WAN port can't be assigned to VLANs on Fritz!Box 4040 (ipq40xx)

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi.

I'm not sure if I'm posting in the right category, feel free to move this topic.

I'm setting up VLANs on my Fritz!Box 4040 and the 5th port (WAN) doesn't seem to work with them at all.

My current /etc/config/network: https://pastebin.com/EtcxH1NS

I set up the 4th port (one of the LAN ones) as WAN (VLAN 11) for now (so my internet connection works) and added the problematic one to the LAN (VLAN 10).

Any device connected to this port can't communicate with the rest of the network. Every other port works as I intended.

Is this related to the ipq40xx switch being "weird"? I found some posts that suggest it's just awful with VLANs. Even the device page for the 4040 advises to "ignore" the WAN port and use the switch as a 4-port one. I was able to set up VLANs without any problems on the MIPS-based Archer C2, so that would explain it.

The device page also provides a "working" configuration, but I couldn't get it to work either. The port just doesn't work no matter the setup.

2

According to the device page, the WAN port is hard-wired to eth1. Did you try using that ifname?

config interface 'wan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.100.100'
        option gateway '192.168.100.1'
        list dns '9.9.9.9'
        list dns '1.1.1.1'
        list dns '8.8.8.8'
        option ifname 'eth1'

If you insist on the VLAN setup, it should look probably like this:

config interface 'wan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.100.100'
        option gateway '192.168.100.1'
        list dns '9.9.9.9'
        list dns '1.1.1.1'
        list dns '8.8.8.8'
        option ifname 'eth1.11'

config switch_vlan
        option device 'switch0'
        option vlan '11'
        option ports '0t 5'
        option vid '11'
1 Like
3

Regarding VLANs on the FB4040 there are alternatives to the official openwrt build:

Optimized build for IPQ40xx devices

Build for Fritzbox 4040, switch and LUCI working

Cheers,
Thomas

4

The /etc/network/config was just a minimal non-working example. I'll be recieving WAN from a trunk, so this won't work for my use-case.

The configuration you sent won't work for my use case, because I will be recieving WAN from a trunk (so basically yes, I do insist on using a VLAN setup). So yeah, I do insist on a VLAN setup.

I tried reusing eth1 as a non-VLAN LAN port by adding it to the LAN bridge though. This doesn't work - still no connection. It seems to only work when VLANs aren't set up - so basically the default configuration.

Here is a non-working /etc/network/config with the setup described above: https://pastebin.com/egNMkMQk. Perhaps I'm doing something wrong, and it does infact work.

Correct me if I'm wrong, but the only thing changed here is the WAN port being connected to the actual WAN, and not the LAN like in mine?

If yes, then again, mine was just an example.

In this config, the WAN port will stop working the same way as it does in mine, but instead of cutting out one computer used for testing, it will cut out the WAN connection.

I tested it. It was my initial setup before investigating the issue further and creating the topic here. Yes, it did cut out my internet connection. No, I didn't know what was the issue, and yes, I spent way too much time figuring out it's the WAN port that causes problems with VLANs.

5

I might try these, but I want my device to always work, so I'm a bit reluctant on custom builds.

The first one seems like it tries too hard to include everything that you might want, and I don't like this. The patches are nice, but who needs bash or syntax highlighting on a router? I guess somebody, but they can just install it from the repository. That's the point of software repositories.

Also, the 5th port is not critical, it just would be nice to get it working. And if it's just broken on official builds, are there any plans to fix it in a future release?

6

I just discovered something else. Before I just tried to connect to the router from a computer connected to the 5th port, so I assumed I can't communicate with the rest of the network.

I actually can connect to other computers from it, just not to the router (which means no routing, which means no internet connection for the machine).

Some diagnostics I ran:

192.168.1.1 (router):

root@rootr:~# ping -c 3 192.168.1.201
PING 192.168.1.201 (192.168.1.201): 56 data bytes
64 bytes from 192.168.1.201: seq=0 ttl=64 time=0.543 ms
64 bytes from 192.168.1.201: seq=1 ttl=64 time=0.405 ms
64 bytes from 192.168.1.201: seq=2 ttl=64 time=0.463 ms

--- 192.168.1.201 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.405/0.470/0.543 ms
root@rootr:~# ping -c 3 192.168.1.3
PING 192.168.1.3 (192.168.1.3): 56 data bytes

--- 192.168.1.3 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root@rootr:~#

192.168.1.201 (machine connected to one of the working LAN ports):

~ $ ping -c 3 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.391 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.379 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.305 ms

--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2027ms
rtt min/avg/max/mdev = 0.305/0.358/0.391/0.038 ms
~ $ ping -c 3 192.168.1.3
PING 192.168.1.3 (192.168.1.3) 56(84) bytes of data.
64 bytes from 192.168.1.3: icmp_seq=1 ttl=64 time=0.308 ms
64 bytes from 192.168.1.3: icmp_seq=2 ttl=64 time=0.360 ms
64 bytes from 192.168.1.3: icmp_seq=3 ttl=64 time=0.357 ms

--- 192.168.1.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2032ms
rtt min/avg/max/mdev = 0.308/0.341/0.360/0.023 ms
~ $

192.168.1.3 (test machine connected to the 5th port, manual IP configuration):

~ $ ping -c 3 192.168.1.201
PING 192.168.1.201 (192.168.1.201) 56(84) bytes of data.
64 bytes from 192.168.1.201: icmp_seq=1 ttl=64 time=0.245 ms
64 bytes from 192.168.1.201: icmp_seq=2 ttl=64 time=0.327 ms
64 bytes from 192.168.1.201: icmp_seq=3 ttl=64 time=0.309 ms

--- 192.168.1.201 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2025ms
rtt min/avg/max/mdev = 0.245/0.293/0.327/0.035 ms
~ $ ping -c 3 192.168.1.1  
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 192.168.1.3 icmp_seq=1 Destination Host Unreachable
From 192.168.1.3 icmp_seq=2 Destination Host Unreachable
From 192.168.1.3 icmp_seq=3 Destination Host Unreachable

--- 192.168.1.1 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2041ms
pipe 3
~ $

Any ideas on what could cause this?

EDIT: I should change the title... but I can't do that.

7

It's fixed in 21.02.

8

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.