Ubiquiti UniFi 6 Lite with 23.05.5 don't forward packets in bridge from vlan

Installing and Using OpenWrt
1

Hello!

Packets from VLAN interface inside bridge interface not forwarded to wifi interfaces inside same bridge. But packets from wifi or other interface excelent forwarded to VLAN interface in same bridge.

I tryed 23.05.5 and SNAPSHOT from git.


root@buhg:~# ubus call system board
{
        "kernel": "6.6.74",
        "hostname": "buhg.wifi",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "Ubiquiti UniFi 6 Lite",
        "board_name": "ubnt,unifi-6-lite",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "SNAPSHOT",
                "firmware_url": "https://downloads.openwrt.org/",
                "revision": "r28746-63e178f067",
                "target": "ramips/mt7621",
                "description": "OpenWrt SNAPSHOT r28746-63e178f067",
                "builddate": "1738676939"
        }
}

Now I has made Kludge with bridge and this work. But is look not good.

root@buhg:~# cat /etc/config/network
/dhcp
cat /etc/config/firewall
config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd03:a14e:18c0::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'br-vlan.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'dhcp'

config interface 'free'
        option proto 'dhcp'
        option device 'br-free'
        option dns_metric '10'
        option metric '10'

config device
        option type 'bridge'
        option name 'br-free'
        list ports 'br-vlan.512'

config device
        option name 'eth0'
        option ipv6 '0'

config device
        option type 'bridge'
        option name 'br-vlan'
        list ports 'lan'

config device
        option type '8021q'
        option ifname 'br-vlan'
        option vid '1'
        option name 'br-vlan.1'

config device
        option type '8021q'
        option ifname 'br-vlan'
        option vid '512'
        option name 'br-vlan.512'

root@buhg:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel 'auto'
        option band '2g'
        option htmode 'HT40'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'THE COVE PUB WIFI'
        option encryption 'sae'
        option key '***'
        option ocv '0'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option channel '52'
        option band '5g'
        option htmode 'HE80'
        option cell_density '0'
        option country 'PH'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'THE COVE PUB WIFI'
        option encryption 'sae'
        option key '***'
        option ocv '0'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'THE COVE PUB FREE WIFI'
        option encryption 'owe'
        option ieee80211w '1'
        option ocv '0'
        option network 'free'

config wifi-iface 'wifinet3'
        option device 'radio1'
        option mode 'ap'
        option ssid 'THE COVE PUB FREE WIFI'
        option encryption 'owe'
        option ieee80211w '1'
        option ocv '0'
        option network 'free'

root@buhg:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@buhg:~# cat /etc/config/firewall

config defaults
        option input 'DROP'
        option output 'ACCEPT'
        option forward 'DROP'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        option masq '0'

config zone
        option name 'free'
        option input 'DROP'
        option output 'ACCEPT'
        option forward 'DROP'
        list network 'free'
        option masq '0'

root@buhg:~#

If I just create VLAN lan.512 and add them to br-free - this will not work.
As I can see this device have hardware switch on eth0 with only one port - lan and i think it already VLANed.
May be I can enable switch configuration functional and configure HW switch for VLANs ?

2

Hello!

Packets from VLAN interface inside bridge interface not forwarded to wifi interfaces inside same bridge. But packets from wifi or other interface excelent forwarded to VLAN interface in same bridge.

I tryed 23.05.5 and SNAPSHOT from git.


root@buhg:~# ubus call system board
{
        "kernel": "6.6.74",
        "hostname": "buhg.wifi",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "Ubiquiti UniFi 6 Lite",
        "board_name": "ubnt,unifi-6-lite",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "SNAPSHOT",
                "firmware_url": "https://downloads.openwrt.org/",
                "revision": "r28746-63e178f067",
                "target": "ramips/mt7621",
                "description": "OpenWrt SNAPSHOT r28746-63e178f067",
                "builddate": "1738676939"
        }
}

Now I has made Kludge with bridge and this work. But is look not good.

root@buhg:~# cat /etc/config/network
/dhcp
cat /etc/config/firewall
config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd03:a14e:18c0::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'br-vlan.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'dhcp'

config interface 'free'
        option proto 'dhcp'
        option device 'br-free'
        option dns_metric '10'
        option metric '10'

config device
        option type 'bridge'
        option name 'br-free'
        list ports 'br-vlan.512'

config device
        option name 'eth0'
        option ipv6 '0'

config device
        option type 'bridge'
        option name 'br-vlan'
        list ports 'lan'

config device
        option type '8021q'
        option ifname 'br-vlan'
        option vid '1'
        option name 'br-vlan.1'

config device
        option type '8021q'
        option ifname 'br-vlan'
        option vid '512'
        option name 'br-vlan.512'

root@buhg:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel 'auto'
        option band '2g'
        option htmode 'HT40'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'THE COVE PUB WIFI'
        option encryption 'sae'
        option key '***'
        option ocv '0'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option channel '52'
        option band '5g'
        option htmode 'HE80'
        option cell_density '0'
        option country 'PH'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'THE COVE PUB WIFI'
        option encryption 'sae'
        option key '***'
        option ocv '0'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'THE COVE PUB FREE WIFI'
        option encryption 'owe'
        option ieee80211w '1'
        option ocv '0'
        option network 'free'

config wifi-iface 'wifinet3'
        option device 'radio1'
        option mode 'ap'
        option ssid 'THE COVE PUB FREE WIFI'
        option encryption 'owe'
        option ieee80211w '1'
        option ocv '0'
        option network 'free'

root@buhg:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@buhg:~# cat /etc/config/firewall

config defaults
        option input 'DROP'
        option output 'ACCEPT'
        option forward 'DROP'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        option masq '0'

config zone
        option name 'free'
        option input 'DROP'
        option output 'ACCEPT'
        option forward 'DROP'
        list network 'free'
        option masq '0'

root@buhg:~#

If I just create VLAN lan.512 and add them to br-free - this will not work.
As I can see this device have hardware switch on eth0 with only one port - lan and i think it already VLANed.
May be I can enable switch configuration functional and configure HW switch for VLANs ?

3

You have got nested bridges in your config. That will not work.

There is a lot of cleanup to do. If might be faster to start from scratch after a reset to defaults.

You’ll want to use the DSA syntax with bridge-VLANs.

https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial

1 Like
4

Only this and work. Any other NOT

Same issue here: https://github.com/openwrt/openwrt/issues/14473

5

3 posts were merged into an existing topic: YouTube lags via OpenWRT wifi AP

7

The config here is a mess. Make a backup and reset to defaults. Start with just the default single network environment. Once that is proven to work, add one vlan and test again.

8

Why you merged topics? This diferent situations?!

9

They are the same device, right? Same config? That is why they were merged. It will be confusing if you have two or more simultaneous threads that result in various config changes that could affect the other thread.

That said, there are massive problems with your cohgigs and you really need to start over.

1 Like
10

Not this diferent devices. Diferent models. Diferent problems.

12

Apologies. Separated the threads.

13

Ok. With DSA Bridge work fine.
But with 802.1q interface from lan inside bridge - not work.

14

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.