Network with two managed switches ... why can't the router/firewall connect to either if they are trunked together?

Installing and Using OpenWrt Network and Wireless Configuration
1

I have two managed switches in my network, let's call them switch 1 and switch 2.

  • The OW router/firewall is connected to switch 1 via a trunked port
  • I have a dumb access point also connected to switch 1 via a trunked port
  • Switch 2 is connected to switch 1 via a trunked port

My question is why when I disconnect the router/firewall from switch 1 and connect it do switch 2 via a trunked port do I lose connectivity?

Current setup (works):

       [ISP]           
         |
    [OW router] <----> [switch 1] <----> [switch 2]
                            | 
                        [dumb AP]

Desired setup (does not work):

                                       [ISP]           
                                         |
[switch 1] <----> [switch 2] <----> [OW router] 
     |  
 [dumb AP]
/etc/config/network 
config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd3c:e2af:62b3::/48'
	option packet_steering '2'
	option steering_flows '128'

config device
	option name 'eth1'
	option ipv6 '0'

config device
	option type 'veth'
	option name 'veth0'
	option ipv6 '0'

config device
	option type 'veth'
	option name 'veth1'
	option ipv6 '0'

config device
	option type 'bridge'
	option name 'lxcbr0'
	option ipv6 '0'
	option bridge_empty '1'

config device
	option name 'br-lan'
	option type 'bridge'
	option ipv6 '0'
	list ports 'eth0'
	list ports 'veth0'
	list ports 'veth1'

config device
	option name 'br-lan.3'
	option type '8021q'
	option ifname 'br-lan'
	option vid '3'
	option ipv6 '0'

config device
	option name 'br-lan.4'
	option type '8021q'
	option ifname 'br-lan'
	option vid '4'
	option ipv6 '0'

config device
	option name 'br-lan.5'
	option type '8021q'
	option ifname 'br-lan'
	option vid '5'
	option ipv6 '0'

config device
	option name 'br-lan.6'
	option type '8021q'
	option ifname 'br-lan'
	option vid '6'
	option ipv6 '0'

config device
	option name 'br-lan.7'
	option type '8021q'
	option ifname 'br-lan'
	option vid '7'
	option ipv6 '0'

config device
	option name 'br-lan.10'
	option type '8021q'
	option ifname 'br-lan'
	option vid '10'
	option ipv6 '0'

config bridge-vlan
	option device 'br-lan'
	option vlan '3'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '4'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '5'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '6'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '7'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'eth0:t'
	list ports 'veth0:u*'
	list ports 'veth1:u*'

config interface 'wan'
	option device 'eth1'
	option proto 'static'
	option ipaddr 'external IP'
	option netmask '255.255.255.192'
	option gateway 'external gateway'
	option delegate '0'
	list dns '1.1.1.1'
	list dns '1.0.0.1'

config interface 'lan'
	option device 'br-lan.10'
	option proto 'static'
	option ipaddr '10.9.8.1'
	option netmask '255.255.255.0'
	option delegate '0'

config interface 'lxc'
	option device 'lxcbr0'
	option proto 'static'
	option ipaddr '10.0.4.1'
	option netmask '255.255.255.0'

config interface 'guest'
	option device 'br-lan.3'
	option proto 'static'
	option ipaddr '10.9.7.1'
	option netmask '255.255.255.0'
	option delegate '0'

config interface 'homeoffice'
	option device 'br-lan.4'
	option proto 'static'
	option ipaddr '10.9.6.1'
	option netmask '255.255.255.0'
	option delegate '0'

config interface 'iot'
	option device 'br-lan.5'
	option proto 'static'
	option ipaddr '10.9.5.1'
	option netmask '255.255.255.0'
	option delegate '0'

config interface 'vpn'
	option device 'br-lan.6'
	option proto 'static'
	option ipaddr '10.9.4.1'
	option netmask '255.255.255.0'
	option delegate '0'

config interface 'vpn2'
	option device 'br-lan.7'
	option proto 'static'
	option ipaddr '10.9.3.1'
	option netmask '255.255.255.0'
	option delegate '0'
	option auto '0'
2

Based on your description, the problem shouldn't be on the OpenWrt router, but on switch2 (probably the port you chose to connect to router to switch2 not having the trunking set up correctly).

I have a rather similar setup working fine here:

[Internet] <ONT--eth3> [FW-7543B] <eth0.x-trunk-lan1.x> [gs1900-24e] <lan24.x-trunk-lan1.x> [gs1900-24v1] <lan24.x-trunk-lan1.x> [gs1900-8v1]

(the gs1900-8v1 is my swiss army knife for VLAN settings, so it's only connected when playing around, with varying configurations).

The VLAN trunk passes through the whole chain of routers just fine.

1 Like
3

Thanks for the reply. The web UI for Switch 2 is a bit confusing so it's possible that I don't have it trunked correctly. It is a NICGIGA s25-0501-m

This is a screenshot of the VLAN section. I think I have ports 4-6 trunked properly.

vlan
vlan1220×463 37.9 KB

You basically have to click through each VLAN ID to see a sort of graphical representation of tagged/untagged if I am understanding it correctly.

10
10977×334 30.9 KB

7
7973×317 31.6 KB

6
6960×314 30.4 KB

5
5960×317 30.1 KB

4
4953×318 29.8 KB

3
3959×314 30.6 KB

4

Moving the dumb AP from switch 1 to switch 2 (connected through a trunked port) renders it effectively disconnected as well. I am not sure what would cause this.

5

I just purchased a new switch (netgear) to replace switch2 which was a netgiga which has a pretty confusing web UI and poor documentation. Now the two switches play just fine together. You get what you pay for I guess.