TPlink WDR4300 VLAN setup switch - possible bricked?

hi Gents,

I just upgraded yesterday TPlink WDR4300 from software v18.06.01 to v18.06.02 works fine. Afterwards I setup different IP subnet for router with different IP address 192.168.x1.x than the default one Everything works fine, login to the router with new IP address.
And I tried to build parallel additional switch for VLAN100.
I created VLAN100 on ports: CPU, 1,2.
I created bridged VLAN100 and move WiFi interfaces from default LAN (VLAN1).
So, finally I had two LANs:
LAN (default): VLAN1(CPU), untagged ports (1-4), without WiFi interfaces
VLAN100: CPU, tagged ports 1,2, WiFi interfaces
DHCP network creation:
LAN: 192.168.x1.x /24
VLAN: 192.168.x2.x /24
different router static IP address in each network.
and I tried to created Firewall rules for VLAN100 net.
After applying it.
It seems to be that router is bricked.
I can not access router. non of the static IP address from different net works, neither default IP.
I tried TCPDUMP and ip neigh(no response). it does not responds to ARP.

I connected the computer to port 4, which should be untagged. at least on IP should work.
I tried reset router to default settings. Looks like does not work.

I appreciated for any help. thanks, g.

You could probably try setting a static IP for your PC (once in 192.168.1.x /24 then 192.168.x1.x /24), connect to the tagged port and run an IP scanner to see if it finds the router?

Probably doesn't make much sense, but it wouldn't harm to try.

ip scanner did not find out any IP address in the router.

Then try fail-safe as @slh advised.

If you (inadvertently) configured the switch to tag the external LAN ports, then any computer not configured to tag his packets (and expect tagged packets) will be incapable of communicating with the router.

1 Like

this i know. two ports 3,4 are left untagged like in default LAN config.
and two port 1, 2 participate in VLAN100 should work in so called Hybrid mode and accept packets tagged and untagged there are as well in LAN default switch.
But this should not be the cause to i brick the router. that I can not get any IP response.
one Wifi SSID is advertised as well but I can not access to it, entering the pass.

Bricking the router is turning it into a brick beyond recovery (home-based recovery at least). Your router isn't at that stage.

Have you tried setting a computer with a VLAN tag on - in order to attempt access to the router?

1 Like

some positives, it responds ARPs in VLAN100 interface. but can not ping and can not access via http.

The 4300 is very easy to reset or recovery mode using the reset button you really should do that and start over.

Before trying elaborate Ethernet configurations, set up an "admin" interface. This interface has:

  • unique IP address range.
  • a DHCP server.
  • a wifi AP with PSK2 encryption
  • no firewall association (which by default means it has unrestricted access to the OS and any services that are listening on "all" interfaces.)
  • no gateway or DNS. The admin interface is only to log into the router, not to access the Internet.

Now no matter what you do with the LAN, you can always log in on your special admin wifi. About the only way to break this would be to have a client mode interface on the same radio which doesn't connect to its AP, that will shut down all the APs on the radio.

Tagged and untagged packets on the same cable is problematic and unlikely to work on consumer-grade switch chips. Avoid this if at all possible. If you really have to in order to interact with some existing network, you will probably need to manually enter your pvid's into the config file.

reset button at the back does not work. that would be easy.
now I have two IPs to mange router from different IP subnets.
but the router is not accessible.
that should not block reset button. (was working already before)

OpenWrt's firstboot procedure does work reliably on the tl-wdr4300. If push-button tftp recovery works - or not is a question of the installed bootloader version, as this support was only retrofitted later on during its manufacturing process (being made available by OEM firmware updates).

i just tried FailSafe mode.
login via ssh to router, run firstboot and recovered it to 18.06.02

but i have to check back soft 18.06.01, reset button for sure was working on my router.
And I need to continue setup in VLAN mode with different IP subnet broadcasted. so, the question will be about management access. two IPs, that it is usually strange. even not done on carrier routers.
it should work on DD-WRT so it should work as well on OpenWert.