VLAN config swconfig vs. /etc/config/network

Installing and Using OpenWrt Network and Wireless Configuration
1

Dear all,

I am trying to configure VLAN on LAN on a fritzbox 4040. Having read the following I still didnt get it running.

First I avoided vid 1 and 2. I heard that VLAN over WAN cannot be configured in Luci but as I want VLAN over LAN I first tried it in Luci:

grafik
grafik1048×324 14.8 KB

I also checked that my LAN interface is physically bound to eth0.10.
Changes applied in Luci but the openwrt device was no longer accessible, so it reverted the changes (lucky me).

In a second step I tried basically the same via ssh. I changed the initial standard switch config to:

...
config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '10'
        option vid '10'
        option ports '1 3 4 0t'

config switch_vlan
        option device 'switch0'
        option vlan '20'
        option vid '20'
        option ports '2 0t'


config interface 'WLAN'
        option proto 'static'
        option delegate '0'
        list ipaddr '192.168.150.1/24'

config interface 'LAN'
        option ifname 'eth0.10'
        option proto 'static'
        option netmask '255.255.255.0'
        option delegate '0'
        option ipaddr '192.168.200.1'

The result is that I cannot access the openwrt box any more via LAN (plugged into LAN 1). Accessing it via Wifi still works. I also saw that the box didnt give my client a DHCP lease.

The strange thing is that swconfig dev switch0 show gives me the initial VLANS (1 and 2) plus the newly created (10 and 20):

...
VLAN 1:
        vid: 1
        ports: 0t 1t 2t 3t 4t
VLAN 2:
        vid: 2
        ports: 0t 5
VLAN 10:
        vid: 10
        ports: 0t 1 3 4
VLAN 20:
        vid: 20
        ports: 0t 2

Probably I have to remove vlan 1+2 but what is the command to remove them??

btw: the intent to create the VLAN is to have a DMZ on a single LAN port.
Can anybody help out, I wonder why the tested and working configs from the first site mentioned above dont work for me.

PS: this is the full result of swconfig dev switch0 show

Global attributes:
        enable_vlan: 1
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        mirror_monitor_port: 0
        mirror_source_port: 0
        linkdown: ???
Port 0:
        mib: Port 0 MIB counters
RxBroad     : 884
RxPause     : 0
RxMulti     : 90
RxFcsErr    : 0
RxAlignErr  : 0
RxRunt      : 0
RxFragment  : 0
Rx64Byte    : 0
Rx128Byte   : 1454324
Rx256Byte   : 414471
Rx512Byte   : 191490
Rx1024Byte  : 305967
Rx1518Byte  : 634623
RxMaxByte   : 2287620
RxTooLong   : 0
RxGoodByte  : 4716398394
RxBadByte   : 0
RxOverFlow  : 0
Filtered    : 922
TxBroad     : 17347
TxPause     : 0
TxMulti     : 16451
TxUnderRun  : 0
Tx64Byte    : 1068131
Tx128Byte   : 442677
Tx256Byte   : 422746
Tx512Byte   : 187568
Tx1024Byte  : 305964
Tx1518Byte  : 917013
TxMaxByte   : 2018498
TxOverSize  : 0
TxByte      : 4721261569
TxCollision : 0
TxAbortCol  : 0
TxMultiCol  : 0
TxSingleCol : 0
TxExcDefer  : 0
TxDefer     : 0
TxLateCol   : 0

        pvid: 0
        link: port:0 link:up speed:1000baseT full-duplex txflow rxflow
Port 1:
        mib: Port 1 MIB counters
RxBroad     : 2102
RxPause     : 0
RxMulti     : 6014
RxFcsErr    : 1
RxAlignErr  : 0
RxRunt      : 0
RxFragment  : 0
Rx64Byte    : 1069284
Rx128Byte   : 133082
Rx256Byte   : 114897
Rx512Byte   : 12555
Rx1024Byte  : 6030
Rx1518Byte  : 227188
RxMaxByte   : 1
RxTooLong   : 0
RxGoodByte  : 448491116
RxBadByte   : 1524
RxOverFlow  : 0
Filtered    : 2
TxBroad     : 7
TxPause     : 2705
TxMulti     : 35
TxUnderRun  : 0
Tx64Byte    : 128894
Tx128Byte   : 257346
Tx256Byte   : 201653
Tx512Byte   : 167801
Tx1024Byte  : 300402
Tx1518Byte  : 2688821
TxMaxByte   : 0
TxOverSize  : 0
TxByte      : 4238083953
TxCollision : 0
TxAbortCol  : 0
TxMultiCol  : 0
TxSingleCol : 0
TxExcDefer  : 0
TxDefer     : 0
TxLateCol   : 0

        pvid: 10
        link: port:1 link:up speed:1000baseT full-duplex txflow rxflow auto
Port 2:
        mib: Port 2 MIB counters
RxBroad     : 0
RxPause     : 0
RxMulti     : 0
RxFcsErr    : 0
RxAlignErr  : 0
RxRunt      : 0
RxFragment  : 0
Rx64Byte    : 0
Rx128Byte   : 0
Rx256Byte   : 0
Rx512Byte   : 0
Rx1024Byte  : 0
Rx1518Byte  : 0
RxMaxByte   : 0
RxTooLong   : 0
RxGoodByte  : 0
RxBadByte   : 0
RxOverFlow  : 0
Filtered    : 0
TxBroad     : 0
TxPause     : 0
TxMulti     : 0
TxUnderRun  : 0
Tx64Byte    : 0
Tx128Byte   : 0
Tx256Byte   : 0
Tx512Byte   : 0
Tx1024Byte  : 0
Tx1518Byte  : 0
TxMaxByte   : 0
TxOverSize  : 0
TxByte      : 0
TxCollision : 0
TxAbortCol  : 0
TxMultiCol  : 0
TxSingleCol : 0
TxExcDefer  : 0
TxDefer     : 0
TxLateCol   : 0

        pvid: 20
        link: port:2 link:down
Port 3:
        mib: Port 3 MIB counters
RxBroad     : 0
RxPause     : 0
RxMulti     : 0
RxFcsErr    : 0
RxAlignErr  : 0
RxRunt      : 0
RxFragment  : 0
Rx64Byte    : 0
Rx128Byte   : 0
Rx256Byte   : 0
Rx512Byte   : 0
Rx1024Byte  : 0
Rx1518Byte  : 0
RxMaxByte   : 0
RxTooLong   : 0
RxGoodByte  : 0
RxBadByte   : 0
RxOverFlow  : 0
Filtered    : 0
TxBroad     : 0
TxPause     : 0
TxMulti     : 0
TxUnderRun  : 0
Tx64Byte    : 0
Tx128Byte   : 0
Tx256Byte   : 0
Tx512Byte   : 0
Tx1024Byte  : 0
Tx1518Byte  : 0
TxMaxByte   : 0
TxOverSize  : 0
TxByte      : 0
TxCollision : 0
TxAbortCol  : 0
TxMultiCol  : 0
TxSingleCol : 0
TxExcDefer  : 0
TxDefer     : 0
TxLateCol   : 0

        pvid: 10
        link: port:3 link:down
Port 4:
        mib: Port 4 MIB counters
RxBroad     : 0
RxPause     : 0
RxMulti     : 0
RxFcsErr    : 0
RxAlignErr  : 0
RxRunt      : 0
RxFragment  : 0
Rx64Byte    : 0
Rx128Byte   : 0
Rx256Byte   : 0
Rx512Byte   : 0
Rx1024Byte  : 0
Rx1518Byte  : 0
RxMaxByte   : 0
RxTooLong   : 0
RxGoodByte  : 0
RxBadByte   : 0
RxOverFlow  : 0
Filtered    : 0
TxBroad     : 0
TxPause     : 0
TxMulti     : 0
TxUnderRun  : 0
Tx64Byte    : 0
Tx128Byte   : 0
Tx256Byte   : 0
Tx512Byte   : 0
Tx1024Byte  : 0
Tx1518Byte  : 0
TxMaxByte   : 0
TxOverSize  : 0
TxByte      : 0
TxCollision : 0
TxAbortCol  : 0
TxMultiCol  : 0
TxSingleCol : 0
TxExcDefer  : 0
TxDefer     : 0
TxLateCol   : 0

        pvid: 10
        link: port:4 link:down
Port 5:
        mib: Port 5 MIB counters
RxBroad     : 15533
RxPause     : 0
RxMulti     : 10548
RxFcsErr    : 0
RxAlignErr  : 0
RxRunt      : 0
RxFragment  : 0
Rx64Byte    : 149732
Rx128Byte   : 266471
Rx256Byte   : 206608
Rx512Byte   : 174690
Rx1024Byte  : 302288
Rx1518Byte  : 2709045
RxMaxByte   : 0
RxTooLong   : 0
RxGoodByte  : 4263214891
RxBadByte   : 0
RxOverFlow  : 0
Filtered    : 9271
TxBroad     : 7
TxPause     : 6
TxMulti     : 13
TxUnderRun  : 0
Tx64Byte    : 1032253
Tx128Byte   : 148368
Tx256Byte   : 115699
Tx512Byte   : 13067
Tx1024Byte  : 6009
Tx1518Byte  : 229971
TxMaxByte   : 0
TxOverSize  : 0
TxByte      : 451330838
TxCollision : 0
TxAbortCol  : 0
TxMultiCol  : 0
TxSingleCol : 0
TxExcDefer  : 0
TxDefer     : 0
TxLateCol   : 0

        pvid: 2
        link: port:5 link:up speed:100baseT full-duplex txflow rxflow auto
VLAN 1:
        vid: 1
        ports: 0t 1t 2t 3t 4t
VLAN 2:
        vid: 2
        ports: 0t 5
VLAN 10:
        vid: 10
        ports: 0t 1 3 4
VLAN 20:
        vid: 20
        ports: 0t 2

swconfig dev switch0 help

switch0: 90000.mdio(QCA AR40xx), ports: 6 (cpu @ 0), vlans: 128
     --switch
        Attribute 1 (int): enable_vlan (Enable VLAN mode)
        Attribute 2 (none): reset_mibs (Reset all MIB counters)
        Attribute 3 (int): enable_mirror_rx (Enable mirroring of RX packets)
        Attribute 4 (int): enable_mirror_tx (Enable mirroring of TX packets)
        Attribute 5 (int): mirror_monitor_port (Mirror monitor port)
        Attribute 6 (int): mirror_source_port (Mirror source port)
        Attribute 7 (int): linkdown (Link down all the PHYs)
        Attribute 8 (none): apply (Activate changes in the hardware)
        Attribute 9 (none): reset (Reset the switch)
     --vlan
        Attribute 1 (int): vid (VLAN ID (0-4094))
        Attribute 2 (ports): ports (VLAN port mapping)
     --port
        Attribute 1 (none): reset_mib (Reset single port MIB counters)
        Attribute 2 (string): mib (Get port's MIB counters)
        Attribute 3 (int): pvid (Primary VLAN ID)
        Attribute 4 (unknown): link (Get port link information)
2

Your config looks correct. However you changed the name of the interface from lan to LAN. And since OpenWrt is case sensitive, did you apply the changes to dhcp, firewall, etc?

1 Like
3

That shouldn't be the problem because when I change back to

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '1 2 3 4 0'
...
config interface 'Lan'
        option ifname 'eth0'

I get a DHCP lease on LAN and can access the internet from LAN.
Also swconfig dev switch0 show only gives VID 1+2:

VLAN 1:
        vid: 1
        ports: 0 1 2 3 4
VLAN 2:
        vid: 2
        ports: 0t 5

So, is there any way to remove VID 1 and 2 from swconfig in the config in my initial post?

4

You don't need to remove them. Leave them hanging there without any ports assigned.

It has been mentioned in the forums that VLAN IDs 1 and 2 are treated specially by the hardware driver ([solved] VLANs on ipq40xx alternative config (for Fritzbox 4040) - #6 by aboaboit). Although using these on eth0 did work for a quick test, it is probably best to avoid VLAN ID 1 and 2 if possible. This has been tested with OpenWrt 18.06 to 19.07 and may change with updated hardware drivers.

1 Like
5

Ok, but if I use the first config with VID 10 and 20 LAN is not usable. Do you have an alternative config I could try out? Or how can I investigate further?

6

Better ask @aboaboit , since he owns the device and he solved the issue.

7

Sorry, what should I solve? This is the situation now:
immagine

1 Like
8

I try to summarize the problem:

starting with this

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '0 1 2 3 4'

config interface 'WLAN'
        option proto 'static'
        option delegate '0'
        list ipaddr '192.168.150.1/24'

config interface 'LAN'
        option ifname 'eth0'
        option proto 'static'
        option netmask '255.255.255.0'
        option delegate '0'
        option ipaddr '192.168.200.1'

I had working LAN and WLAN interfaces.

Then I wanted to create a VLAN and changed the switch_vlan paragraph to this:

config switch_vlan
        option device 'switch0'
        option vlan '10'
        option vid '10'
        option ports '1 3 4 0t'

config switch_vlan
        option device 'switch0'
        option vlan '20'
        option vid '20'
        option ports '2 0t'
...
config interface 'LAN'
        option ifname 'eth0.10'

However this caused my LAN to be disfunctional (no DHCP lease, no ping to the internet). WLAN continued to work, however.
Doea this ring a bell for you? Any ideas which config I can try to have a VLAN on a LAN port?
Thank you very much!

9

Ok, in my logbook I see that I first encountered this issue when upgrading from 18.06.3 to 18.06.4, so anything below .3 won't have this issue and anything above requires the same trick: in the end the solution was avoiding "low" vlan numbers.

I don't have a definite "safe" low limit, but 100+ work for me:

config switch_vlan
        option device 'switch0'
        option vlan '101'
        option vid '101'
        option ports '0t 1 2'

config switch_vlan
        option device 'switch0'
        option vlan '102'
        option vid '102'
        option ports '0t 4'

config switch_vlan
        option device 'switch0'
        option vlan '103'
        option ports '0t 3'
        option vid '103'

Of course, at this point you'll have to create matching interfaces for the new branch(es) but that's another (simpler) story.

10

You might try my build for the FB 4040, switch, VLANs and LuCi working:
https://forum.openwrt.org/t/build-for-fritzbox-4040-switch-and-luci-working/

Cheers,
Thomas

11

When I was about to test the high VIDs suggested by @aboaboit I somehow misconfigured the box and locked myself out...
So I had to flash it again anyway and tried @tomtom 's image rightaway. I didn't test very much yet, but i can confirm that VLANs are working!

grafik
grafik852×309 11.5 KB

grafik

Thank you very much for this great custom image, @tomtom !!!

1 Like
12

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.