Setting CPU as 'Tagged' in Network>>Switch kills wired connection... Why is this? TP-Link 841 Router

777funk · December 21, 2018, 9:52pm

I was in the process of setting up MWAN3 and found that if I set the CPU port on my router (TP-Link 841N) to 'tagged' all wired connections go down. Why would this be?

777funk · December 21, 2018, 10:04pm

Picture is worth a thousand words... Screenshot_2018-12-21_16-00-41

jeff · December 21, 2018, 10:09pm

Do you have eth0.1, eth0.2, and eth0.3 configured/showing with ip link and ip addr or in your bridged interfaces?

That switch configuration would be one where you have three subnets on the three VLANs. If you haven't properly configured the interfaces (and associated IP addresses, subnets, and firewall rules), then eth0 gets a tagged packet and "properly" ignores it, if not configured for the VLAN tag.

mk24 · December 21, 2018, 10:14pm

Yes you have to go back to the network interfaces and change from eth0 to eth0.X. Once you are tagging the CPU port, don't connect anything to the "base" interface (eth0 with no VLAN number).

(On some hardware the eth port connected to the switch will be eth1 because eth0 is connected directly to the WAN port with no switch.)

jeff · December 21, 2018, 10:17pm

The lack of a second Ethernet device on the switch config caught me as well, but https://openwrt.org/toh/tp-link/tl-wr841nd indicates

eth1 is directly connected to the WAN port.

777funk · December 21, 2018, 10:19pm

So does this rule out the possibility of VLANs? Or maybe more precisely, should I say using a LAN port as a WAN?

mk24 · December 21, 2018, 10:21pm

No. You can run VLANs in the switch and eth0 like most other routers.

You can also send out VLAN tagged packets on the WAN port by using eth1.X This is an advanced topic because the device on the other end of the cable must of course be VLAN capable and configured for the same VLANs.

777funk · December 21, 2018, 10:25pm

I didn't realize that creating the VLAN broke the individual ports at the switch away from the LAN. I just reconnected them in the Interface tab. Hopefully this fixes the issues. I admittedly don't know very much about OpenWRT. Learning as I go. Screenshot_2018-12-21_16-22-34

jeff · December 21, 2018, 10:30pm

No, not at all. If you wanted to, for example, use Port 1 as secondary upstream access, you could

Configure a new interface, perhaps "WAN2" on an otherwise unused VLAN ID (1-15 available on your device) and VLAN tag (will be the same as the VLAN ID, by default) on eth0
Set the switch to be tagged for the CPU (eth0) and untagged for a "modem" or "router" that isn't VLAN-aware, with the PVID value being that of the VLAN ID value
Configure the WAN2 interface to use the "right" IP address/subnet assignment, be it DHCP or static addressing

The other "LAN" ports can remain untagged as they are in the default configuration.

There are some corner cases, generally around "rogue" devices configured for a specific VLAN that might suggest another approach, but for most users there are other security concerns that are much higher in priority.

Edit:

Hey, that looks good -- you've got each socket on its own VLAN, now you can access and bridge them as you see fit!

(You can probably remove eth0 from the bridge, since you're not using untagged packets on eth0 with how I read that config -- that also "fixes" much of the rogue-client scenario I alluded to earlier.)

Turning on STP is usually a good idea. Might not notice any changes now, but might save you from a mis-plugged Ethernet cable one day.

lleachii · December 21, 2018, 10:32pm

NO!!!!

You have to create a new Interface for each new VLAN (e.g. Guest, LAN2, LAN3, etc.), do not join them to LAN.

...Otherwise, I'm not sure you you'd go through the hassle of creating a VLAN for each port, just to bridge them together anyways.

777funk · December 21, 2018, 10:34pm

"Just to bridge them together... "

Yes. This is just a test to get everything as it was before breaking it apart.

The end goal is to use one of the LAN ports as a secondary WAN. At that point it will be divided from the group.

EDIT: It does not work. I cannot connect to the wired network as before I changed it from stock.

jeff · December 21, 2018, 11:05pm

Have the sub-interfaces been created? (check ip link)

Does tcpdump -ni eth0.1 or the like provide any clues?

777funk · December 22, 2018, 12:45am

Yes it does. It's saying no IPv4 address assigned. So some sort of DHCP issue? Maybe a reboot of router and machine?

EDIT: I just restarted the network in Ubuntu and all is a go... Thanks for the tip with tcpdump! It's nice when it's the simple things that are the problem.

777funk · December 22, 2018, 6:45am

I was trying to simulate a down Wan connection and in the switch vlan area I set all CPU fields to off. Now there is no wired connection (no Lan to router) . Is there a way to get it back or do I have to reset and lose my settings?

I do have the config files backed up if I'm not able to find a way to fix it.

777funk · December 22, 2018, 3:52pm

Having lots of trouble getting router to reset itself to factory defaults. I have a fast flashing LED but can't SSH or PuTTY in. I may have made a brick.

mk24 · December 22, 2018, 3:56pm

Fast flashing LED should let you ssh to 192.168.1.1. Failsafe mode boots up with default settings like OpenWrt has just been installed.

lleachii · December 22, 2018, 3:56pm

You seem to be experimenting. (Shutting those CPU fields to off likely lost connection between the router and devices on the ports.)

Perhaps, you should make a new thread for each separate issue.

system · January 1, 2019, 3:56pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.