Hi Everyone,
The title says most of it, but to elaborate, this is my situation.
I'm testing out VLANs using DSA in OpenWrt 21.02.1 and have no problems creating VLANs using Bridge VLAN Filtering (egress untagged for one VLAN on each port, other VLAN does not participate). It works as expected when connecting to different ethernet ports based on the tagging (eg untagging or tagging, though I have not tested Port VLAN IDs for ingress / egress behavior).
Nonetheless, as noted in the DSA Mini Tutorial and Converting to DSA, I simply assign the network, to the interface created that has a bridged vlan device associated with it (such as br-lan.1).
However, when I do this as per documentation, it doesn't work. By that, I notice that my client attempts to connect, temporarily connects when looking at Wireless page, but then is disconnected and never gets an IP assigned. I repeat the process to only see it fail, as expected. I know I'm using the right password, and have ruled that out.
What I find interesting is that this does actually work (my wireless client connects and gets an IP address assigned under the DSA VLAN), when I change the network security to Open. The client also connects when I change the interface's device to wlan0 (from br-lan.1), but does not get assigned an IP address, even while still using WPA-PSK2 security.
So this is very strange to me, and I haven't been able to diagnose why I am seeing this behavior. For reference, refer to my configurations for /etc/config/network and /etc/config/wireless for the following scenarios.
All scenarios use LAN2 as the network.
Scenario 1: DSA VLAN on WiFi WPA-PSK2 -> Fails to authenticate
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd36:fe57:adcc::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
list ports 'eth1'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'br-lan.1'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'eth0'
config bridge-vlan
option device 'br-lan'
option vlan '2'
list ports 'eth1'
config interface 'lan2'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option device 'br-lan.2'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel 'auto'
option hwmode '11a'
option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
option htmode 'VHT20'
option cell_density '0'
option country 'US'
option log_level '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option key 'dsatest456'
option encryption 'psk2'
option network 'lan2'
logread output
Sun Oct 24 11:01:49 2021 daemon.info hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 IEEE 802.11: associated
Sun Oct 24 11:01:49 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: event 1 notification
Sun Oct 24 11:01:49 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: start authentication
Sun Oct 24 11:01:49 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 IEEE 802.1X: unauthorizing port
Sun Oct 24 11:01:49 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: sending 1/4 msg of 4-Way Handshake
Sun Oct 24 11:01:50 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: EAPOL-Key timeout
Sun Oct 24 11:01:50 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: sending 1/4 msg of 4-Way Handshake
Sun Oct 24 11:01:51 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: EAPOL-Key timeout
Sun Oct 24 11:01:51 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: sending 1/4 msg of 4-Way Handshake
Sun Oct 24 11:01:52 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: EAPOL-Key timeout
Sun Oct 24 11:01:52 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: sending 1/4 msg of 4-Way Handshake
Sun Oct 24 11:01:53 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: EAPOL-Key timeout
Sun Oct 24 11:01:53 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: PTKSTART: Retry limit 4 reached
Sun Oct 24 11:01:53 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: event 3 notification
Sun Oct 24 11:01:53 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 IEEE 802.1X: unauthorizing port
Sun Oct 24 11:01:53 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 MLME: MLME-DEAUTHENTICATE.indication(a1:b2:c3:d4:e5:f6, 15)
Sun Oct 24 11:01:53 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 MLME: MLME-DELETEKEYS.request(a1:b2:c3:d4:e5:f6)
Sun Oct 24 11:01:53 2021 daemon.info hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 IEEE 802.11: disassociated
Scenario 2: wlan0 on Interface lan2, WiFi WPA-PSK2 -> Authenticates, No IP Assigned
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd36:fe57:adcc::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
list ports 'eth1'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'br-lan.1'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'eth0'
config bridge-vlan
option device 'br-lan'
option vlan '2'
list ports 'eth1'
config interface 'lan2'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option device 'wlan0'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel 'auto'
option hwmode '11a'
option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
option htmode 'VHT20'
option cell_density '0'
option country 'US'
option log_level '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option key 'dsatest456'
option encryption 'psk2'
option network 'lan2'
logread output
Sun Oct 24 11:08:28 2021 daemon.info hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 IEEE 802.11: associated
Sun Oct 24 11:08:28 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: event 1 notification
Sun Oct 24 11:08:28 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: start authentication
Sun Oct 24 11:08:28 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 IEEE 802.1X: unauthorizing port
Sun Oct 24 11:08:28 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: sending 1/4 msg of 4-Way Handshake
Sun Oct 24 11:08:28 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: received EAPOL-Key frame (2/4 Pairwise)
Sun Oct 24 11:08:28 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: sending 3/4 msg of 4-Way Handshake
Sun Oct 24 11:08:28 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: received EAPOL-Key frame (4/4 Pairwise)
Sun Oct 24 11:08:28 2021 daemon.notice hostapd: wlan0: AP-STA-CONNECTED a1:b2:c3:d4:e5:f6
Sun Oct 24 11:08:28 2021 daemon.debug hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 IEEE 802.1X: authorizing port
Sun Oct 24 11:08:28 2021 daemon.info hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 WPA: pairwise key handshake completed (RSN)
Scenario 3: DSA VLAN, WiFi Open -> Assigned IP
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd36:fe57:adcc::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
list ports 'eth1'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'br-lan.1'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'eth0'
config bridge-vlan
option device 'br-lan'
option vlan '2'
list ports 'eth1'
config interface 'lan2'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option device 'br-lan.2'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel 'auto'
option hwmode '11a'
option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
option htmode 'VHT20'
option cell_density '0'
option country 'US'
option log_level '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option key 'dsatest456'
option network 'lan2'
option encryption 'none'
logread output
Sun Oct 24 11:14:48 2021 daemon.info hostapd: wlan0: STA a1:b2:c3:d4:e5:f6 IEEE 802.11: associated
Sun Oct 24 11:14:48 2021 daemon.notice hostapd: wlan0: AP-STA-CONNECTED a1:b2:c3:d4:e5:f6
Sun Oct 24 11:14:48 2021 daemon.info dnsmasq-dhcp[9440]: DHCPREQUEST(br-lan.2) 192.168.1.125 a1:b2:c3:d4:e5:f6
Sun Oct 24 11:14:48 2021 daemon.info dnsmasq-dhcp[9440]: DHCPNAK(br-lan.2) 192.168.1.125 a1:b2:c3:d4:e5:f6 wrong network
Sun Oct 24 11:14:52 2021 daemon.info dnsmasq-dhcp[9440]: DHCPDISCOVER(br-lan.2) a1:b2:c3:d4:e5:f6
Sun Oct 24 11:14:52 2021 daemon.info dnsmasq-dhcp[9440]: DHCPOFFER(br-lan.2) 192.168.2.125 a1:b2:c3:d4:e5:f6
Sun Oct 24 11:14:52 2021 daemon.info dnsmasq-dhcp[9440]: DHCPDISCOVER(br-lan.2) a1:b2:c3:d4:e5:f6
Sun Oct 24 11:14:52 2021 daemon.info dnsmasq-dhcp[9440]: DHCPOFFER(br-lan.2) 192.168.2.125 a1:b2:c3:d4:e5:f6
Sun Oct 24 11:14:53 2021 daemon.info dnsmasq-dhcp[9440]: DHCPREQUEST(br-lan.2) 192.168.2.125 a1:b2:c3:d4:e5:f6
Sun Oct 24 11:14:53 2021 daemon.info dnsmasq-dhcp[9440]: DHCPACK(br-lan.2) 192.168.2.125 a1:b2:c3:d4:e5:f6
So I'm not sure whats honestly going on, but this is all the information I could think of to gather. I see the EAPOL-Key timeout, but not sure why this is happening. I have had WiFi work without issue on WPA-PSK2 using the default configuration (br-lan interface with no Bridge VLAN filtering), just not with DSA VLANs just yet.
I'd like to get this working so I can document it in a video as well I'm preparing.
I hope I'm not missing anything glaringly obvious. Any help would be appreciated.
Thanks in advance!
Orest