VLAN on WAN not working?

Hi all,

I've setup VLAN on my Archer C7 (so with a built-in switch) and it was quite easy as I already knew what VLANs are and how they are working.

Now I wanted an Access Point (Netgear EX6150, OpenWRT 18.06.4) to open several WLAN networks and bridge them with the VLANs on the WAN port. But I can't get the EX6150 talking with me over tagged ethernet frames.

This is the /etc/config/network:

config globals 'globals'
	option ula_prefix 'fdb2:1fae:ec80::/48'


config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.4'
	option proto 'static'
	option ipaddr '10.0.0.3'
	option netmask '255.255.255.0'

config interface 'mgmt'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option ipaddr '10.255.0.3'
	option netmask '255.255.255.0'

config interface 'guests'
	option type 'bridge'
	option ifname 'eth0.5'
	option proto 'static'
	option ipaddr '192.168.77.2'
	option netmask '255.255.255.0'

All I can do is talk to 10.255.0.3, i.e. the br-mgmt, because this one is getting the untagged frames. This is the output of ip a:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-mgmt state UP qlen 1000
    link/ether B0:B9:8A:AA:BB:CC brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b2b9:8aff:aaaa:bbbb/64 scope link 
       valid_lft forever preferred_lft forever
12: br-guests: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether B0:B9:8A:AA:BB:CC brd ff:ff:ff:ff:ff:ff
    inet 192.168.77.2/24 brd 192.168.77.255 scope global br-guests
       valid_lft forever preferred_lft forever
    inet6 fe80::b2b9:8aff:aaaa:bbbb/64 scope link 
       valid_lft forever preferred_lft forever
13: eth0.5@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-guests state UP qlen 1000
    link/ether B0:B9:8A:AA:BB:CC brd ff:ff:ff:ff:ff:ff
14: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether B0:B9:8A:AA:BB:CC brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.3/9 brd 10.127.255.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fe80::b2b9:8aff:aaaa:bbbb/64 scope link 
       valid_lft forever preferred_lft forever
15: eth0.4@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether B0:B9:8A:AA:BB:CC brd ff:ff:ff:ff:ff:ff
16: br-mgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether B0:B9:8A:AA:BB:CC brd ff:ff:ff:ff:ff:ff
    inet 10.255.0.3/24 brd 10.255.0.255 scope global br-mgmt
       valid_lft forever preferred_lft forever
    inet6 fe80::b2b9:8aff:aaaa:bbbb/64 scope link 
       valid_lft forever preferred_lft forever
17: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether B0:B9:8A:AA:BB:CC brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b2b9:8aff:fe6e:bf40/64 scope link 
       valid_lft forever preferred_lft forever
18: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether B0:B9:8A:AA:BB:CD brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b2b9:8aff:aaaa:bbbc/64 scope link 
       valid_lft forever preferred_lft forever

What I recognized is that all interfaces except wlan1 have the same MAC address, which is different on my Archer C7. But AFAIK the same address can be used in several VLANs, so this should be no error.

I tried pinging, had a look at the traffic with wireshark, but really nothing is happening there: ifconfig on my side as well as on the EX6150 say that no packet was received at all on the VLAN interfaces, although many packets have been sent.

What am I doing wrong?

Best,
Jonny007

I don’t see your switch config. Have you added the VLANs there?

I have run several Archer C7v2 with all tagged VLANs on the “WAN” port without issue.

1 Like

Hi Jeff,

on the Archer C7 I have a switch config and it is working, but the EX6150 has no switch.

Thanks,
Jonathan

You don't define wlan interface in your bridges. Only lan defaults to Wi-Fi.

Hi Pilot6,

I haven't created the wlan interfaces because I wanted to make the wan port work first. Now that I have created them, there is still no 802.1q traffic on the wan port :frowning:

Best regards,
Jonathan

Don't use plain eth0. Tag all the VLANs. Combining tagged and untagged packets on the same cable isn't always well supported on consumer equipment.

1 Like

Hi mk24,

I have set all interfaces to use vlans, but there is still an eth0 with an ipv6 link-local address that I can connect to and the normal interface don't work.

/etc/config/network

config globals 'globals'
	option ula_prefix 'fdb2:1fae:ec72::/48'


config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.4'
	option proto 'static'
	option ipaddr '10.0.0.3'
	option netmask '255.128.0.0'

config interface 'mgmt'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '10.255.0.3'
	option netmask '255.255.255.0'

config interface 'guests'
	option type 'bridge'
	option ifname 'eth0.5'
	option proto 'static'
	option ipaddr '192.168.77.2'
	option netmask '255.255.255.0'
ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether b0:b9:8a:aa:bb:cc brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b2b9:8aff:aabb:ccdd/64 scope link 
       valid_lft forever preferred_lft forever
17: br-guests: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether b0:b9:8a:aa:bb:cc brd ff:ff:ff:ff:ff:ff
    inet 192.168.77.2/24 brd 192.168.77.255 scope global br-guests
       valid_lft forever preferred_lft forever
    inet6 fe80::b2b9:8aff:aabb:ccdd/64 scope link 
       valid_lft forever preferred_lft forever
18: eth0.5@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-guests state UP qlen 1000
    link/ether b0:b9:8a:aa:bb:cc brd ff:ff:ff:ff:ff:ff
19: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether b0:b9:8a:aa:bb:cc brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.3/9 brd 10.127.255.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fe80::b2b9:8aff:aabb:ccdd/64 scope link 
       valid_lft forever preferred_lft forever
20: eth0.4@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether b0:b9:8a:aa:bb:cc brd ff:ff:ff:ff:ff:ff
21: br-mgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether b0:b9:8a:aa:bb:cc brd ff:ff:ff:ff:ff:ff
    inet 10.255.0.3/24 brd 10.255.0.255 scope global br-mgmt
       valid_lft forever preferred_lft forever
    inet6 fe80::b2b9:8aff:aabb:ccdd/64 scope link 
       valid_lft forever preferred_lft forever
22: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mgmt state UP qlen 1000
    link/ether b0:b9:8a:aa:bb:cc brd ff:ff:ff:ff:ff:ff
23: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether b0:b9:8a:aa:bb:cc brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b2b9:8aff:aabb:ccdd/64 scope link 
       valid_lft forever preferred_lft forever
24: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether b0:b9:8a:6e:bf:42 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b2b9:8aff:aabb:ccef/64 scope link 
       valid_lft forever preferred_lft forever
25: wlan0-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-guests state UP qlen 1000
    link/ether b2:b9:8a:aa:bb:cc brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b0b9:8aff:aabb:ccde/64 scope link 
       valid_lft forever preferred_lft forever
26: wlan0-2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mgmt state UP qlen 1000
    link/ether b6:b9:8a:aa:bb:cc brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b4b9:8aff:aabb:ccdf/64 scope link 
       valid_lft forever preferred_lft forever
27: wlan1-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-guests state UP qlen 1000
    link/ether b2:b9:8a:aa:bb:cc brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b0b9:8aff:aabb:ccee/64 scope link 
       valid_lft forever preferred_lft forever
28: wlan1-2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-guests state UP qlen 1000
    link/ether b6:b9:8a:aa:bb:cc brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b4b9:8aff:aabb:cced/64 scope link 
       valid_lft forever preferred_lft forever

Today I have reset my device and done more testing, but probably the IPQ40xx in there is doing weird things with VLANs:

Thanks for all your help!

Now I found the solution here:

The trick is to add the switch vlan config in /etc/config/network:

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '0t 4t'

config switch_vlan
        ### repeat for each vlan ###

and then to use eth0.X as physical device in the interface.

Best regards,
Jonny007

Also see

Correct, VLAN 1 is also not working for me, so I have to use another one.
Thanks!

1 Like