Hi guys, unfortunately I am experiencing connetion problems with my brand new OF line. My ISP told me to set VLAN ID to 835 to properly connect but, after reading many threads on the forum, I still cannot connect. I have this settings right now, as suggested here
Should I manually check/correct the value in /etc/config/network ? Are there any guide to do so? Don't know how to connect and edit thi setting. Thank you so much!
It could be that the router cannot handle so high vlan number.
Use ssh to connect to the device.
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user
Thank you!
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd7d:b1f0:1ce7::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.835'
option proto 'pppoe'
option password 'removed'
option username 'removed'
option force_link '1'
option ipv6 '0'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr 'removed'
config interface 'wan6'
option proto 'dhcpv6'
option ifname 'eth0.835'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3 4 5'
option vid '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 1t'
option vid '835'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan6'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
What is this?
Do you have version 19.07 or 21.02?
What router do you have?
The connection VLAN is only half the story! To be exact the L2 part. The ISP also need to specify his L3 settings which probably most often mean that you should have DHCP client as protocol on wan interface with fiber connection. But that question is for your ISP to answer.
You forgot to paste the first command.
19.07 - WDR3600
My ISP specify PPPoE as connection protocol.
My fault
{
"kernel": "4.14.241",
"hostname": "OpenWrt",
"system": "Atheros AR9344 rev 2",
"model": "TP-Link TL-WDR3600 v1",
"board_name": "tplink,tl-wdr3600-v1",
"release": {
"distribution": "OpenWrt",
"version": "19.07.8",
"revision": "r11364-ef56c85848",
"target": "ath79/generic",
"description": "OpenWrt 19.07.8 r11364-ef56c85848"
}
}
Change eth0.835 to eth0.2
I don't think I am able to do so via GUI cause VLAN 2 does not exist actually, as you can see in the first post.
Try to type eth0.2 in the -- custom -- box at the bottom of the list.
here i am...
I think the switch in that model is an Atheros gigabit chip which supports a full table of all 4096 possible VLANs. So you don't need a separate option vid, you can just use option vlan 835. (though if you are mixing LuCI and CLI, LuCI may prefer it the separate way). Check that with swconfig dev switch0 help the first line of the report is the number of VLANs capable.
Since VLAN 835 (instead of 2) is now being tagged on both the CPU and the external port, there is no longer an eth0.2 and the option device which sets the MAC address should be changed to eth0.835.
Read the log to see why WAN is not connecting. If you have no connectivity with the ONT you will see "Timeout waiting for PADO packets." In that case you could connect a PC with Wireshark directly to the ONT to see if it is emitting PADO packets tagged 835 as expected.
switch0: mdio-bus.0(Atheros AR8327), ports: 7 (cpu @ 0), vlans: 4096
Yes, in the log i can read "Timeout waiting for PADO packets". But I don't how to do what you suggest with wireshark, sorry. May you help me?
The configuration in the first post was just the right one, it works actually. There were some misconfigurations on SVLAN with the OF infrastructure owner. Thank you all.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.