Mikrotik hAP ac2 no WAN ip with VLAN

I have a Mikrotik hAP ac2 router runnng with the SNAPSHOT release r16845 (31 Mai 2021) installed.

Whenever I am adding more VLANS to the CPU0 port, the WAN connection on (eth1) is loosing the IP addresses obtained with DHCP.

I am quite new to openwrt, so this can easily be a mistake made by me.

Steps to reproduce:
0) Reset the router to defaults and reinstall LuCI

  1. configure DHCP and DHCP6 on eth1 (the default WAN/WAN6) interface
  2. Check the WAN IP in the interfaces tab (Should have at least a v4 address obtained)
  3. Create a second VLAN (e.g. vlan 2) on the VLAN switch
  4. Set the CPU0 port on VLAN1 to tagging
  5. Set the CPU0 port on VLAN2 to tagging
  6. Refresh the WAN interfaces in the interfaces menu

After this procedure, my OpenWRT installation looses the IP addresses on the WAN interface.

Can someone please tell me, if I am just too stupid, or if I revealed a possible bug in the OpenWRT snapshot?

P.S.
I also tried earlier snapshots, but they all shows the same behaviour.

Cheers,
Christopher

Working configuration
---------------------

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd40:dd27:055f::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        option macaddr '2c:c8:1b:50:a9:09'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'eth1'
        option macaddr '2c:c8:1b:50:a9:08'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 4 3 2 1'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '2'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '3'

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option vid '4'
non working configuration
-------------------------

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd40:dd27:055f::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        option macaddr '2c:c8:1b:50:a9:09'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'eth1'
        option macaddr '2c:c8:1b:50:a9:08'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 4 3 2 1'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '2'
        option ports '0t'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '3'

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option vid '4'

On ipq40xx VLANs 1 (LAN ports) & 2 (WAN port) are used by the qualcomm networking drivers to fake separate ethernet devices. Easiest to avoid using 1 & 2 on this device.
swconfig dev switch0 vlan 2 show shows how this is set up normally:

VLAN 2:
	vid: 2
	ports: 0t 5

By removing port 5 from VLAN2, the WAN port of the switch is no longer part of eth1.

VLANs example:

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 0'

config switch_vlan
	option device 'switch0'
	option vlan '20'
	option ports '5t 0t'

config switch_vlan
	option device 'switch0'
	option vid '200'
	option vlan '22'
	option ports '5t 0t'

config interface 'wan'
	option ifname 'eth1'
	option proto 'dhcp'

config interface 'wan20'
	option ifname 'eth1.20'
	option proto 'dhcp'

Thanks a lot.

This weekend, I will try my configuration, avoiding VLAN 1 and 2.

Cheers,
Christopher

I figured out, what was giung wrong.

I used LuCI, to configure the wireless switch.
Adding a new VLAN creates the following configuration:

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '10'

I need to change option vlan '2' to option vlan '10', to not collide with the hidden vlan2.