VLANs messed up after upgrade to 25.12 (unwanted bridges)

Installing and Using OpenWrt
1

Upgraded a Linksys E8450 from 24.10.5 to 25.12.0 and I am seeing additional (unwanted) bridges appearing yet I cannot see where they are coming from…

Before:

root@openwrt:~# bridge vlan show
port              vlan-id
lan1              10 PVID Egress Untagged
lan2              10 PVID Egress Untagged
lan3              20 PVID Egress Untagged
lan4              20 PVID Egress Untagged
wan               10
                  20
                  30
                  40
br0               10
                  20
                  30
                  40
wlan0-vlan40      40 PVID Egress Untagged
wlan0-vlan30      30 PVID Egress Untagged
wlan0-vlan20      20 PVID Egress Untagged
wlan0-vlan10      10 PVID Egress Untagged
wlan1-vlan40      40 PVID Egress Untagged
wlan1-vlan30      30 PVID Egress Untagged
wlan1-vlan20      20 PVID Egress Untagged
wlan1-vlan10      10 PVID Egress Untagged

root@openwrt:~# bridge link show
3: lan1@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100
4: lan2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 19
5: lan3@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 5
6: lan4@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 19
7: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 5
15: wlan0-vlan40: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
16: wlan0-vlan30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
17: wlan0-vlan20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
18: wlan0-vlan10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
21: wlan1-vlan40: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
22: wlan1-vlan30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
23: wlan1-vlan20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
24: wlan1-vlan10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100

That is 4 tagged VLANs (10, 20, 30, 40) for each of the wireless interfaces, all on br0. This works great.

After:

root@openwrt:~# bridge vlan show
port              vlan-id
lan1              10 PVID Egress Untagged
lan2              10 PVID Egress Untagged
lan3              20 PVID Egress Untagged
lan4              20 PVID Egress Untagged
wan               10
                  20
                  30
                  40
br0               10
                  20
                  30
                  40
wlan0-vlan40      1 Egress Untagged
                  40 PVID Egress Untagged
brvlan40          1 PVID Egress Untagged
wlan0-vlan30      1 Egress Untagged
                  30 PVID Egress Untagged
brvlan30          1 PVID Egress Untagged
wlan0-vlan20      20 PVID Egress Untagged
brvlan20          1 PVID Egress Untagged
wlan0-vlan10      10 PVID Egress Untagged
brvlan10          1 PVID Egress Untagged
wlan1-vlan40      40 PVID Egress Untagged
wlan1-vlan30      30 PVID Egress Untagged
wlan1-vlan20      20 PVID Egress Untagged
wlan1-vlan10      10 PVID Egress Untagged

root@openwrt:~# bridge link show
3: lan1@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100
4: lan2@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100
5: lan3@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100
6: lan4@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100
7: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 5
16: wlan0-vlan40: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master brvlan40 state forwarding priority 32 cost 100
18: wlan0-vlan30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master brvlan30 state forwarding priority 32 cost 100
20: wlan0-vlan20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
22: wlan0-vlan10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
25: wlan1-vlan40: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
26: wlan1-vlan30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
27: wlan1-vlan20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
28: wlan1-vlan10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100

Notice the brvlan10 and friends that have now appeared, and they have “captured” some of the wireless VLAN interfaces (e.g. entry 16 above now has master brvlan40)

Running grep brvlan40 /etc/config/* returns nothing.

The relevant config entries:

root@openwrt:~# cat /etc/config/network

<snipped loopback>

config device
        option type 'bridge'
        option name 'br0'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan'

config bridge-vlan
        option device 'br0'
        option vlan '10'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'wan:t'

config bridge-vlan
        option device 'br0'
        option vlan '20'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan:t'

config bridge-vlan
        option device 'br0'
        option vlan '30'
        list ports 'wan:t'

config bridge-vlan
        option device 'br0'
        option vlan '40'
        list ports 'wan:t'

config device
        option name 'br0.10'
        option type '8021q'
        option ifname 'br0'
        option vid '10'

config device
        option name 'br0.20'
        option type '8021q'
        option ifname 'br0'
        option vid '20'

config device
        option name 'br0.30'
        option type '8021q'
        option ifname 'br0'
        option vid '30'

config device
        option name 'br0.40'
        option type '8021q'
        option ifname 'br0'
        option vid '40'

config interface 'lan'
        option device 'br0.10'
        option proto 'dhcp'
        option delegate '0'

config interface 'lan6'
        option device 'br0.10'
        option proto 'dhcpv6'
        option delegate '0'

config interface 'vlan10'
        option device 'br0.10'
        option proto 'none'
        option delegate '0'

config interface 'vlan20'
        option device 'br0.20'
        option proto 'none'
        option delegate '0'

config interface 'vlan30'
        option device 'br0.30'
        option proto 'none'
        option delegate '0'

config interface 'vlan40'
        option device 'br0.40'
        option proto 'none'
        option delegate '0'

root@openwrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/18000000.wmac'
        option channel '11'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'
        option country 'US'
        option background_radar '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel 'auto'
        option band '5g'
        option htmode 'HE80'
        option cell_density '0'
        option country 'US'
        option background_radar '1'
        option he_su_beamformee '1'
        option he_bss_color '32'

config wifi-iface 'wifinet0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'FOO'
        option encryption 'psk2+ccmp'
        option key 'donotuse'
        option ifname 'wlan0'
        option multicast_to_unicast_all '1'

config wifi-iface 'wifinet1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'FOO'
        option encryption 'psk2+ccmp'
        option key 'donotuse'
        option ifname 'wlan1'
        option multicast_to_unicast_all '1'

config wifi-vlan
        option name 'vlan10'
        option network 'vlan10'
        option vid '10'

config wifi-station
        option key 'BAR10'
        option vid '10'

config wifi-vlan
        option name 'vlan20'
        option network 'vlan20'
        option vid '20'

config wifi-station
        option key 'BAR20'
        option vid '20'

config wifi-vlan
        option name 'vlan30'
        option network 'vlan30'
        option vid '30'

config wifi-station
        option key 'BAR30'
        option vid '30'

config wifi-vlan
        option name 'vlan40'
        option network 'vlan40'
        option vid '40'

config wifi-station
        option key 'BAR40'
        option vid '40'
2

Try deleting all of the 802.1q stanzas (they're not needed):

3

Using the older brctl if that’s more helpful

Before:

root@openwrt1:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             7fff.e89f80e3c329       no              lan4
                                                        lan2
                                                        wan
                                                        wlan0-vlan40
                                                        wlan0-vlan30
                                                        wlan1-vlan40
                                                        wlan0-vlan20
                                                        wlan1-vlan30
                                                        wlan0-vlan10
                                                        wlan1-vlan20
                                                        lan3
                                                        wlan1-vlan10
                                                        lan1

After:

root@openwrt:~# brctl show
bridge name     bridge id               STP enabled     interfaces
brvlan30                8000.d8ec5ede5ae7       no              wlan0-vlan30
brvlan20                8000.000000000000       no
brvlan10                8000.000000000000       no
br0             7fff.d8ec5ede5ae6       no              lan4
                                                        lan2
                                                        wan
                                                        wlan1-vlan40
                                                        wlan0-vlan20
                                                        wlan1-vlan30
                                                        wlan0-vlan10
                                                        wlan1-vlan20
                                                        lan3
                                                        wlan1-vlan10
                                                        lan1
brvlan40                8000.d8ec5ede5ae7       no              wlan0-vlan40

One can see wlan0-vlan30 is on brvlan30, but wlan1-vlan30 is on br0 for example…

4

Deleted them, but the bridges are still present:

root@openwrt1:~# bridge link show
3: lan1@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100
4: lan2@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100
5: lan3@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100
6: lan4@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100
7: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 5
16: wlan0-vlan40: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master brvlan40 state forwarding priority 32 cost 100
18: wlan0-vlan30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master brvlan30 state forwarding priority 32 cost 100
20: wlan0-vlan20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
22: wlan0-vlan10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
25: wlan1-vlan40: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
26: wlan1-vlan30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
27: wlan1-vlan20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
28: wlan1-vlan10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100

e.g. device 16 is master brvlan40 still

5

I have a theory something changed with hostapd, specifically how the dynamic VLAN configuration is now working with bridges.

6

Before:

root@openwrt:~# grep vlan /tmp/run/hostapd-wl0.conf
dynamic_vlan=0
vlan_naming=1
vlan_no_bridge=1
vlan_file=/var/run/hostapd-wlan0.vlan

After:

root@openwrt:~# grep vlan /tmp/run/hostapd-wl0.conf
dynamic_vlan=0
vlan_file=/var/run/hostapd-wlan0.vlan

Several bits of configuration are not being passed on as can be seen above.

7

Probably a hack, but adding this for each interface seems to have fixed things

config wifi-iface 'wifinet0'
    option hostapd_bss_options 'vlan_no_bridge=1'

(Perhaps there’s a bug in /usr/share/ucode/wifi/ap.uc ??)

8

You could try option dynamic_vlan '2' instead, as described in https://github.com/openwrt/openwrt/issues/21862#issuecomment-3937435999

1 Like
9

This also works. Pretty sure there’s a regression in the new ucode wifi-scripts as part of this release.

10

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.