Using RPi4 and a managed switch + vlans

Hello all,

I am just trying to see if I could set up a router. My test set up is as follows:
RPi4
ZyXel Switch with 8 ports.
Vodafone broadband

Zyxel has been configured as vlans:
port 6 for RPi 4
Port 7 for LAN
Port 8 for WAN
No other ports in use.

So I am trying to setup RPi 4 connected to Zyxel and creating two ports. It works for as DHCP but it is not working as pppoe. Can somebody please look at this code and let me know what am I doing wrong.

I probably has missed other key information but pls let me know and I can add them here.

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdee:0d37:df93::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config bridge-vlan
        option device 'br-lan'
        option vlan '11'
        list ports 'eth0:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '99'
        list ports 'eth0:t'

#config interface 'wan'
#       option proto 'dhcp'
#       option device 'br-lan.99'

config interface 'wan'
        option proto 'pppoe'
        option username 'test1234@broadband.vodafone.co.uk'
        option password 'xxxxxx'
        option ipv6 '0'
        option ifname 'eth0.911'

config interface 'lan'
        option device 'br-lan.11'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ipassign '60'

Thank you for your help.

Wrong vlan?

For reference this is /etc/config/network from my RPi4 that was in a setup with a managed swtich/VLANs. The RPi was making use of a USB dongle NIC for its 2nd adapter.

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd1a:184b:b879::/48'
	option packet_steering '1'

config device
	option name 'eth0'
	option ipv6 '0'

config device
	option name 'eth1'
	option ipv6 '0'

config device
	option name 'wg0'
	option ipv6 '0'

config device
	option name 'eth0.3'
	option type '8021q'
	option ifname 'eth0'
	option vid '3'
	option ipv6 '0'

config device
	option name 'eth0.4'
	option type '8021q'
	option ifname 'eth0'
	option vid '4'
	option ipv6 '0'

config device
	option name 'eth0.5'
	option type '8021q'
	option ifname 'eth0'
	option vid '5'
	option ipv6 '0'

config device
	option name 'eth0.10'
	option type '8021q'
	option ifname 'eth0'
	option vid '10'
	option ipv6 '0'

config device
	option type 'bridge'
	option name 'lxcbr0'
	option ipv6 '0'
	option bridge_empty '1'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'
	option peerdns '0'
	option delegate '0'
	list dns '10.0.4.250'

config interface 'lxc'
	option device 'lxcbr0'
	option proto 'static'
	option ipaddr '10.0.4.1'
	option netmask '255.255.255.0'

config interface 'guest'
	option device 'eth0.3'
	option proto 'static'
	option ipaddr '10.9.7.1'
	option netmask '255.255.255.0'

config interface 'office'
	option device 'eth0.4'
	option proto 'static'
	option ipaddr '10.9.6.1'
	option netmask '255.255.255.0'
	list dns '1.1.1.1'
	list dns '1.0.0.1'

config interface 'iot'
	option device 'eth0.5'
	option proto 'static'
	option ipaddr '10.9.5.1'
	option netmask '255.255.255.0'

config interface 'lan'
	option device 'eth0.10'
	option proto 'static'
	option ipaddr '10.9.8.1'
	option netmask '255.255.255.0'

config interface 'wg0'
	option proto 'wireguard'
	option listen_port '51820'
	list addresses '10.200.200.200/24'
...

Hi Thank you.

Vodafone uses vlan 911. So I am trying to tag that. So this is wrong and I am having issues with this

Hi darksky. Thank you for your network file. I am trying to setup as vlan - rpi one to zyxel 2 ports.

If this doesn't work I will get an USB dongle and I can use your config file

config bridge-vlan
        option device 'br-lan'
        option vlan '911'
        list ports 'eth0:t'

config interface 'wan'
        option proto 'pppoe'
        option username 'test1234@broadband.vodafone.co.uk'
        option password 'xxxxxx'
        option ipv6 '0'
        option ifname 'br-lan.911'

How about this?

I don’t think you can have two VLANs assigned to a single port.

It does work, I used to do it with my RPi some time ago.

Two untagged VLANs per port is possible? That's news to me

You are correct that you can only have one (or zero) untagged networks on a port, but the OP and @trendy were not discussing multiple untagged networks. In fact, all of the configs in this thread have both VLANs tagged.

Hi trendy

That didn't work.

Screenshot 2024-10-12 105308995×435 21.8 KB

Let’s see the latest network config file (in text form).

Hi

here we go:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdee:0d37:df93::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config bridge-vlan
        option device 'br-lan'
        option vlan '11'
        list ports 'eth0:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '99'
        list ports 'eth0:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '911'
        list ports 'etho:t'

#config interface 'wan'
#       option proto 'dhcp'
#       option device 'br-lan.99'

config interface 'wan'
        option proto 'pppoe'
        option device 'br-lan.99'
        option username 'test1234@broadband.vodafone.co.uk'
        option password 'xxxxxx'
        option ipv6 '0'
        option ifname 'br-lan.911'

config interface 'lan'
        option device 'br-lan.11'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ipassign '60'

Thanks

Since this is a pi, we can directly use dotted notation. No need for bridge-vlans.

delete these:

Edit br-lan to use eth0.11:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.11'

Then edit the lan interface to use just br-lan:

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ipassign '60'

And finally edit the wan to look like this, using eth0.911:

[quote="bpatel111, post:13, topic:212701"]

config interface 'wan'
        option proto 'pppoe'
        option device 'eth0.911'
        option username 'test1234@broadband.vodafone.co.uk'
        option password 'xxxxxx'
        option ipv6 '0'

Also delete this:

Reboot and test after those changes.

BTW, the reason it wasn't working was probably twofold... one you have a typo in the bridge-vlan for VLAN 911 (you used etho:t instead of eth0:t) and you also lines that attempted to connect the wan interface to two bridges -- one of them using the correct option device but the wrong device itself, and the other using the incorrect option ifname (this syntax has been deprecated) with the correct device name. But all of that said, the changes I made will make your config simpler and cleaner, and will work if implemented properly.

If this doesn't work, please post the updated config.

Hi Peter
Thank you. I will test it out tonight and post an update.

Regards

Hi Peter

That didn't work. I will attach the latest network code further down. Question I have is:
I have a ZyXel Managed switch. (sorry, I can't do the screensot at the moment)
Port 6 is for Pi itself
Port 7 is LAN (Tagged as 11)
Port 8 is WAN (Tagged as 99)

How does it relate to our network code? (Sorry, I know basics but not too much)

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdee:0d37:df93::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.11'

config interface 'wan'
        option proto 'pppoe'
        option device 'eth0.911'
        option username '1234@broadband.vodafone.co.uk'
        option password 'xxxxxxx'
        option ipv6 '0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ipassign '60'

You had a typo, etho instead of eth0

Where the 911 then?

As @trendy points out, you don't mention VLAN 911 on the managed switch.

Please check your ISP for the correct VLAN to use, and then your managed switch to ensure that it is tagged on both the modem connection as well as the port for the Pi.

In the managed switch you need:
Two VLANs 1 and 911. The number you use for LAN is arbitrary but it has to be the same throughout your network, and not used for any other VLAN. Number 911 has to match what the ISP device requires.

A cheap managed switch cannot rewrite VLAN numbers (and it's really rare to want to do it on an expensive switch which can, because it would make the network very confusing). In other words the packets going to the modem must keep the same VLAN number on the other port that is connected to the Pi.

Port 6 (the Pi) tagged in both VLANs. If you have to set a PVID you can use either 1 or 911, the PVID only controls what happens to untagged packets that might come in the port, of which there should not be any.
Port 7 (the LAN) untagged in 1, PVID of 1.
Port 8 (the ISP) tagged in 999, off in 1, PVID of 911 if you have to set a PVID.

Edit changed VLAN number to 911 per @psherman.

Not 999, from what I can tell, per this:

But, the OP should verify to make sure that they have the correct VLAN ID required for the ISP.