WRT3200ACM (v21.2.0) - 2 bridge devices with different switch ports not working

Hi

I have updated to the new version. Actually already 2 weeks ago or whenever it came out for WRT3200ACM. I've had a few problems since then, especially with wifi. Yesterday I decided to try a reboot.

I don't care about wireless at the moment. My problem now is that I can't use the switch ports for my proxmox server.
See attached screenshots:

br-lan921×425 25.7 KB

br-proxmox935×441 23.8 KB

network1031×298 44.7 KB

I just did a reset and decided to redo everything from scratch because there may be some merge issues from 19 to 21. But the problem still exists. When I set them back to br-lan, they are back on.

I followed the dsa mini tutorial. Seems good to me.

Did I miss anything else?

Thanks

Edit:
I switched to lan for the proxmox server. That's fine for now. But I still have problems with the WLAN 2.4GhZ (only). And of course the second bridge doesn't work.
Either the router is failing or dsa seems to be a little buggy.

Edit2:
Ok wifi seems to be working again. I changed the channel to auto, with to 20MHz and allow legacy b rates.
Now the bridges

Edit 3:
Some logs:
syslog

Wed Sep 22 14:10:23 2021 daemon.err odhcpd[2257]: Failed to send to ff02::1%proxmox@br-proxmox (Bad file descriptor)
Wed Sep 22 14:06:06 2021 kern.err kernel: [ 2174.486560] mv88e6085 f1072004.mdio-mii:00: p0: hw VLAN 1 already used by port 2 in br-lan
Wed Sep 22 14:06:06 2021 kern.err kernel: [ 2174.533592] mv88e6085 f1072004.mdio-mii:00 lan4: failed to initialize vlan filtering on this port
Wed Sep 22 14:06:06 2021 kern.info kernel: [ 2174.551414] proxmox: port 1(lan4) entered blocking state
Wed Sep 22 14:06:06 2021 kern.info kernel: [ 2174.556771] proxmox: port 1(lan4) entered disabled state

kernel

[ 2172.123900] mv88e6085 f1072004.mdio-mii:00 lan3: configuring for phy/gmii link mode
[ 2172.136617] 8021q: adding VLAN 0 to HW filter on device lan3
[ 2172.142727] proxmox: port 1(lan3) entered blocking state
[ 2172.148165] proxmox: port 1(lan3) entered disabled state
[ 2172.163865] mv88e6085 f1072004.mdio-mii:00: p1: hw VLAN 1 already used by port 2 in br-lan
[ 2172.212775] mv88e6085 f1072004.mdio-mii:00 lan3: failed to initialize vlan filtering on this port
[ 2172.233289] proxmox: port 1(lan3) entered blocking state
[ 2172.238625] proxmox: port 1(lan3) entered disabled state

So I tried to change port 3 and 4 - vlan (12). Which doesn't change anything.
By the way, this is also a problem. I can't press the save button. I then have to press dismiss, save and apply. But then I get several vlans that I have to delete to end up with only one ID. And then I can only save it.

There is even no device anymore. I've created also another bridge. Same thing.

proxmox-device_not_present965×117 16.5 KB

network

config interface 'proxmox'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '64'
        list dns '192.168.1.1'
        option ipaddr '192.168.1.1'
        option device 'br-proxmox'

config device
        list ports 'lan3'
        list ports 'lan4'
        option type 'bridge'
        option name 'br-proxmox'

config bridge-vlan
        option device 'br-proxmox'
        option vlan '12'
        list ports 'lan3:t'
        list ports 'lan4:t'

option device 'br-promox.12'

Thanks, but I have deleted vlan. Tried to do it again but now I can't even create a vlan. It is not saved.

Edit:
Now it worked

proxmox-vlan915×574 30.9 KB

Same problem

Did you do this only for the interface device settings and not in the actual device?

With DSA you need to first specify L2 settings (hardware routing) with the device (and vlan if you use that). Then the interface comes on L3 level settings (software routing) and there you need to specify what L2 hardware to use.

A general sidenote. If you use VLAN there is no meaning of using multiple devices. Instead you do one single device with all ports and then split them up as you want with VLAN settings. And then connect your interfaces to the corresponding VLANs.

config interface 'proxmox'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '64'
        list dns '192.168.1.1'
        option ipaddr '192.168.1.1'
        option device 'br-proxmox.12'

Like this. That would mean to the computer to connect the interface proxmox to the device called proxmox and use vlan 12 in that device.

First of all, thank you! I think I understand it now.

This means that I don't actually need 2 bridges. Instead, there will only be the br-lan with all ports. Create 2 vlans on this bridge. One for proxmox - the first 2 ports and the other ports (3&4) for lan?
Then another device VLAN with ID 12 (proxmox) and finally add this to the proxmox interface, same for lan.

I don't have time to try this out now, but this sounds right to me.
Why wouldn't it be possible to create 2 bridges instead?

Then another device VLAN with ID 12 (proxmox)

If I understand your post correctly you say you create two vlans (lan and proxmox) first and the you want to make this 3!? vlan. You don't need this third vlan if you already have done the vlan.

It is possible but you won’t get anything in performance with multiple devices and also using vlan filtering since vlan does the same function.
DSA only has support for a single cpu core anyway so everything goes into the same hole on the wrt3200acm. The old swconf used both cores for this router.

If you want to go all in and convert from swconf to DSA.
You don’t need the little br- add-on text for the actual function with DSA unless you like it for personal use. That text is a relic from swconf where it was auto added on bridged interfaces to make the system work. With DSA the device is a specified bridge (in this case) type already in device settings on L2 level.

Your example I would do like this, I added a lan interface for reference.

config interface 'proxmox'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '64'
        list dns '192.168.1.1'
        option ipaddr '192.168.1.1'
        option device 'proxmox.12'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '64'
        list dns '192.168.1.1'
        option ipaddr 'xxx.yyy.z.n'
        option device 'proxmox.1'

config device
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        option type 'bridge'
        option name 'proxmox'

config bridge-vlan
        option device 'proxmoxo'
        option vlan '1'
        list ports 'lan1:t' 
        list ports 'lan2:t'

config bridge-vlan
        option device 'proxmox'
        option vlan '12'
        list ports 'lan3:t'
        list ports 'lan4:t'

If I write it like this it is maybe easier to recognize the routing hierarchy. First the L2 level is defined and the device is created, then vlans are defined in the device.
And then the interfaces with some nice name is defined at L3 level.
Here I call the device as switch to point out what it does.

# L2 level config starts here.
config device
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        option type 'bridge'
        option name 'switch'

config bridge-vlan
        option device 'switch'
        option vlan '1'
        list ports 'lan1:t' 
        list ports 'lan2:t'

config bridge-vlan
        option device 'switch'
        option vlan '12'
        list ports 'lan3:t'
        list ports 'lan4:t'

# L2 level config finished.

# L3 level config starts here.

config interface 'proxmox'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '64'
        list dns '192.168.1.1'
        option ipaddr '192.168.1.1'
        option device 'switch.12'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '64'
        list dns 'xxx.yyy.z.n'
        option ipaddr 'xxx.yyy.z.n'
        option device 'switch.1'

# L3 level config finished.

Nah, actually I created only 2 bridges and gave them each 2 ports. After that I tried a bit with VLAN, but that was wrong.

Interesting. Then why the change?

I will test it again tomorrow. But once again with a new installation.

Thank you!

Configure a WiFi AP and log in by WiFi so you don't lose access while configuring the Ethernet.

A port can only be in one bridge. When you want multiple networks to egress tagged packets on the port, that has to be done with bridge-vlans inside the same single bridge that owns the port. Trying to use multiple bridges will break the switching directly between ports.

Attach VLANed bridges to CPU networks with bridgename.vlannumber. This is one of only two places that .vlannumber notation is valid in DSA. The other is using an unbridged port directly as a network device e.g. wan.35 for an ISP that requires tagged packets.

Properly configured DSA will still use hardware switching when possible. Ethernet to Ethernet traffic travels within the switch at line speed with no CPU activity.

I believe a reference to CPU-port, there is only one currently in play with the current DSA implementation, see PR4036 for a WIP.

Actually that happened again post 3. Not sure why I can't do that on luci.

So I followed @flygarn12 advice post 7 and it seems to work so far - more or less.

interfaces-new971×312 41.9 KB

vlans889×443 25.5 KB

My problem now is that dhcp or so does not work. Nothing can connect through the ports.

Thu Sep 23 19:19:49 2021 kern.info kernel: [ 2542.975732] mv88e6085 f1072004.mdio-mii:00 lan2: Link is Up - 100Mbps/Full - flow control rx/tx
Thu Sep 23 19:19:49 2021 kern.info kernel: [ 2542.984491] br-lan: port 2(lan2) entered blocking state
Thu Sep 23 19:19:49 2021 kern.info kernel: [ 2542.989744] br-lan: port 2(lan2) entered forwarding state
Thu Sep 23 19:19:49 2021 daemon.notice netifd: Network device 'lan2' link is up

By the way, this is a new installation. Just a little bit of this and that restored. Nothing major.

Wlan has no issues.

That blocking state, forward state and link is up kernel info seems to be what we get nowadays with 21.02. Also most of my free standing switches say exactly the same everytime some client makes a rj45 connection.
I don’t think it a actual fault, just a lot of log info.

Did you get the dhcp working?
It can be that you need to tweak the dhcp config to connect it to the right interfaces.
And have you checked the firewall port settings for dhcp and dns function?

Ports set to 't' (Tagged) will send tagged packets, which can only be received by a VLAN-aware device at the other end set to respond to the same tag number. To connect ordinary devices like laptops you want to set the port to 'u' (untagged) in exactly one VLAN.

That was it! Thanks for that!

I remember setting the vlan on the switch (version 17 or so). I was able to just leave it as tagged. I did a little research on those 2. Now it's actually working correctly, right? I mean vlan untagged and tagged?

There are 2 bugs on this device that I came across:

1. Post 3
2. wpa3 bug

Anyway, thank you all!

Edit:
I can't change to [Solved].
And I would like to add mk24s answer as a solution too.
It would be great if there was a possibility to add 2 solutions.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.