Unable to build VLAN filtering from DSA enabled router R8000P to managed switch Trendnet switch TPE-TG82ES

Latest R8000P network configuration:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'xxxxxxxxx'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.2.1'
        option device 'br-lan.60'

config device
        option name 'wan'
        option macaddr 'xxxxxxxxx'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config bridge-vlan
        option device 'br-lan'
        option vlan '41'
        list ports 'lan1:t'
        list ports 'lan3:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '50'
        list ports 'lan1:t'
        list ports 'lan4:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '60'
        list ports 'lan1:t'
        list ports 'lan2:u*'

config interface 'IOT1'
        option proto 'static'
        option device 'br-lan.41'
        option ipaddr '192.168.8.1'
        option netmask '255.255.255.0'

config interface 'GUEST'
        option proto 'static'
        option device 'br-lan.50'
        option ipaddr '172.16.0.1'
        option netmask '255.255.255.0'

Everything looks fine. Try restarting both the router and the switch and see if that fixes it. Also, verify that R8000P port 1 is connected to the switch port 1.

Router and switch are restarted. R8000P port 1 is connected to the switch port 1.
Testing computer on port 4 of the managed switch. No DHCP.

Can you show what the switch GUI shows when you click edit on one of the VLANs (say VLAN 60)?

Managed switch GUI shows edit of the VLAN 60:

Ok... everything looks fine there, too.

So, to confirm (and it would be good for you to run this test once more)... if you plug the Archer C7 into switch port 1 (instead of the R8000P), you are able to get proper connectivity on switch ports 2-4?

Yes. I am getting DHCP from all three networks.

Are you using the same cable to connect between the switch and each of those routers? (just to rule out a bad cable)

what is the output of:

ubus call system board

Yes. I am using the same cable for port1 between managed switch and the router.

ubus call system board

ubus call system board
{
        "kernel": "5.10.161",
        "hostname": "OWR8000P",
        "system": "ARMv8 Processor rev 0",
        "model": "Netgear R8000P",
        "board_name": "netgear,r8000p",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.3",
                "revision": "r20028-43d71ad93e",
                "target": "bcm4908/generic",
                "description": "OpenWrt 22.03.3 r20028-43d71ad93e"
        }
}

K... I'm out of ideas.

A hail mary??

  • make a backup
  • reset the router to defaults
  • restore the backup
  • test

If that doesn't work...

  • reset the router again
  • manually restore (by copying the files over) the following files:
    • /etc/config/network
    • /etc/config/dhcp
    • /etc/config/wireless
    • /etc/config/firewall

Thank you so much for your help. I will try to reset R8000P tomorrow.

I have reset R8000P and did VLAN 60 test only. There is no DHCP on my computer.

I think this is a bug that need to go to developers because ASUS rt-ac68u behaves the same way.

I will try to flush Belkin RT3200 with Mediateck chipset, and next test candidate is
MikroTik hEX S RB760iGS

Let's see the resulting config file.

Possibly. As I understand the problem, it is affecting tagging on a port only...
Do you happen to have any other VLAN aware equipment that you could use? Ideally, a computer that has support for VLANs (on a Mac, it's actually really easy).

Or, you could use one of your other routers (including the ac68u) to do some additional debug. My idea here is simple... setup VLAN60 purely as a bridge on the AC68u with port 1 tagged and port 2 untagged. Don't assign this to any networks.

R8000P w/ VLAN 60 tagged on port 1 > AC68u port 1 with VLAN 60 tagged > AC68u w/ VLAN 60 untagged on port 2 > PC connected on port 2.

Thank you. Good idea. I will try.

I have taken the route of flashing Belkin RT3200 and added VLAN 60 and got DHCP on my computer.

So the devices with Broadcom chipset 4809 have bugs for port trunking.
This relates to R8000P and ASUS RT-AC68U firmware.

How to let developers know that there is a bug in firmware for Broadcom chipset 4809?

Fixing firmware for Broadcom chipset 4809 will enable us to use good quality routers even WIFI is not available.

Assuming that this is indeed the problem, I think that it may be more precisely characterized as a bug with tagging networks on a port. Obviously tagging is required for trunking, but a single tagged network is technically not a trunk but is apparently the root of the issue you're running into.

Did you try running the R8000P > RT-AC68U experiment I suggested?

I will try this test next weekend. Only one thing I do not understand why to test broken firmware.
Even if the devices (R8000P and RT68U) will communicate with each other via the trunk it would not help me to rebuild my house network with VLANs for cameras and new LAN feed for two floors.
I am planning to use multiple POE commercial managed switches with VLANs.

Yes, I think that's true. However, what I'd like to know is if it works between those two devices. The next step would be to understand if there is:

  • something wrong with the 802.1q tagging that is happening but is consistent between the two devices such that they can establish functional tagged vlan link?
  • Is there something about what is happening here that makes your switch unhappy, but might be okay with other VLAN aware devices?

I have two routers running.
R8000P w/ VLAN 60 tagged on port 1.
AC68u (br-Lan DHCP removed) port 1 with VLAN 60 tagged > AC68u w/ VLAN 60 untagged on port 2 > PC connected on port 2.

I am not getting dhcp on port 2 of AC68u .
AC68U network config:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd16:ae52:a007::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option device 'br-lan.60'
        option ipaddr '192.168.5.1'

config device
        option name 'wan'
        option macaddr '70:4D:7B:E1:98:10'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config bridge-vlan
        option device 'br-lan'
        option vlan '41'
        list ports 'lan1:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '50'
        list ports 'lan1:t'
        list ports 'lan4:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '60'
        list ports 'lan1:t'
        list ports 'lan2:u*'
        list ports 'lan3:u*'

config interface 'IOT1'
        option proto 'static'
        option device 'br-lan.41'
        option ipaddr '192.168.8.1'
        option netmask '255.255.255.0'

config interface 'GUEST'
        option proto 'static'
        option device 'br-lan.50'
        option ipaddr '172.16.0.1'
        option netmask '255.255.255.0'

Try creating an unmanaged interface for VLAN60.

config interface 'vlan60'
        option proto 'none'
        option device 'br-lan.60'