Luci VLAN filtering

Hi,

I'm running 21.02 with a couple of VLANs on a switch. Now to my surprise, I'm seeing vlan packets for the "wrong" vlan, tagged and all, on my wifi network. I guess I misconfigured something, but I'm unsure what I must change.

So I'm seeing "vlan3" tags (that come from eth1.3) on my "huishoud" ("Kerkstraat 1") wifi, although I assumed that vlan3 would only appear on the office bridge. What am I doing wrong?

As a side note, it seems that the "option vlan_filtering" is not reflected in luci, i.e. when I go to cgi-bin/luci/admin/network/network, Devices - [br-huishoud] Configure - Bridge VLAN filtering and I choose "Enable vlan filtering", (apply and save and all that), nothing seems to happen, next time the checkbox is off again. Even as the vlan_filtering is '1' in the configuration below. Is this a bug?

Here's my config - I left out firewalling as I'm guessing that has nothing to do with the vlan tags appearing on wrong interfaces.

Configuration:
	"kernel": "5.4.143",
	"hostname": "gateway",
	"system": "Qualcomm Atheros QCA9558 ver 1 rev 0",
	"model": "TP-Link Archer C7 v2",
	"board_name": "tplink,archer-c7-v2",
		"distribution": "OpenWrt",
		"version": "21.02.0",
		"revision": "r16279-5cc0535800",
		"target": "ath79/generic",
		"description": "OpenWrt 21.02.0 r16279-5cc0535800"

package network

config interface 'loopback'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'
	option device 'lo'

config globals 'globals'
	option ula_prefix 'fd9b:cdf9:888c::/48'

config interface 'wan'
	option proto 'dhcp'
	option delegate '0'
	option device 'eth0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '10'
	option ports '6 1'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '4'
	option ports '5 3 2t 0t'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option vid '3'
	option ports '5t 4 2t 0t'

config interface 'huishoud'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '172.17.2.1'
	option device 'br-huishoud'
	list ip6class 'henet'
	option delegate '0'
	option ip6assign '56'

config interface 'office'
	option proto 'static'
	option ipaddr '10.56.54.1'
	option netmask '255.255.255.0'
	option ip6prefix '2001:xxx:yyyy:nnnn::/64'
	list ip6addr '2001:xxx:yyyy:nnnn::1/64'
	option device 'br-office'
	option delegate '0'

config interface 'vpn'
	option proto 'none'
	option device 'tun0'

config switch_vlan
	option device 'switch0'
	option vlan '6'
	option vid '101'
	option ports '2t 0t'

config interface 'andersom'
	option proto 'static'
	option ipaddr '10.220.227.49'
	option netmask '255.255.255.0'
	option device 'br-andersom'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1.1'
	option vlan_filtering '1'

config device
	option name 'br-huishoud'
	option type 'bridge'
	list ports 'eth1.4'
	list ports 'tap0'
	option vlan_filtering '1'

config device
	option name 'br-office'
	option type 'bridge'
	list ports 'eth1.3'
	option vlan_filtering '1'

config device
	option name 'br-andersom'
	option type 'bridge'
	list ports 'eth1.101'
	option vlan_filtering '1'

config interface 'henet'
	option proto '6in4'
	option peeraddr '________'
	option ip6addr '2001:____/64'
	option tunnelid 'wwwwwww'
	option username 'X'
	option password 'X'
	list ip6prefix '2001:rrrr:ffff:oo::/64'
	option peerdns '0'

package wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option country 'NL'
	option hwmode '11a'
	list basic_rate '6000 9000 12000 18000 24000 36000 48000 54000'
	option path 'pci0000:00/0000:00:00.0'
	option htmode 'VHT80'
	option channel '36'
	option legacy_rates '0'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'Kerkstraat 1'
	option key X
	option macfilter 'deny'
	option network 'huishoud'
	option encryption 'psk2+ccmp'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11g'
	option country 'NL'
	option channel '1'
	option txpower '14'
	option log_level '3'
	list basic_rate '6000 9000 12000 18000 24000 36000 48000 54000'
	option path 'platform/ahb/18100000.wmac'
	option legacy_rates '0'
	option htmode 'HT40'

config wifi-iface 'wifinet1'
	option device 'radio1'
	option mode 'ap'
	option ssid 'Kerkstraat 1'
	option key X
	option macfilter 'deny'
	option network 'huishoud'
	option encryption 'psk2+ccmp'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'office'
	option network 'office'
	option encryption 'psk2'
	option key X

config wifi-iface 'wifinet3'
	option device 'radio1'
	option mode 'ap'
	option ssid 'office'
	option network 'office'
	option wmm '0'
	option encryption 'psk2'
	option key X

package dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option localise_queries '1'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf'
	option rebind_protection '1'
	option local '/localnetname.example.com/'
	option domain 'localnetname.example.com'
	option localservice '0'
	option nonwildcard '0'
	list server '/other.example.com/external.example.com/192.168.112.1@10.56.54.1'
	list rebind_domain 'other.example.com'
	list rebind_domain 'external.example.com'

config dhcp 'lan'
	option interface 'lan'
	option limit '150'
	option start '20'
	option leasetime '1h'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option ra 'server'

config dhcp 'huishoud'
	option interface 'huishoud'
	option start '100'
	option leasetime '12h'
	option limit '150'
	option force '1'
	option ra 'server'
	option dhcpv6 'server'
	list ra_flags 'none'

config dhcp
	option start '100'
	option leasetime '12h'
	option limit '150'
	option interface 'office'
	list dhcp_option '119,other.example.com'
	option ra 'server'
	option dhcpv6 'server'
	option ra_management '1'
	option ra_default '1'

config dhcp 'andersom'
	option start '100'
	option limit '151'
	option interface 'andersom'
	option leasetime '60m'

From my understanding that is only for DSA which currently is not implemented on the C7.

VLAN tags were "leaking" from a second base station that had both tagged and untagged packets on its' ethernet side. Solved.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.