VLAN pecularities

I have two openwrt routers with the flowing topology.

VDSL modem--[PPOE]-->openwrt R7800--[802.11Q ethernet trunk]-->openwrt repater B1300

I run the following VLANs:

  • VLAN 1: LAN on both routers
  • VLAN 2: Guest on both routers
  • VLAN 3: IoT on both routers
  • VLAN 255: to VDSL WAN on R7800

The R7800 is the only one with forwarding enabled, and it forwards all IP networks on VLAN 1 to 3 to WAN. The B1300 acquires a DHCP lease on each of these networks, LAN for admin and the other two for testing.

(1) The first peculiarity with the B1300 repeater is that the LUCI interface shows LAN 1 and LAN 2 but not the WAN port. This is minor as changing it from within UCI seems to work, but I was curious as to where LUCI/UCI finds the switch layout?

My experiments indicate that WAN is treated as eth1 on the same switch and this is where the trunked ethernet connection comes in.

(2) Now the second oddity is that that with the original config LAN and IOT turn up on B1300 via trunk (assigned to 192.168.1.0/24 and 192.168.3.0/24 respectively) but guest (192.168.2.0/24) doesn't. If I flip the VLAN assignment of guest and IOT is remains VLAN 2 that doesn't work (I just get Guest on it instead of IOT) and if I change VLAN 2 to VLAN 4 (as shown in screen shot above) it works. There is something odd about VLAN2, From the UCI and dmesg logs I can't see anything else using it. Using tcpdump and packet counts I can see b1300 sending out ICMP and DHCP requests, and I can see R7800 receiving them and replying to DHCP with an offer, but zero packets make it back to the VLAN 2 interface. Any ideas what might be happening here or how I can debug further?

(3) Now the final challenge I have is that I want VLAN 1 on B1300 extended to wired and wireless interfaces. My first attempt at this was to add VLAN 1 to both LAN 2 and WAN ports making eth0.1 and eth1.1 bridged. This works from a bridging perspective (wired clients on LAN 2) can see devices on lan, with the exception of the b1300 itself. That is from the wired device on LAN 2 I can ping the R7800 but not the B1300, even though it is connected to it.

From the config I actually sort of expect this, I can't listen to VLAN 1, I have to listen to it from an interface and I picked the WAN interface, e.g.

config interface 'lan'
	option type 'bridge'
	option ifname 'eth1.1'
	option proto 'dhcp'

My guess is that packets get bridged back to the R7800 but because they are not on the interface they are ignored. The R7800 will switch them to every port except the one arrived on. Make sense, so how can I fix? My obvious attempt to do this fails, with the eth0.1 seemingly ignored, my guess is just pushed it to the switch/hardware so no change.

config interface 'lan'
	option type 'bridge'
	option ifname 'eth1.1 eth0.1'
	option proto 'dhcp'

The only partial fix is to move LAN 2 to VLAN 7, and then bridge in software like this. It works but bridging is slightly unreliable (when I leave my device on LAN 2 for a long time it moves to local link mode). It also feels wrong!

config interface 'lan'
	option type 'bridge'
	option ifname 'eth1.1 eth0.7'
	option proto 'dhcp'

Is there a proper way to solve this problem? As far as I can see my R7800 does act as a I expect, whereby an interface allocated to eth1.x also covers eth0.x but I'm not 100% sure about that.

(4) Fianlly and this is a small question but I'm curious, when connecting the cable modem to R7800 seems to require a VLAN even though I never use it, as the VLAN is untagged on eth0. Does choosing a VLAN really make sense to bridge two ports on a router? Is this the right way of doing it?

I think the problems I experienced relate to this: IPQ40xx Switch Config "Strangeness"

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.