Unable to build VLAN filtering from DSA enabled router R8000P to managed switch Trendnet switch TPE-TG82ES

Dear Forum, I am struggling to build VLAN filtering with DSA enabled router R8000P to managed switch Trendnet switch TPE-TG82ES. The connection used to work for Archer C7 v1 with Openwrt 22.03 swconfig and Trendnet switch TPE-TG82ES.

R8000P VLAN Filtering

R8000P Network Config

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'xxxxxxxxxxx'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.2.1'
        option device 'br-lan.60'

config device
        option name 'wan'
        option macaddr 'xxxxxxxxxx'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config bridge-vlan
        option device 'br-lan'
        option vlan '41'
        list ports 'lan3:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '50'
        list ports 'lan4:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '60'
        list ports 'lan2:u*'

config interface 'IOT1'
        option proto 'static'
        option device 'br-lan.41'
        option ipaddr '192.168.8.1'
        option netmask '255.255.255.0'

config interface 'GUEST'
        option proto 'static'
        option device 'br-lan.50'
        option ipaddr '172.16.0.1'
        option netmask '255.255.255.0'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan1:u*'
        list ports 'lan2:t'
        list ports 'lan3:t'
        list ports 'lan4:t'

config interface 'TRUNK'
        option proto 'static'
        option device 'br-lan.10'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.0'

Trendnet switch TPE-TG82ES

So I'm noticing that there are a bunch of things that don't quite make sense here... maybe you can clarify your topology and your goals.

What I see on your router:

  • VLAN 10: TRUNK (192.168.3.0/24) on router port 1 untagged, ports 2-4 tagged.
  • VLAN 41: IOT1 (192.168.8.0/24) on router port 3 untagged
  • VLAN 50: GUEST (172.16.0.0/24) on router port 4 untagged
  • VLAN 60: lan (192.168.2.0/24) on router port 2 untagged

A few thoughts here...

  • As noted in the VLAN/port mappings, with the exception of the TRUNK network, the other networks only appear on one physical port each, and they are untagged on those ports. Typically, you'd have all of the VLANs present (tagged) on the port/cable that connects between the router and the switch. That isn't the case here. You'd have to run multiple cables.
  • On the switch, each of your networks is only present on a single port, except for the TRUNK network... Connecting something to ports 5-8 does nothing at all, and ports 1-4 are 'dead ends'
  • The word "trunk" typically means a port/cable that is carrying multiple VLANs. You have created a network called TRUNK -- while this doesn't violate any 'reserved words', it is likely to be confusing. What is the purpose of this network? Maybe you can rename it accordingly.
  • There is a custom when working with /24 networks to have the VLAN ID = third octet of the network... again, by no means required, but makes things easier to follow...
    For example, VLAN 10 is currently 192.168.3.0/24. I'd suggest either using VLAN 3 for that network, or making the network 192.168.10.0/24. This is purely for the human readability, though, so take it or leave it.

So...

  • What port on the router is used to connect to the switch?
  • What is the corresponding port on the switch that connects to the router?
  • On the router, you have 3 other ports -- what do you want them to do (which network on which port)
  • You have 7 other ports on the switch... what networks should be present on each port.
  • Do you have any other VLAN aware devices downstream of the switch (or the other ports on the router) such as another managed switch or a VLAN-aware access point? If so, what networks should be carried to those devices and on which port(s).
  • A drawing could be useful here -- feel free to make a sketch on paper and upload a photo.
  • What port on the router is used to connect to the switch?
    port1 (LAN1)

  • What is the corresponding port on the switch that connects to the router?
    port1 (LAN1)

  • On the router, you have 3 other ports -- what do you want them to do (which network on which port)
    LAN2 VLAN 60: lan (192.168.2.0/24)
    LAN3 VLAN 41: IOT1 (192.168.8.0/24)
    LAN4 VLAN 50: GUEST (172.16.0.0/24

  • You have 7 other ports on the switch... what networks should be present on each port.
    Port 1 for TRUNK
    Port 2 for VLAN41 IOT1 (192.168.8.0/24)
    Port 3 for VLAN50 GUEST (172.16.0.0/24
    Port 4 for VLAN60 LAN (192.168.2.0/24)
    Port 5-8 not in use

  • Do you have any other VLAN aware devices downstream of the switch (or the other ports on the router) such as another managed switch or a VLAN-aware access point? If so, what networks should be carried to those devices and on which port(s).
    no, but I am planning to add cameras with POE.

  • A drawing could be useful here -- feel free to make a sketch on paper and upload a photo.

DSA setup is different and I cannot find working example. I was following youtube OneMarcFifty videos and was able to make it work for Archer C7 v1 with Openwrt 22.03 swconfig and Trendnet switch TPE-TG82ES.

Ok... thanks for that info.

You'll want to make your changes either while connected to wifi or by ethernet to the lan network (using port lan2)

Start by deleting the TRUNK network since it seems to be unused and unnecessary.

Next, change VLAN 60 to be tagged on port 1 (and maintain the untagged port 2)

config bridge-vlan
        option device 'br-lan'
        option vlan '60'
        list ports 'lan1:t'
        list ports 'lan2:u*'

Likewise, add VLANs 41 and 50 as tagged networks on port lan1

config bridge-vlan
        option device 'br-lan'
        option vlan '41'
        list ports 'lan1:t'
        list ports 'lan3:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '50'
        list ports 'lan1:t'
        list ports 'lan4:u*'

Then, on your switch

  • delete VLAN 10
  • keep the untagged assignments as currently set
  • set VLAN 41 to be tagged on port 1
  • set VLAN 50 to be tagged on port 1
  • set VLAN 60 to be tagged on port 1

There are plenty of examples on the forums, and the DSA mini tutorial, but yes, it is new and still a bit confusing (and the documentation is still 'catching up').

However, I am not sure why the TRUNK network was added and the switch (which is not OpenWrt) was not configured properly either. So even if you had nailed DSA, you wouldn't have had a functioning configuration. It seems like things were changed on the switch (unnecessarily) which would have certainly caused some additional headaches.

Try the things I suggested and let me know what happens.

I will work on the post to get working config from Archer C7 and Managed switch that with working Trunk port.

I search all forum, videos and read all article about DSA but cannot make trunk connection working.

No need to work on the C7 if that's not part of the new network topology... just make the recommended changes... it should work, but if it doesn't, we'll figure it out.

Thank you for looking into this issue. I have made all changes on the router and managed switch. Initially my vlan filtering tab looked the same as you suggested.
Connected Archer C7 with openwrt 22.03 and swconfig to verify that the managed switch is working, and then switched to R8000P.
Trunk is not working. I am unable to connect to the switch ports 2,3 and 4 with workstation.

Update R8000P vlan filtering:

Update Managed Switch TPE-TG82ES VLAN configuration:

Managed Switch TPE-TG82ES Port configuration:

I understand that Archer C7 v1.1 is old device on new Openwrt 22.03 software. Archer C7 v1.1 switch configuration works without any issues with managed switch.

Here is Archer C7 switch configuration:

So let's go through some troubleshooting...

On the R8000P, do you get connectivity with the appropriate networks when you plug a computer directly into ports 2, 3, and 4?

Yes. I am able to get DHCP for each network from the router.

I was thinking may be R8000P is not good so I flashed Openwrt to Asus rt-ac68u and have the same issue.

Ok... so that means that we're just looking at either the trunk or the switch...

please test the connections on port 2, 3, and 4 of the switch... do any of them work?

For managed switch ports 2,3, 4 do not provide any DHCP.

Ok... let's take a look the network config file again. And let's verify that the switch is configured properly -- make sure that the configuration was actually saved and applied.

I have verified the setup. There are no pending changes on the router.

can you post the latest /etc/config/network file?

I was asking about the switch -- did you verify that, too?

Switch does not have any pending changes and I have verified that it is working with Archer C7.

will you be posting this?