                 
        option proto 'dhcp' 

config interface 'wan_vlan7'                                                                                                                                                                                                                      
        option device 'wan.7'                                                                                                                                                                                                                 
        option proto 'dhcp'

and would not break the current connection?

Would they then be able to change the protocol to PPPoE and the interface to wan_vlan7, once the internet is switched over?
Is there anything else I need to remember?

The network also uses VLANs, but not 7. Here is the full config:

config interface 'loopback'                                                                                                                                                                                                                 
        option device 'lo'                                                                                                                                                                                                                  
        option proto 'static'                                                                                                                                                                                                               
        option ipaddr '127.0.0.1'                                                                                                                                                                                                           
        option netmask '255.0.0.0'                                                                                                                                                                                                          
                                                                                                                                                                                                                                            
config globals 'globals'                                                                                                                                                                                                                    
        option ula_prefix '...::/48'                                                                                                                                                                                             
                                                                                                                                                                                                                                            
config device                                                                                                                                                                                                                               
        option name 'wan'                                                                                                                                                                                                                   
        option macaddr '...'                                                                                                                                                                                                  
                                                                                                                                                                                                                                            
config interface 'wan'                                                                                                                                                                                                                      
        option device 'wan'                                                                                                                                                                                                                 
        option proto 'dhcp'                                                                                                                                                                                                                 
                                                                                                                                                                                                                                            
config interface 'wan6'                                                                                                                                                                                                                     
        option device 'wan'                                                                                                                                                                                                                 
        option proto 'dhcpv6'                                                                                                                                                                                                               
                                                                                                                                                                                                                                            
config device                                                                                                                                                                                                                               
        option name 'br-lan'                                                                                                                                                                                                                
        option type 'bridge'                                                                                                                                                                                                                
        list ports 'lan1'                                                                                                                                                                                                                   
        list ports 'lan2'                                                                                                                                                                                                                   
        list ports 'lan3'                                                                                                                                                                                                                   
                                                                                                                                                                                                                                            
config bridge-vlan                                                                                                                                                                                                                          
        option device 'br-lan'                                                                                                                                                                                                              
        option vlan '1'                                                                                                                                                                                                                     
        list ports 'lan1'                                                                                                                                                                                                                   
        list ports 'lan2'                                                                                                                                                                                                                   
                                                                                                                                                                                                                                            
config bridge-vlan                                                                                                                                                                                                                          
        option device 'br-lan'                                                                                                                                                                                                              
        list ports 'lan3'                                                                                                                                                                                                                   
        option vlan '3'                                                                                                                                                                                                                     
                                                                                                                                                                                                                                            
config bridge-vlan                                                                                                                                                                                                                          
        option device 'br-lan'                                                                                                                                                                                                              
        list ports 'lan1:t'                                                                                                                                                                                                                 
        list ports 'lan2:t'                                                                                                                                                                                                                 
        option vlan '4'                                                                                                                                                                                                                     
                                                                                                                                                                                                                                            
config bridge-vlan                                                                                                                                                                                                                          
        option device 'br-lan'                                                                                                                                                                                                              
        option vlan '5'                                                                                                                                                                                                                     
        list ports 'lan1:t'                                                                                                                                                                                                                 
        list ports 'lan2:t'                                                                                                                                                                                                                 
                                                                                                                                                                                                                                            
config bridge-vlan                                                                                                                                                                                                                          
        option device 'br-lan'                                                                                                                                                                                                              
        option vlan '6'

config interface 'VLAN1'                                                                                                                                                                                                                    
        option type 'bridge'                                                                                                                                                                                                                
        option device 'br-vlan1'                                                                                                                                                                                                            
        option proto 'static'                                                                                                                                                                                                               
        option netmask '255.255.240.0'                                                                                                                                                                                                      
        option ipaddr '10.165.16.1'                                                                                                                                                                                                         
        option ip6assign '64'                                                                                                                                                                                                               
                                                                                                                                                                                                                                            
config device                                                                                                                                                                                                                               
        option type 'bridge'                                                                                                                                                                                                                
        option name 'br-vlan1'                                                                                                                                                                                                              
        list ports 'br-lan.1'                                                                                                                                                                                                               
                                                                                                                                                                                                                                            
config interface 'VLAN3'                                                                                                                                                                                                                    
        option type 'bridge'                                                                                                                                                                                                                
        option device 'br-vlan3'                                                                                                                                                                                                            
        option proto 'static'                                                                                                                                                                                                               
        option netmask '255.255.240.0'                                                                                                                                                                                                      
        option ipaddr '10.165.32.1'                                                                                                                                                                                                         
        option ip6assign '64'                                                                                                                                                                                                               
                                                                                                                                                                                                                                            
config device                                                                                                                                                                                                                               
        option type 'bridge'                                                                                                                                                                                                                
        option name 'br-vlan3'                                                                                                                                                                                                              
        list ports 'br-lan.3'                                                                                                                                                                                                               
                                                                                                                                                                                                                                            
config interface 'VLAN4'                                                                                                                                                                                                                    
        option type 'bridge'                                                                                                                                                                                                                
        option device 'br-vlan4'                                                                                                                                                                                                            
        option proto 'static'                                                                                                                                                                                                               
        option netmask '255.255.255.0'                                                                                                                                                                                                      
        option ipaddr '10.165.240.1'                                                                                                                                                                                                        
                                                                                                                                                                                                                                            
config device                                                                                                                                                                                                                               
        option type 'bridge'                                                                                                                                                                                                                
        option name 'br-vlan4'                                                                                                                                                                                                              
        list ports 'br-lan.4'                                                                                                                                                                                                               
                                                                                                                                                                                                                                            
config interface 'VLAN5'                                                                                                                                                                                                                    
        option type 'bridge'                                                                                                                                                                                                                
        option device 'br-vlan5'                                                                                                                                                                                                            
        option proto 'static'                                                                                                                                                                                                               
        option netmask '255.255.240.0'                                                                                                                                                                                                      
        option ipaddr '10.165.64.1'                                                                                                                                                                                                         
                                                                                                                                                                                                                                            
config device                                                                                                                                                                                                                               
        option type 'bridge'                                                                                                                                                                                                                
        option name 'br-vlan5'                                                                                                                                                                                                              
        list ports 'br-lan.5'

_bernd · June 5, 2023, 3:32pm

From your /etc/config/network I/we can assume you have a device with DSA, but I fail to get what's the physical port used for WAN...

You have 2 options. Use a single vlan-aware-bridge and having all your vlans (lan, and wan) on that single bridge.
Or configure/setup one bridge for the lan vlans, and another device and interface for wan.

You can use this as a reference, using a single vlan-aware-bridge call switch.

But I would not recommend to do this stunt on a remote connection. Wait for your next visit and do it onsite...

config bridge-vlan
    option  device          'switch'
    option  vlan            '7'
    list    ports           'lan8:t'

config interface            'wan'
    option  device          'switch.7'
    option  proto           'pppoe'
    option  username        '.....@t-online.de'
    option  password        '...'
    option  ipv6            'auto'

config interface            'wan6'
    option  device          'switch.7'
    option  proto           'dhcpv6'
    option  reqaddress      'try'
    option  reqprefix       '56'

kvoit · June 5, 2023, 4:18pm

Well, what I tried to say is: They either lose connection because I blow it, or because their provider changes. So I HAVE to do something ... I would do the one try I have as close as possible to the switch date.

That's why I hoped that there is a minimally invasive way where I just a VLAN 7 interface to the WAN lan and guide them through the GUI for the rest on the phone.

It is indeed a DSA device, the Xiaomi Redmi Router AX6S. It is my first and only DSA device, and I am all but firm with that.

kvoit · June 5, 2023, 4:22pm

but I fail to get what's the physical port used for WAN...

Does this help?

~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc fq_codel state UP qlen 1000
    link/ether d4:35:38:[...]:1c brd ff:ff:ff:ff:ff:ff
    inet6 [...]/64 scope link 
       valid_lft forever preferred_lft forever
3: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 5c:02:14:[...]:13 brd ff:ff:ff:ff:ff:ff
    inet [...]
4: lan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether d4:35:38:[...]:1c brd ff:ff:ff:ff:ff:ff
5: lan2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether d4:35:38:[...]:1c brd ff:ff:ff:ff:ff:ff
[...]

kvoit · June 5, 2023, 6:54pm

Hm, if I set what I think I should set via LUCI, this would be done:

uci add network device 
uci set network.@device[-1].type='8021q'
uci set network.@device[-1].ifname='wan'
uci set network.@device[-1].vid='7'
uci set network.@device[-1].name='wan.7'

moeller0 · June 6, 2023, 6:37am

I know this is not what you asked, but maybe create a series of screen shots of the luci GUI showing which fields to change (e.g. by a neon green box around the field) and which values to put in?
Then have them just follow your prepared recipe step by step with you on the phone? I guess the "you on the phone" part is mandatory anyways as you will not be able to test everything and might need to nudge small details?

Alternatively, have you parents use a fritzbox temporarily which IIRC are set-up to auto-configure almost completely with minimal user-intervention required; and then replace it with a proper OpenWrt solution the next time you are around?

P.S.: Germany, PPPoE. VLAN7 smells like a link operated by the incumbent Deutsche Telekom, if so you are lucky as IIRC by default the PPPoE credentials do not matter for Telekom, as they use line-IDs to map links to contracts (but that only works if your parents are direct customers of Deutsche Telekom, resellers still use mandatory PPPoE usernames and passwords).

kvoit · June 6, 2023, 7:24am

Screenshots are a great idea. My main problem is the VLAN ID, though, because I am not sure how to do it myself due to a serious lack of experience with DSA. Is my previous last modification correct for this, assuming that wan is not part of the bridge from the rest of the switch?

Yes, it is Telekom. I have posted a link to the configuration using the for me inexistent " Network->Switch" tab above, and there people say that Zugangsnummern with less than 12 numbers need a #, so I am not sure about the credentials being unimportant ...

slh · June 6, 2023, 11:46am

By default, DTAG is quite aggressively pushing for not checking the PPPoE credentials - even silently re-enabling the setting, if it was actively disabled. That doesn't mean you can rely on it (without checking the self-service contract infos or just trying), but if enabled, you can use literally anything as username password (it needs to be there, but is not verified).

Based on my past experiences with DTAG VDSL, I wouldn't expect any real problems setting it up - but... chances of it to work remotely in advance are 50:50 at best, not enough concise documentation and at least some trial and error required.

moeller0 · June 6, 2023, 2:19pm

This feature is called "Easy Login" and relies on the DSLAM? injecting line ID information, this will only work for immediate Telekom customers, for resellers Telekom uses the PPPoE realm to select the specific hand-over to the reseller ISP IIRC.

kvoit · June 6, 2023, 7:59pm

I am not so worried about the PPPoE part. They can send me a photo via Signal to check ...
What I AM worried about is the VLAN part., because I have little experience with that.

Am I correct with the above-mentioned uci config change, and then let them change protocol to PPPoE and device to wan.7 here?
Screenshot_20230606_215719
I would THINK that the uci change shouldn't affect the previous DHCP connection, but to be save, I could just do it the night before the day of switchover remotely via SSH.

slh · June 6, 2023, 8:04pm

wan.7 (instead of just wan) should work, the VLAN would be the least of my worries. bridge VLAN filtering (what's usually understood under DSA VLAN syntax) might be an optimization, but it's not necessary to get that working on day one.

Two additional things to consider:

do you have a plan to deal with VoIP/ SIP (pseudo-) 'landline' phone features (if needed)
is the router fast enough to deal with fibre speeds (especially PPPoE is demanding)

kvoit · June 7, 2023, 6:46am

What would be your worry? The rest is just filling out the PPPoE form, isn't? For that, the instructions I linked should apply. Do I miss anything?

For SIP, I got a used Fritzbox 7520, which is already configured as a client in a separate VLAN. Once the new connection is active, I can configure it remotely.

Regarding speed ... I tested that the router can route 1GBit between VLAN subnets, including firewall rules. I don't know if I will get full speed with PPPoE, but I kind of don't care yet ... I will only have the Gigabit package for a year because it costs the same and will then downgrade to 500MBit. I am mostly interested in the Upstream increase, and 100 MBit are enough for that for now. In a few years, when Gigabit becomes more affordable, I guess the same will apply for faster SoCs.

kvoit · July 10, 2023, 7:06am

Quick update: The setup is running as of this morning. I configured everything yesterday evening before I left and hoped for the best this morning.

That is, I ran the uci commands from the 5th of June above, and changed the WAN interface to PPPoE
with
00000000000#000@t-online.de
123456
credentials, as I did not get any other.
EasyLogin was activated in the settings in the Telekom account by default.

I removed the WAN6 interface, a new WAN_6 interface automatically spawned and got a /56 subnet.

At 7am, a text message arrive which send me to a web page where I had to enter the model ID.
The green led that blinked yesterday evening was now on constant.

Then I let my mother restart the interface over phone (bookmark prepared and login saved yesterday evening) and immediately got an IPv4 address.

DECT phone are served by a client fritzbox in the IoT subnet. Here, I just had to register the numbers with provider "Telekom", no further credentials, and it worked out of the box.

PS: I am measuring 493MBit up and 112MBit down with speedtest-cli, so the router seems to be sufficient. I don't really see any system load at all in top during short speed tests, 97% idle ...