VLAN on AR71XX

Weng · September 18, 2019, 7:20am

Hi,

My device is AR71XX . It has eth0 and eth1(4 ethernet port and 0 port to cpu).

root@ACU:~# swconfig dev eth1 help
switch0: eth1(AR934X built-in switch), ports: 5 (cpu @ 0), vlans: 16
     --switch
       Attribute 1 (int): enable_vlan (Enable VLAN mode)
       Attribute 2 (none): apply (Activate changes in the hardware)
       Attribute 3 (none): reset (Reset the switch)
     --vlan
       Attribute 1 (int): vid (VLAN ID)
       Attribute 2 (ports): ports (VLAN port mapping)
     --port
       Attribute 1 (int): pvid (Primary VLAN ID)
       Attribute 2 (unknown): link (Get port link information)
root@ACU:~# swconfig dev switch0 help
switch0: eth1(AR934X built-in switch), ports: 5 (cpu @ 0), vlans: 16
     --switch
       Attribute 1 (int): enable_vlan (Enable VLAN mode)
       Attribute 2 (none): apply (Activate changes in the hardware)
       Attribute 3 (none): reset (Reset the switch)
     --vlan
       Attribute 1 (int): vid (VLAN ID)
       Attribute 2 (ports): ports (VLAN port mapping)
     --port
       Attribute 1 (int): pvid (Primary VLAN ID)
       Attribute 2 (unknown): link (Get port link information)

I can't find the VLAN configuration in LUCI. Is there a VLAN configuration WEB in LUCI ?
And I want to configure the network like this. I connect eth0 with trunk of external device.
The external device has two network (vlan1 and vlan178). VLAN1 is static(172.30.0.137) and VLAN178 is DHCP(192.170.2.97).
PC1 connect to port1 of eth1 . PC2 connect to port2 of eth1. I hope PC1 can access 172.30.0.137 and PC2 can access 192.170.2.97.
Can this be achieved? And how to configure the VLAN with OPENWRT?

Best,
Weng

trendy · September 18, 2019, 9:36am

For eth0 you need to create new interfaces with the .X suffix for each vlan you want to use. For example eth0.1 and eth0.178
Then you need to assign the physical ports of eth1 to the VLAN you want to use. For example port3 should be on VLAN1 untagged and port1 on VLAN178 untagged.
Finally you need to bridge the subinterfaces that belong to the same VLAN in order to be able to communicate with each other.

It should be called "Switch" under the "Network" drop down list.
You can also configure it directly in /etc/config/network file.

Weng · September 19, 2019, 1:35am

Thanks very much. But it still not work.
/etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan1'
        option type 'bridge'
        option ifname 'eth1.1 eth0.1'
        option proto 'static'
        option ipaddr '172.30.0.139'
        option netmask '255.255.255.0'

config interface 'lan2'
        option type 'bridge'
        option ifname 'eth1.178 eth0.178'
        option proto 'dhcp'

config switch 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan 'vlan1'
        option device 'switch0'
        option vlan '1'
        option ports '3'

config switch_vlan 'vlan178'
        option device 'switch0'
        option vlan '178'
        option ports '1'

ifconfig display

root@ACU:~# ifconfig
br-lan1   Link encap:Ethernet  HWaddr D8:25:B0:00:57:47  
          inet addr:172.30.0.139  Bcast:172.30.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:75 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:3150 (3.0 KiB)

br-lan2   Link encap:Ethernet  HWaddr D8:25:B0:00:57:47  
          inet addr:192.170.2.102  Bcast:192.170.2.127  Mask:255.255.255.224
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:24 errors:0 dropped:0 overruns:0 frame:0
          TX packets:208 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2118 (2.0 KiB)  TX bytes:16116 (15.7 KiB)

eth0      Link encap:Ethernet  HWaddr D8:25:B0:00:57:46  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:500 errors:0 dropped:0 overruns:0 frame:0
          TX packets:523 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:232568 (227.1 KiB)  TX bytes:46932 (45.8 KiB)
          Interrupt:4 

eth0.1    Link encap:Ethernet  HWaddr D8:25:B0:00:57:46  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:75 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:3150 (3.0 KiB)

eth0.178  Link encap:Ethernet  HWaddr D8:25:B0:00:57:46  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:24 errors:0 dropped:0 overruns:0 frame:0
          TX packets:208 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2118 (2.0 KiB)  TX bytes:16116 (15.7 KiB)

eth1      Link encap:Ethernet  HWaddr D8:25:B0:00:57:47  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1000 errors:0 dropped:231 overruns:0 frame:0
          TX packets:323 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:109136 (106.5 KiB)  TX bytes:30310 (29.5 KiB)
          Interrupt:5 

eth1.1    Link encap:Ethernet  HWaddr D8:25:B0:00:57:47  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:2184 (2.1 KiB)

eth1.178  Link encap:Ethernet  HWaddr D8:25:B0:00:57:47  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:822 errors:0 dropped:0 overruns:0 frame:0
          TX packets:822 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:56759 (55.4 KiB)  TX bytes:56759 (55.4 KiB)

wlan0     Link encap:Ethernet  HWaddr D8:25:B0:00:57:45  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

I can get DHCP IP in the br-lan2. But PC1 can't get IP from port3.
br-lan1 and PC2 ping 172.30.0.137 failed.

root@ACU:~# ping 172.30.0.137
PING 172.30.0.137 (172.30.0.137): 56 data bytes

Why can't br-lan1 and PC2 ping 172.30.0.137 ? And why can't PC1 get IP from port1?

jeff · September 19, 2019, 3:25am

The driver only supports a limited table of VLANs, often 16 or 128. You’ll need to specify the vid explicitly rather than letting it default. Look at vid and pvid notes on the switch reference page.

eduperez · September 19, 2019, 6:12am

In the switch configuration section, you should add both the LAN ports (untagged) and the CPU port for eth1 (tagged) on each VLAN that you are creating.

Weng · September 19, 2019, 7:39am

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan1'
        option type 'bridge'
        option ifname 'eth1 eth0'
        option proto 'static'
        option ipaddr '172.30.0.139'
        option netmask '255.255.255.0'

config switch 'switch0'
        option reset '1'
        option enable_vlan '1'


config switch_vlan 'vlan178'
        option device 'switch0'
        option vlan '10'
        option vid '178'
        option ports '0t 1'

config switch_vlan 'vlan1'
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '0t 2 3 4'

And my computer can get the DHCP IP of VLAN178 from port 1 of eth1.
Lan1 can access to 172.30.0.137, but my computer (172.30.0.138) can't access to 172.30.0.137 from port 2 of eth1. Why?

ping 172.30.0.137
PING 172.30.0.137 (172.30.0.137): 56 data bytes
64 bytes from 172.30.0.137: seq=0 ttl=64 time=1.070 ms
64 bytes from 172.30.0.137: seq=1 ttl=64 time=0.879 ms
64 bytes from 172.30.0.137: seq=2 ttl=64 time=0.850 ms
64 bytes from 172.30.0.137: seq=3 ttl=64 time=0.979 ms
64 bytes from 172.30.0.137: seq=4 ttl=64 time=1.559 ms
64 bytes from 172.30.0.137: seq=5 ttl=64 time=0.905 ms

swconfig dev switch0 show

root@ACU:~# swconfig dev switch0 show
Global attributes:
        enable_vlan: 1
Port 0:
        pvid: 1
        link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
Port 1:
        pvid: 10
        link: port:1 link:up speed:100baseT full-duplex auto
Port 2:
        pvid: 1
        link: port:2 link:down
Port 3:
        pvid: 1
        link: port:3 link:up speed:100baseT full-duplex auto
Port 4:
        pvid: 1
        link: port:4 link:down
VLAN 1:
        vid: 1
        ports: 0t 2 3 4 
VLAN 10:
        vid: 178
        ports: 0t 1

And I have another question when I change switch configuration to this

config switch 'switch0'
        option reset '1'
        option enable_vlan '1'
config switch_vlan 'vlan178'
        option device 'switch0'
        option vlan '10'
        option vid '178'
        option ports '0t 1'
config switch_vlan 'vlan1'
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '0 2 3 4'

Why do the ports of VLAN1 and VLAN178 both become untagged?

root@ACU:~# swconfig dev switch0 show
Global attributes:
        enable_vlan: 1
Port 0:
        pvid: 1
        link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
Port 1:
        pvid: 10
        link: port:1 link:up speed:100baseT full-duplex auto
Port 2:
        pvid: 1
        link: port:2 link:down
Port 3:
        pvid: 1
        link: port:3 link:up speed:100baseT full-duplex auto
Port 4:
        pvid: 1
        link: port:4 link:down
VLAN 1:
        vid: 1
        ports: 0 2 3 4 
VLAN 10:
        vid: 178
        ports: 1

Weng · September 19, 2019, 7:45am

I have change the configuration following your suggestion. But there is still some problems.

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan1'
        option type 'bridge'
        option ifname 'eth1 eth0'
        option proto 'static'
        option ipaddr '172.30.0.139'
        option netmask '255.255.255.0'

config switch 'switch0'
        option reset '1'
        option enable_vlan '1'


config switch_vlan 'vlan178'
        option device 'switch0'
        option vlan '10'
        option vid '178'
        option ports '0t 1'

config switch_vlan 'vlan1'
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '0t 2 3 4'

And my computer can get the DHCP IP of VLAN178 from port 1 of eth1.
Lan1 can access to 172.30.0.137, but my computer (172.30.0.138) can't access to 172.30.0.137 from port 2 of eth1. Why?

ping 172.30.0.137
PING 172.30.0.137 (172.30.0.137): 56 data bytes
64 bytes from 172.30.0.137: seq=0 ttl=64 time=1.070 ms
64 bytes from 172.30.0.137: seq=1 ttl=64 time=0.879 ms
64 bytes from 172.30.0.137: seq=2 ttl=64 time=0.850 ms
64 bytes from 172.30.0.137: seq=3 ttl=64 time=0.979 ms
64 bytes from 172.30.0.137: seq=4 ttl=64 time=1.559 ms
64 bytes from 172.30.0.137: seq=5 ttl=64 time=0.905 ms

swconfig dev switch0 show

root@ACU:~# swconfig dev switch0 show
Global attributes:
        enable_vlan: 1
Port 0:
        pvid: 1
        link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
Port 1:
        pvid: 10
        link: port:1 link:up speed:100baseT full-duplex auto
Port 2:
        pvid: 1
        link: port:2 link:down
Port 3:
        pvid: 1
        link: port:3 link:up speed:100baseT full-duplex auto
Port 4:
        pvid: 1
        link: port:4 link:down
VLAN 1:
        vid: 1
        ports: 0t 2 3 4 
VLAN 10:
        vid: 178
        ports: 0t 1

And I have another question when I change switch configuration to this

config switch 'switch0'
        option reset '1'
        option enable_vlan '1'
config switch_vlan 'vlan178'
        option device 'switch0'
        option vlan '10'
        option vid '178'
        option ports '0t 1'
config switch_vlan 'vlan1'
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '0 2 3 4'

Why do the ports of VLAN1 and VLAN178 both become untagged?

root@ACU:~# swconfig dev switch0 show
Global attributes:
        enable_vlan: 1
Port 0:
        pvid: 1
        link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
Port 1:
        pvid: 10
        link: port:1 link:up speed:100baseT full-duplex auto
Port 2:
        pvid: 1
        link: port:2 link:down
Port 3:
        pvid: 1
        link: port:3 link:up speed:100baseT full-duplex auto
Port 4:
        pvid: 1
        link: port:4 link:down
VLAN 1:
        vid: 1
        ports: 0 2 3 4 
VLAN 10:
        vid: 178
        ports: 1

eduperez · September 19, 2019, 9:00am

Now you are bridging "eth0" with "eth1", why? You should bridge the VLAN interfaces, as you did before.

Weng · September 19, 2019, 9:29am

If I configure this way，br-lan1 can't access 172.30.0.137 and PC (connect to port3)can't access 172.30.0.137.

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan1'
        option type 'bridge'
        option ifname 'eth1.1 eth0.1'
        option proto 'static'
        option ipaddr '172.30.0.139'
        option netmask '255.255.255.0'

config interface 'lan2'
        option type 'bridge'
        option ifname 'eth1.178 eth0.178'
        option proto 'dhcp'

config switch 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan 'vlan178'
        option device 'switch0'
        option vlan '10'
        option vid '178'
        option ports '0t 1'
config switch_vlan 'vlan1'
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '0t 2 3 4'

trendy · September 19, 2019, 9:46am

Can the hosts connected on the LAN ports ping the router?
Are ARP entries correct? (arp)
Run a tcpdump and see if the packets enter and exit the correct interfaces.
I hope you are not running and firewall, like iptables/ebtables.

system · September 29, 2019, 9:46am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.