Linksys WRT1900ACS config for ISP that requires VLAN

While trying to learn computer networks and linux (headless), I wanted to start to learn how to use OpenWRT without the web-interface. I have read the documentation about VLANs and switches, but I cannot figure out how to set it up so that I can replace the router that I received from my ISP. I can't google myself out of this one.

My default configuration in /etc/config/networks looks as follows:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdf2:ecc2:af60::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option ifname 'eth1.2'
	option proto 'dhcp'

config interface 'wan6'
	option ifname 'eth1.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'

The instructions from my ISP are as follows for internet access:

The router should make DHCP requests on VLAN34 via the WAN-port (802.1q)
The default route should go via VLAN34.

I cannot at the moment show the current configuration, because on my last attempt, I locked myself out of the router and can no longer connect to it. I will probably have to make a serial connection to get to a command prompt.

I would love to to find documentation on how to deal with this kind of thing with OpenWRT, but I haven't been successful in finding this documentation. The most ideal situation for me at the moment would be to find the documentation and see the working config as well :wink:

Any help will be highly appreciated.

The ISP confuses me because DHCP requests are UDP on IP and such are layer 3. Those broadcasts should reach the DHCP servers no matter the vlan ID. They must be doing something weird on their side to require this.

Set up tcpdump on the outside interface and take a look at those DHCP broadcasts and see if it is getting a response.

EDIT I wonder if this is how the ISP is getting around setting up DHCP Relay.

Otherwise you're going to need to set up vlan tagging on the outside interface... which is interesting to do just for DHCP requests.

I can be mistaken, but I think you only need to change the physical interface connected to WAN in eth0.34. And set the DHCP client protocol to WAN.

About de-bricking, for that you can use failsafe

3 Likes

Yeah, it needs to be tagged out of the WAN port. What I said was not the whole instruction, but only to get internet access. The rest of the instructions pertain to the television service which should go to VLAN4 (plus some static routes should be set).

So, how to setup VLAN tagging on the outside interface?

I've de-bricked it using UART.

So how would that configuration look like?

config interface 'wan'
    option ifname 'eth0.34'
    option port '5t'
    option proto 'dhcp'

Like that?

There is no option port in interface config.
If all you need to tag outgoing wan traffic with vid 34, then remove that port and everything else looks good.

But it is not clear what was wan initially eth0 or eth1?

What was the default /etc/config/network?

1 Like

I thought I put the config file in the initial post, but saw that I put the ifconfig output there. So, I just edited it to reflect the initial out-of-the-box network config.

I am not familiar with this device. Setup looks weird for me.
I looked at the device wiki https://openwrt.org/toh/linksys/linksys_wrt1900acs
It looks like eth0 and eth1 are switched there.

If wan (internet) is physically connected to port 4 of the switch, then we need to tag it

option ports '4t 6t'

Probably something like

config switch_vlan
	option device 'switch0'
	option vlan '2'
    option vid '43'
	option ports '4t 6t'

And eth1.43 as wan interface may work.

2 Likes

this device appears to be mvebu target that ships with the DSA driver instead of swconfig.

renaming wan port to eth1.34 and wan6 to @eth1.34 should work.
You could also try option ipv6 '1' on the wan config (remove the wan6 section) and see if ipv6 ports gets automatically spawned - that is for PPPoE/dual-stack.

For advanced 802.1q protocol management (aka VLAN tagging) in downstream you may take a look at Advanced 802.1q protocol management for DSA switch

The Linksys WRT line of mvebu devices doesn't use DSA yet and is still built around swconfig.

1 Like

Looked into the mvebu patches but could not find some that indicates swconfig being enabled for :

BOARDNAME:=Marvell Armada 37x/38x/XP
CPU_TYPE:=cortex-a9

Did I miss it? Else, the kernel config would imply DSA.

All the wrtpac devices use swconfig, but share kernel config with another mvebu device (Turris Omnia) which does use DSA.

1 Like

Thanks for the help so far everybody, I won't have another opportunity to test it all until next week. I will come back with a progress report

Hi everybody,

I've tried the suggested options, but still I get no connection with the ISP. It doesn't get an IP-address through DHCP from that port. Would I need to do something special to request an IP-address on that VLAN 34-tagged WAN-port?

Even when I manually assign the usual ip-address, there is still no connection.

If I attach my MacOS device to that WAN-port, should I be able to see if there is VLAN-34 tagged frames being sent?

So, I caught some packets for comparison between the original router and the Linksys with OpenWRT. I don't see anything that stands out. I still need to capture the replies from the ISP.

Original Zyxel router:

No.     Time           Source                Destination           Protocol Length Info
      1 0.000000       0.0.0.0               255.255.255.255       DHCP     316    DHCP Discover - Transaction ID 0x41e065a7

Frame 1: 316 bytes on wire (2528 bits), 316 bytes captured (2528 bits) on interface 0
Ethernet II, Src: ZyxelCom_00:00:00 (00:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
802.1Q Virtual LAN, PRI: 1, DEI: 0, ID: 34
    001. .... .... .... = Priority: Background (1)
    ...0 .... .... .... = DEI: Ineligible
    .... 0000 0010 0010 = ID: 34
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
    Source Port: 68
    Destination Port: 67
    Length: 278
    Checksum: 0x608d [unverified]
    [Checksum Status: Unverified]
    [Stream index: 0]
Bootstrap Protocol (Discover)
    Message type: Boot Request (1)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x41e065a7
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 0.0.0.0
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: ZyxelCom_00:00:00 (00:00)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Discover)
        Length: 1
        DHCP: Discover (1)
    Option: (60) Vendor class identifier
        Length: 12
        Vendor class identifier: dslforum.org
    Option: (55) Parameter Request List
        Length: 10
        Parameter Request List Item: (1) Subnet Mask
        Parameter Request List Item: (3) Router
        Parameter Request List Item: (6) Domain Name Server
        Parameter Request List Item: (12) Host Name
        Parameter Request List Item: (15) Domain Name
        Parameter Request List Item: (28) Broadcast Address
        Parameter Request List Item: (121) Classless Static Route
        Parameter Request List Item: (33) Static Route
        Parameter Request List Item: (120) SIP Servers
        Parameter Request List Item: (43) Vendor-Specific Information
    Option: (255) End
        Option End: 255

OpenWRT:

No.     Time           Source                Destination           Protocol Length Info
      1 0.000000       0.0.0.0               255.255.255.255       DHCP     346    DHCP Discover - Transaction ID 0x35cf4865

Frame 1: 346 bytes on wire (2768 bits), 346 bytes captured (2768 bits) on interface 0
Ethernet II, Src: ZyxelCom_00:00:00 (00:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 34
    000. .... .... .... = Priority: Best Effort (default) (0)
    ...0 .... .... .... = DEI: Ineligible
    .... 0000 0010 0010 = ID: 34
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
    Source Port: 68
    Destination Port: 67
    Length: 308
    Checksum: 0xd150 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 0]
Bootstrap Protocol (Discover)
    Message type: Boot Request (1)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x35cf4865
    Seconds elapsed: 715
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 0.0.0.0
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: ZyxelCom_00:00:00 (00:00)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Discover)
        Length: 1
        DHCP: Discover (1)
    Option: (57) Maximum DHCP Message Size
        Length: 2
        Maximum DHCP Message Size: 576
    Option: (55) Parameter Request List
        Length: 8
        Parameter Request List Item: (1) Subnet Mask
        Parameter Request List Item: (3) Router
        Parameter Request List Item: (6) Domain Name Server
        Parameter Request List Item: (12) Host Name
        Parameter Request List Item: (15) Domain Name
        Parameter Request List Item: (28) Broadcast Address
        Parameter Request List Item: (42) Network Time Protocol Servers
        Parameter Request List Item: (121) Classless Static Route
    Option: (60) Vendor class identifier
        Length: 12
        Vendor class identifier: udhcp 1.28.4
    Option: (12) Host Name
        Length: 7
        Host Name: OpenWrt
    Option: (255) End
        Option End: 255
    Padding: 00000000000000000000000000000000000000
config interface 'wan'
	option ifname 'eth1.34'
	option proto 'dhcp'

config interface 'wan6'
	option ifname 'eth1.34'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0 1 2 3 5t'

config switch_vlan
	option device 'switch0'
	option vlan '34'
	option vid '34'
	option ports '4t 6t'

Maybe?

Thanks for your input, but this also did not work.

Funny thing is that when I hook it up, there is very little activity with the lights on the NIC and swconfig doesn't even show that a cable is connected. I've tried different cables as well.

What is the name of your ISP?

Back in the days...
For a direct connection between 2 devices (without hub or switch) a crossover cable was needed.
But modern NICs can auto-sense the assignment of the wires.
But I am in doubt that's the case here.

So the port is being connected directly to the unit where the 'internet' is coming into the house. It's a unit that makes the fibreglass connection RJ44. Would I possibly need a crossover cable with that?

I could perhaps directly connect my Apple device to it, which automatically switches the port configuration to match when needed (although this one goed via a thunderbolt 3 dongle.

When the equipment is gigabit on both ends, a crossover cable is never used. The cable must have all 4 pairs (8 wires) wired through.