Lost access to NanoPi R4S after configuring trunk

tectonic · January 7, 2023, 1:36pm

Hello

I'm configuring eth1 on my NanoPi R4S (running OpenWrt 22.03.2) to carry two VLANs to a managed switch. When I apply the changes, the computer which is attached to the R4S no longer receives an IP address; after 90s, the changes are rolled back in LuCI and I can login again.

Clearly, I'm overlooking something, but I can't spot my error. Perhaps someone can spot the issue in my config?

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd95:c396:6dd9::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'

config device
	option name 'eth1'
	option macaddr 'redacted'

config interface 'lan'
	option device 'br-lan.99'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'eth0'
	option macaddr 'redacted'

config interface 'wan'
	option device 'eth0'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0'
	option proto 'dhcpv6'

config bridge-vlan
	option device 'br-lan'
	option vlan '99'
	list ports 'eth1:t*'
	
config bridge-vlan
	option device 'br-lan'
	option vlan '3'
	list ports 'eth1:t'
	
config interface 'guest'
	option device 'br-lan.3'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

Many thanks

_bernd · January 7, 2023, 2:10pm

At least this looks odd. Should be :t.
An untagged port can be written just as lan1.
For sanity stay away from assigning explicit PVIDs and the like. Just stick to that a Vlan have just ports tagged or untagged and that it has its Vlan id.

anon_openwrt · January 7, 2023, 2:24pm

Which port is your computer attached to? It looks like eth0 is set up for wan and eth1 is only carrying tagged packets, so how would a vlan-unaware computer reach the router?

tectonic · January 7, 2023, 2:31pm

Ah, I see!

You're right: eth0 is wan and the computer is attached to eth1. I had assumed that eth1:t* would mean that untagged frames from my VLAN-unaware computer would take the PVID.

So, it seems that I should connect my computer to my switch rather than to eth1?

anon_openwrt · January 7, 2023, 3:21pm

That is one option if you only want tagged data on you trunk, but you can also set br-lan device to use untagged packets by default so that your vlan-unaware devices can still reach it.

_bernd · January 7, 2023, 3:24pm

A few weeks ago I had many questions, too and Yet another DSA-"I still have questions"-thread gives plenty of useful answers. And just to repeat: under "normal" circumstances there is barley a need to fiddle with PVIDs manually at all. Just stick with the VLAN-ID and call it a day.

If you have a linux system running on your pc/laptop you can easily configure your ethernet port to have a vlan, too.

Assuming you have NetworkManager running:

# As your normal user
nmcli device set eth0 managed no

# As root or via sudo
ip link add link eth0 name eth0.100 type vlan id 100
ip link set dev eth0.100 up
ip addr add 192.168.100.23/24 dev eth0.100

# And to revert
ip link set dev eth0.100 down
ip link delete eth0.100

# Again, as your normal user
nmcli device set eth0 managed yes

tectonic · January 7, 2023, 3:38pm

thanks! I try to not to mix tagged and untagged packets, but given that there is only one LAN port on the R4S, this seems like a good option.

anon_openwrt · January 7, 2023, 4:02pm

Also see: https://openwrt.org/docs/guide-user/network/vlan/switch_configuration#assigning_vlan_ids_using_dsa_on_devices_with_one_physical_port for implicit DSA notation that will simplify your config.

system · January 17, 2023, 4:03pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.