Mt7621 DSA switch VLAN configuration

Hi all,

I have a VLAN configuration issue for a MT7621 based router (Linksys EA7500 v2) running a master build I compiled myself.

The router is serving as my Internet gateway and is supposed to also serve as my ISP's IPTV router. My Netgear R7800 running Lede-17.01 was doing a fine job until I replace it with the EA7500 v2 as I want to thinker with the R7800 with a master build.

The MT7621 is using the newer DSA switch architecture. My ISP provides Internet and IPTV services via two VLANs.

While I'm able to get Internet service via PPPoE using the Internet VLAN, I just cannot get the IPTV service to work.

What works in my R7800 network config is as follows:

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '123'
	option ports '0 5t'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '456'
	option ports '4 5t'

VLAN 123 is for Internet, while VLAN 456 is for IPTV.

I figured I needed to configure a bridge for the IPTV, so this is the config for my EA7500 v2:

config interface 'iptv'
        option proto 'none'
        option type 'bridge'
        option delegate '0'
        option force_link '1'
        option ifname 'lan4 wan.456'

While I can see traffic going out of wan.456, and when I tcpdump the wan interface looking for VLAN 456, I can see outgoing packets. I just don't see anything coming in. Outgoing traffic are mainly BOOTP traffic from the IPTV box trying to get IP address.

The Internet VLAN 123 works great tho, with the 'wan.123' interface. I assume the IPTV configuration would work as well.

The R7800 is configured as a straight pass thru for the IPTV VLAN, as the Linux kernel does not even see the VLAN traffics. This is what I understood with that config.

The EA7500 v2 with DSA on the other hand, sees traffic in the Linux kernel. Could it be that the kernel is mangling the traffic?

Am I missing something here?

Anyone has similar experience to share?

Thanks.

My issue with IPTV VLAN configuration has been resolved with the latest DSA switch patches in the master branch. I still can't configure the VLANs using uci alone though. I have to additionally configure the bridge and ports as follows:

#Add IPTV VLAN PVID to bridge ports
ip link set br-iptv type bridge vlan_default_pvid 456
ip link set br-iptv type bridge vlan_filtering 1

The above did not work without the latest DSA patch.

That's nice! Thanks.

Just wondering: How did you come across this? Even knowing the name of the setting, it's almost impossible to find any documentation at all. I found a single line in the ip-link man page, and that was added long after the code went in... And absolutely nothing in the kernel, except for the source code.

So thanks a lot for mentioning that setting. It simplifies the DSA setup a lot for this particular use case (bridging untagged lan to tagged wan). In particular, it elegantly solves the problem of dynamically added ports - like wifi VIFs.

You have to install the full suite of iproute2. It’ll have help printout.

E.g. ip link help bridge will show you the available options. That’s how I found out.

Yes, that is pretty much required for DSA anyway, isn't it?

Well, actually, you only need ip-bridge to manipulate bridges using iproute2. But installing the full suite gives you help messages if I’m not wrong.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.