VLAN wrong with "github.com" SOLVED

dktn · March 8, 2022, 3:03pm

I use P&WR619 128MB router. with original firmware I can brower website "github.com" and many other websites as normal:
this is my original network

tconfig interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd2b:3ff1:a2e7::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth1'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 0'

But when i creat Vlan then I can not brower 'github.com' ang that website say

This site can’t be reached

github.com refused to connect.

Try:

Checking the connection
Checking the proxy and the firewall
This is my netwok i create VLAN

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd2b:3ff1:a2e7::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.15.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'eth1.5'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth1.5'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0t 3 2 1'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option ports '0t 5'
	option vid '5'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 4'
	option vid '12'

config interface 'iptv'
	option proto 'static'
	option device 'eth0.12'
	option ipaddr '20.12.20.23'
	option netmask '255.0.0.0'

Only not login website "github.com" but other website i can brower as normal.
Please tel me how to do.
I have already add "list dns ' 8.8.8.8 ' at LAN.

eduperez · March 9, 2022, 8:58am

Well, for starters, 20.0.0.0/8 is not a private range, and you should not use internally.

dktn · March 9, 2022, 10:32am

That is iptv. The problem is when i creat vlan then i can not go github.com

slh · March 9, 2022, 12:23pm

And that still is a grave error by your ISP, unsurpringly:

NetRange:       20.0.0.0 - 20.31.255.255
CIDR:           20.0.0.0/11
NetName:        MSFT
NetHandle:      NET-20-0-0-0-1
Parent:         NET20 (NET-20-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Microsoft Corporation (MSFT)

Now with Microsoft being the owner of github, I wouldn't be surprised at all, if exactly that's the cause of your problem.

eduperez · March 9, 2022, 1:29pm

Why do you need to reach GitHub from your IPTV network...?

mk24 · March 9, 2022, 1:51pm

Change the br-lan port from eth0 to eth0.1. Plain eth0 sends untagged packets into the switch, which don't go anywhere since the LAN VLAN (1) is tagged.

I don't understand why you tried to move the WAN off of eth1 to a switched port (Is there a port 5 on the switch? The original configuration suggests there is not. What is the chipset in the router?) but having done that the wan device would now be eth0.5 not eth1.5. eth1 is a dedicated and direct link from the CPU to the "WAN" plug on the back of the router, it doesn't go through the switch.

As others said you're allocating public IPs internally, which will cause problems. The usual approach with IPTV boxes is to layer 2 bridge them back to the ISP router on the TV VLAN and let the ISP take care of their DHCP and routing directly.

dktn · March 9, 2022, 3:51pm

thanh you for your reply. that IP not private? I have checked this web https://rdpguard.com/free-whois.aspx?ip=10.12.20.27#

hnyman · March 9, 2022, 4:02pm

And then you have made a typo...

20.x.x.x instead of 10.x.x.x

dktn · March 9, 2022, 4:16pm

This is my specs router Target:
ipq40xx, arm_cortex-a7_neon-vfpv4, CPU:IPQ4019, Switch:QCA8075
I think ''5' is port for WAN, (CPU: 0, 4 Lans is 1 2 3 4). If i do not have '5' my router do not have internet.