I am running a VLAN and facing trouble with LAN port 1.
Using some Cudy WR3000s on 24.10.1. Multiple times during the day I am loosing connection between the two routers from time to time it switches from 1Gb to 100Mbit. Cable is OK.
Usually reconnecting the LAN cable on both routers solves the issue for some hours, but this is not acceptable.
Maybe also good to know how to check the log for these interruptions, maybe I could see there the reason?
Therefore I thought I could try to use another LAN port but I don't know exactly how to do that. Do not fully understand the logic for the LAN port assignments. Can you help me here?
Maybe I did a configuration error I assigned two VLANs to port1 and port2 is that OK?
How to change LAN from port 1 to port 3?
This is the config I am using on main router:
config bridge-vlan
option device 'br-lan'
option vlan '2'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
config bridge-vlan
option device 'br-lan'
option vlan '3'
list ports 'lan1:t'
list ports 'lan2:t'
config bridge-vlan
option device 'br-lan'
option vlan '4'
list ports 'lan1:t'
list ports 'lan2:t'
config interface 'lan'
option device 'br-lan.2'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'guest'
option proto 'static'
option device 'br-lan.3'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
config interface 'vpn'
option proto 'static'
option device 'br-lan.4'
option ipaddr '192.168.4.1'
option netmask '255.255.255.0'
on Access Point
config bridge-vlan
option device 'br-lan'
option vlan '2'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
config bridge-vlan
option device 'br-lan'
option vlan '3'
list ports 'lan1:t'
list ports 'lan2:t'
config bridge-vlan
option device 'br-lan'
option vlan '4'
list ports 'lan1:t'
list ports 'lan2:t'
config interface 'lan'
option device 'br-lan.2'
option proto 'static'
option ipaddr '192.168.2.7'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.2.1'
list dns '192.168.2.1'
config interface 'guest'
option proto 'none'
option device 'br-lan.3'
config interface 'vpn'
option proto 'none'
option device 'br-lan.4'
Before you change a thing: Make sure you understand what I'm saying.
You can make all those changes through LuCI web UI, which brings the advantage of automatically rolling the changes back after a couple of seconds, just in case you mess something up. The best thing would be having an independent wifi connection, which works even if no cable is connected at all.
As a general suggestion:
You're using lan port 1 and 2 both for vlan 3 and vlan 4 tagged (which is OK) as well as vlan 2 untagged, which looks like an error. While you theoretically can configure a single port as "tagged for tagged packages and treat untagged packages as if they were tagged to vlan 2", I struggle to wrap my head around what you're trying to do here.
I'd change it this way:
config bridge-vlan
option device 'br-lan'
option vlan '2'
- list ports 'lan1:u*'
- list ports 'lan2:u*'
+ list ports 'lan1:t'
+ list ports 'lan2:t'
list ports 'lan3:u*'
list ports 'lan4:u*'
This will make port 1 and 2 to tagged ports for vlans 2, 3 and 4 and have no untagged traffic through the first two ports and leave ports 3 and 4 as vlan 1 untagged, just as they were before.
As to your question:
You currently have ports 1 and 2 configured identically (they both carry vlan 3 and 4 tagged as well as vlan 2 untagged), so you should be able to just switch cables of ports 1 and 2. Whatever this means for your connected devices.
Are you 100% sure your cables are good? I just recently re-did some in-wall rj45 outlets to fix a very similar issue. Just cut half an inch of old cable and use a proper punch down tool to reconnect the outlet properly. The sockets worked for 25 years nicely, and one of them just recently started to act up. Those Rj45 wires are typically copper and do oxidize over time. Falling back from GBit to 100MBit can be a sign of physical cable degradation, which might happen over time in places where you have metal-to-metal connections plus oxygen. Having the issue fixed for a couple of hours and reappear can be a sign of physical cable degradation as well. Config and software errors usually act over some seconds to minutes, not hours, while physical stuff often is about weather conditions, like moisture in the air or heat. So "happens every couple of days" very much sounds like something physical.
Could you check your syslog? Physical stuff usually comes with physical disconnects followed by a couple of retry attempts, followed by a successful lower speed attempt. If it's something different, there might be indications for what's happening as well.
1 Like
I agree with @golialive that the problem is most likely physical. In addition to replacing cables, be sure to inspect the jacks on both sides to ensure that there are no bent pins or debris that could hinder a good connection.
The configuration looks totally fine, with the potential exception of the untagged VLAN that @golialive pointed out. This is usually not an issue, but there are some bits of hardware out there that don't like mixing tagged + untagged on the trunk port. That said, the symptoms are quite different and don't tend to affect speed negotiations and other things that happen at L1 (phy).
Replace the cable, inspect the jacks, and then test.
Thanks a lot.
It was also my assumption that it could be a physical issue cause this is such a "stupid" extra thin cable and 35m length on top 
So I will change the untagged in tagged as you recommended and also will take care for replacing the cable....
Just for the port assignments:
Is it no issue when assigning port 1 and 2 for all VLANs and can I really just change these on one or both routers, or is it even required on my access point cause I am forwarding from there to an additional access point?
So for testing purposes I really could just change the port for that specific cable from port 1 to port 2 on the main router and/or on the access point?
Make one change at a time so that you know what was responsible for the issue. I'd recommend starting with inspecting the ports and changing out the cable (that can be considered one step). If that doesn't work, try changing between port 1 and port 2 on one side, then the other if it still doesn't work (currently both of those ports are configured identically).
Yes, you can always configure the other ports as trunk ports, too, but no need to change any of the configurations at this moment.
Suddenly had trouble with the TPLINKEAP225Outdoor
This device with only one LAN port is setup differently (maybe you remember:-)
I changed port 2 of the main router which physically is directly connected to that outdoor device back to "untagged" and it is running again 
Means somehow it cannot deal with port2 setup as "tagged" on the main router.
This isn't a problem but is there a reason for that behavior?
The setup of that device is like:
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config device
option name 'br-guest'
option type 'bridge'
list ports 'eth0.3'
config device
option name 'br-vpn'
option type 'bridge'
list ports 'eth0.4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.2.9'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.2.1'
list dns '192.168.2.1'
config interface 'guest'
option device 'br-guest'
option proto 'none'
config interface 'vpn'
option device 'br-vpn'
option proto 'none'
You would first need to modify br-lan to use a tagged VLAN. This would be achieved by using the same dotted notation. So if you use VLAN 1 for that network, it would be:
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
Once you apply that, you'll loose contact with that AP, but that will be resolved once you tag the same VLAN on the other side.
That said, I don't think this is at all related to the issue at hand. Your problem is almost certainly a physical one.
Oh what is it so simple if you know how, right?
So it explains why the other devices are working with the "t" cause I am using there eth0.3 and eth0.4
But for the br.lan is it eth.1 or eth.2 cause this is VLAN id 2?
if you're using VLAN 2, it would be eth0.2.