I’m not an expert on ipv6 things, but the config files will be required to troubleshoot, so those should be your first priority. Post the config files from the openwrt device. (As far as the config from FT, that is likely not something I can help with - we will have to work with the openwrt side first and then if there are still problems, you may need to ask the ft community for help on that other device)
I did switch to OpenWrt on the Linksys because it seemed to work with IPv6... and then it didn't. So here are both:
WAX202
-----------------------------------------------------
OpenWrt 22.03.3, r20028-43d71ad93e
-----------------------------------------------------
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fded::::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
config device
option name 'lan1'
option macaddr ':::::'
config device
option name 'lan2'
option macaddr ':::::'
config device
option name 'lan3'
option macaddr ':::::'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.3.1'
option device 'br-lan'
config device
option name 'wan'
option macaddr ':::::'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option broadcast '1'
option metric '10'
option type 'bridge'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option metric '30'
option type 'bridge'
config device
option type '8021q'
option ifname 'lan1'
option vid '9'
option name 'lan1.9'
config interface 'wanb'
option proto 'dhcp'
option device 'lan1.9'
option metric '20'
option type 'bridge'
config interface 'wanb_6'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option device 'lan1.9'
option metric '40'
option type 'bridge'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'wan6'
option interface 'wan6'
option ignore '1'
config host
option name '...'
option duid '...'
option mac ':::::'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
option flow_offloading_hw '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'wanb'
list network 'wanb_6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
E3200
-----------------------------------------------------
OpenWrt 22.03.3, r20028-43d71ad93e
-----------------------------------------------------
root@Linksys_OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd9f::::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.3.2'
option gateway '192.168.3.1'
list dns '192.168.3.1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option description 'Home_Network'
option ports '0 1 2 3 8t'
config switch_vlan
option device 'switch0'
option vlan '9'
option description 'Cable_Modem'
option ports '3t 4 8t'
root@Linksys_OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@Linksys_OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
Edit: One more thing....
I've got the IPv6 working. I just changed which browser I went to the test sites in. So silly.
There are multiple issues with the configuration on the WAX202 device.
Remove the option type 'bridge' lines from below.
Delete this
Then add this instead:
config bridge-vlan
option device 'br-lan'
option vlan '9'
list ports 'lan1:t'
And now remove the bridge lines from here, too:
Won't that completely destroy the mwan3 setup?
Also is this configurable under Luci? It didn't seem to be. I guessed about that configuration and when I came back and followed the YouTube vid on mwan3 setup, they did that as well.
`config bridge-vlan
option device 'br-lan'
option vlan '9'
list ports 'lan1:t'`
We're removing an incorrect method of VLAN tagging (i.e. from the days of swconfig) and replacing it with the new method for DSA. It shouldn't break it.
To be on the safe side, make a backup first... you can always restore the backup if things go south.
Okay, I'll try later, but it doesn't look like it deletes all the WAN interfaces... so what would be left?
Also, this doesn't add back the VLAN1 tag on port LAN1, which seems like it should be there.
All we're doing with VLAN 9 is setting it up correctly as tagged on port lan1.
but... I actually noticed there is another thing that needs to be fixed.
In addition to removing the bridge, change the device to 'br-lan.9'
It doesn't need to be... in fact, VLAN 1 is not tagged on the other side. We can make it tagged, but it must match on both sides. Do you want to do that?
At first it seemed to work okay, but when the 'marked for deletion' devices finally deleted, I lost all internet.
The new lan1.9 doesn't seem to be attached to anything. No MAC address, no MTU, nothing.
I'm also only showing LAN (br-lan) with no WAN interfaces. I had to recreate at least one WAN to make this post.
Also:
- MultiWAN Manager / Interfaces says 'No Interface Metric Set' for all four WAN sources. I don't know if that's important or not. There seems to be no way to set that in Luci with this setup. Is it necessary?
- As far as the VLAN1 tag, that's just me figuring a trunk should carry tagged packets. 9 for WANb and 1 for LAN.
The thing is, I have found that tagging port 4 with a VID of 1 stopped devices from communicating... but maybe the changes you suggested would fix that (?)
Correct. It should be option device 'br-lan.9' for wanb and wanb_6. Your regular wan should be option device 'wan'
Oooh. You meant delete the 'option type 'bridge'' line and replace "option device 'lan1.9'" with "option device 'br-lan.9'" not delete the interfaces completely.
Since br-lan already exists and then you have it used as the device in the interface for wanb(6).
Interesting that Luci can't do this.
the below device should just be br-lan. The bridge-vlan definition takes a device (br-lan) and adds the vlan (br-lan --> br-lan.9).
It should look like this:
config bridge-vlan
option device 'br-lan'
option vlan '9'
list ports 'lan1:t'
LuCI and command line edits are normally the same... LuCI is just a front end. However, I nomally describe edits to the text files directly because of two things:
- fewer steps "delete this section" or "modify to this" (and I can give examples). LuCI would have directions like "go here > there > this other thing > click that, then go to this net thing > find this field > enter that value... etc."
- In some cases, it's hard to find a specific thing in LuCI... in particular, I have no idea where that
option type 'bridge'that we discussed earlier actually came from. There was another thread I was working on yesterday where the user must have added it via LuCI, but I looked aorund and couldn't figure out how. But I know that the type bridge should not be in the network stanza... it can be deleted really easily with a text editor.
Mmm. No there's something wrong there. I tried it proper and it locked up the router.
It wouldn't revert the settings either. Tried it twice, it happened both times.
let's see the latest network config file.
Can't. I have to do a reset, so whatever goes wrong is gone.
bridge-vlan comes up as a VLAN (802.1q) device in luci, but there is also a "bridge device" setting.
Tested the latter and found I had to name it br-lanb since br-lan already exists it throws an error. After I tagged it as VID9 and applied, a br-lanb.9 was added as well. In the config file, it turns up as:
config device
option type 'bridge'
list ports 'lan1'
option name 'br-lanb'
config bridge-vlan
option device 'br-lanb'
option vlan '9'
list ports 'lan1:t'
It looks like what you might have been going for, but connecting to the software vlan of br-lanb.9 results in 'Network device is not present'.
Let's try this... try resetting to defaults and then post your default network config file here. I'll make some adjustments and then you can copy those back into the router.
Unless there is something strange about the WAX202, this should work based on the DSA tutorial.
(FWIW, there are some devices and chipsets that do act strangely with VLANs)
I've been through something similar to this trying to get a wan and lan connection into a ceiling space where there was only a wan cable going from the ceiling to the router and no option for a second cable. I gave up on trying to setup vlans with Openwrt (this was on a Mikrotik router), everytime I tried to setup tagged ports on a vlan it would lose the wan connection. I ended up setting up a couple of Netgear GS305 switches with lan and wan vlans trunked between them and it worked perfectly.
Edit: I think my issue was related to this thread "IPQ40xx Switch Config “Strangeness”" as the Mikrotik uses that switch chip.
Oh, what you're trying to do is Multiple networks using VLAN tagging (number 4 here: https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial#multiple_networks_using_vlan_tagging).
Then there needs to also be this or it isn't a trunk:
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
Wow, I've now been doing this too long. I can do the same thing by just going into my existing br-lan device, going to Bridge VLAN filtering, and check the boxes.
It seems like the old switch method, but probably more solid than what I'm doing. It's also very similar to what I already have, but I had dropped the lan1.1 when I decided to untag it.
I'll see how that works later.
So much time burned up on this. I even installed swconfig for a bit to try that method (with no luck).
I realize my setup isn't right thanks to psherman's pointers and obvious issues when using the network. The load balancing does increase speeds, but there are weird lags with connections, I've found some streaming issues, hiccups in LAN and internet connections, and it just doesn't feel right.
I suspect it's because VLAN1, local content was untagged on the trunk. It's why I was willing to try some of these alternatives.
So what I've settled on at the moment, thanks to everything I've learned:
The Linksys is back to using Fresh Tomato, only because I now know how to get it working properly, the interface is nicer, and it supports the wifi antenna, unlike OpenWrt.
I realized when I tried the 802.1q device of lan1.1 on the WAX202 it choked everything because it tags the packets even though the Linksys wasn't set for it (turning on tagging on the LS caused problems at that end).
Doing it 'right' with DSA just doesn't seem compatible with the WAX202. Every time I tried, either with LucI or PuTTY things went horribly wrong.
zBlah blah blah, here's what I've got and it's working. At least one bug I know of is fixed, which gives me hope. I'll see how the rest goes over the next few days, but I'm still open to suggestions.
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fded::::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1.1'
list ports 'lan2'
list ports 'lan3'
config device
option name 'lan1'
option macaddr ':::::'
config device
option name 'lan2'
option macaddr ':::::'
config device
option name 'lan3'
option macaddr ':::::'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.3.1'
option device 'br-lan'
config device
option name 'wan'
option macaddr ':::::'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option broadcast '1'
option metric '10'
option type 'bridge'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option metric '30'
option type 'bridge'
config device
option type '8021q'
option ifname 'lan1'
option vid '9'
option name 'lan1.9'
config interface 'wanb'
option proto 'dhcp'
option device 'lan1.9'
option metric '20'
option type 'bridge'
config interface 'wanb_6'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option device 'lan1.9'
option metric '40'
option type 'bridge'
config device
option type '8021q'
option ifname 'lan1'
option vid '1'
option name 'lan1.1'
Edit: The 'option type 'bridge'' which was suggested I delete was added by LucI. What does that do and does removing it help anything?
Mixing dsa and swconfig will not work. And it seems you’re still trying to create lan1.9.
Dsa syntax needs to use the creation of a bridge vlan such that you get br-lan.9 as I have shown a few times. Anything else will just not work. Your current config is not valid, as far as I can tell.
The thing is, those lan1.9 and lan1.1 are created by LuCI by going to Devices/Add device configuration, and then selecting the device type as VLAN (802.1) instead of bridge device.
While a bridge device seems to do the same thing all in one place by using the bridge vlan filtering tab, as opposed to individual VLAN tagging for each port/VID like I'm doing, as soon as I try to use the VLAN filtering of a bridge, it just fails.
Setting them up via PuTTY locks me out of the router and I have to do a hard reset. Making it in LuCI results in the error that it couldn't confirm the applying and wants to revert the change.
I just don't think the WAX202 supports DSA. At least how it's setup in OpenWrt.
As far as swconfig in OpenWrt... you're right, that doesn't do anything. After doing some manually, I did figure out how to trick LuCI into making the settings appear, but it gives the error that the ports have an unknown topology. Probably why it does nothing.
The picture at the bottom of my post above is the Linksys running FreshTomato to perform 802.1q tagging (not swconfig). When Linksys was running OpenWrt, the firmware included swconfig and not DSA.
I'd feel better doing all this properly, but it just doesn't function. I suppose I could just use some managed switches and skip using OpenWrt, but (at the moment) things seem to be mostly functional.