OpenWrt Forum Archive

Topic: Help me to understand about VLANs and tagged, untagged ports

The content of this topic has been archived on 27 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
visata
29 Apr 2014, 11:35

I read tons of info about VLANs (like here http://wiki.openwrt.org/doc/uci/network/switch) and almost learned how everything works but real time examples contradict my knowledge. Maybe I'm confusing something.

Here is my network config (the router is WDR4300; 0 is CPU, #1 port is for WAN, I connect my PC on #2 port):

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd8b:97be:db92::/48'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.0.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ifname 'eth0.1'
        option dns '212.59.1.1 212.59.1.2 208.67.222.222'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'

#config interface 'vlan6'
#        option ifname 'eth0.6'
#        option proto 'none'
#        option defaultroute '0'
#        option peerdns '0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 2 3 4'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 1'

#config switch_vlan
#        option device 'switch0'
#        option vlan '6'
#        option ports '0t 1t 5'

Can you explain why I can't access internet when I make #1 port tagged on VLAN '2'?

Internet works now:

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 1'

Internet doesn't work:

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 1t'

Thanks for your feedback

Post #2
neryba
29 Apr 2014, 12:10

Tagged means that every package on this interface marked with VLANID. Internet not working because another device knows nothing about VLANID2, so it drops packages.
Tagged is needed then you need to send information about different networks via one interface, like 0t via processor port.
Connection between client-provider or provider-provider goes without any VlanID

(Last edited by neryba on 29 Apr 2014, 12:11)

Post #3
visata
29 Apr 2014, 15:09

Thanks for your time to reply.

Just to confirm when you say "another device" you mean some device outside my network (for example my ISP device)? All my tagged packets are dropped because they don't expect trunked/tagged packets with VLANID2? Or they might not expect tagged packets at all?

I believe (I didn't try dumping packets but based on available info on the internet) my ISP sends me tagged packets because they offer IPTV, internet, management (I don't need that) services. Or it might be that internet packets are sent untagged (could it be the case?) and IPTV tagged? What happens with a tagged packet when it goes into my router on untagged port?

0 port means CPU on router. When we say CPU, it means it's up to the router (and rules you set like firewall, network) to decide where to send a packet further?

Ultimately, I can't make IPTV and inernet to work the same time. It either works internet or IPTV (on provided set-top Motorola VIP1003) but not both. My ISP sends (broadcasts) IPTV via tagged packets on VLAN6.

Here is my config when internet works:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd8b:97be:db92::/48'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.0.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ifname 'eth0.1'
        option dns '212.59.1.1 212.59.1.2 208.67.222.222'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'

config interface 'vlan6'
        option ifname 'eth0.6'
        option proto 'none'
        option defaultroute '0'
        option peerdns '0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 2 3 4'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 1'

config switch_vlan
        option device 'switch0'
        option vlan '6'
        option ports '0t 5' #internet worked even with 0t 1 5, but I used a slightly different config. It was vlan '3' and vid '6'

When I add a tagged #1 port on VLAN6, IPTV starts to work but no internet access...

config switch_vlan
        option device 'switch0'
        option vlan '6'
        option ports '0t 1t 5'

Why this is happening? How can I have both?

Post #4
snk
29 Apr 2014, 15:32

Most home router switches are restricted to have a port tagged in all VLANs or in no VLANs. Therefore, '0t 1' and '0t 1t 5' don't work simultaneously, because port 1 would be both tagged and untagged. That said, this should be possible on your router, but the support is not yet fully in OpenWrt: https://dev.openwrt.org/ticket/12181

Post #5
visata
29 Apr 2014, 16:25

It would have taken another week to figure out why it doesn't work... it was a bug. Thanks for pointing this out.

It seems someone made a fix and posted it here https://github.com/zioproto/openwrt-tru … 962f9f4ef1

How can I compile the latest firmware version with this patch? I suppose I should download all of the files from the trunk, replace ar8216.c file and somehow compile it. Does anyone happen to have a compiled version with this patch which I could use?

Thanks

Post #6
visata
29 Apr 2014, 18:19

I contacted Saverio directly and he provided a compiled firmware with his fix. I flashed my router and finally IPTV and Internet works!

I asked whether he didn't mind if I share his builds here and he didn't. Here is the link to the builds with a tagged/untagged fix:
http://stud.netgroup.uniroma2.it/~saver … 181fix/v1/

Hope it will be included in the official trunk...

(Last edited by visata on 29 Apr 2014, 18:19)

Post #7
bdeblier
29 Apr 2014, 19:57

The following config works perfectly on my self-compiled trunk for a WDR4900 - I'm using port 2 to hook up my Digital TV box which needs an unrouted (wan) connection to the cable modem.

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 3 4 5'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 1 2'

The discussion might have continued from here.