Hi

I just bought a Linksys WRT1200AC router and have successfully flashed both Chaos Calmer and Kaloz most recent build to it.
Both seem to work nicely. However, none of them have the "Switch" menu under "Network" in Luci. I can see the switch
via SSH with swconfig, but not via the web interface.

I run a DMZ and therefore need vlan support. Preferably, I'd like to use Luci to do the configuration. Is it possible to enable the switch menu in Luci?
I have not been able to find out how. The switch menu is present with a fresh flash of Chaos Calmer on an old TP-Link WR1043ND v. 1.

Here is the output of swconfig:

root@jumphost:~# swconfig list
Found: switch0 - 10.mvsw61xx
root@jumphost:~# swconfig dev switch0 show
Global attributes:
    enable_vlan: 0
Port 0:
    mask: 0x004e: (0) 1 2 3 6 
    qmode: 0
    status: link: down
    link: 0
    pvid: 0
Port 1:
    mask: 0x004d: 0 (1) 2 3 6 
    qmode: 0
    status: link: down
    link: 0
    pvid: 0
Port 2:
    mask: 0x004b: 0 1 (2) 3 6 
    qmode: 0
    status: link: down
    link: 0
    pvid: 0
Port 3:
    mask: 0x0047: 0 1 2 (3) 6 
    qmode: 0
    status: link: up, speed: 1000 Mbps, duplex: full
    link: 1000
    pvid: 0
Port 4:
    mask: 0x0020: (4) 5 
    qmode: 0
    status: link: up, speed: 1000 Mbps, duplex: full
    link: 1000
    pvid: 0
Port 5:
    mask: 0x0010: 4 (5) 
    qmode: 0
    status: link: up, speed: 1000 Mbps, duplex: full
    link: 1000
    pvid: 0
Port 6:
    mask: 0x000f: 0 1 2 3 (6) 
    qmode: 0
    status: link: up, speed: 1000 Mbps, duplex: full
    link: 1000
    pvid: 0
root@jumphost:~# swconfig dev switch0 set enable_vlan 1
root@jumphost:~# echo $?
0

Anders

Have a look at https://forum.openwrt.org/viewtopic.php … 56#p311756

You need to add those lines to your /etc/config/network. Basically, you need to re-create the default port groups after enabling VLANs. After you have those set up you should be able to see the switch configuration in LuCI as well.

Thank you very much for the helpful pointer. Even with the aid of Google, the WRT1200AC support thread is getting a bit confusing at 400+ pages :-)

I now see the switch tab in Luci. For the record, I have the WRT1200AC with codename "caiman", and the problem was fixed by
adding the following lines to /etc/config/network:

config switch                   
        option name 'switch0'   
        option reset '1'         
        option enable_vlan '1'    
                                
config switch_vlan              
        option device 'switch0'                
        option vlan '1'         
        option ports '0 1 2 3 6'
                               
config switch_vlan             
        option device 'switch0'
        option vlan '2'
        option ports '4 5'

(Last edited by andersas on 21 Feb 2016, 00:19)

It's a good start! Unfortunately it doesn't work in 15.05.1.

Simply seeing the switch option show up in Luci doesn't mean it's working. I found that as soon as I tried to set interfaces to use the vlans via Luci, the interfaces became unusable. Be careful not to brick your router. I was lucky I was still able to access Luci and SSH via the Wireless interface.  Maybe there's a reason switch/vlan support is disabled for WRT1200AC in 15.05.1? I can't work out why it doesn't work yet, It's beyond my limited knowledge to even know where to start debugging this one.

I note that Luci gets the vlan names totally wrong in the web interface, auto detecting them as "eth0.1, eth0.2" when in fact eth0 and eth1 are shared by switch0 in the config example above, and eth1.1 would be the vlan describing what by default is the "lan" interface and its ports. It may be related to this issue: https://dev.openwrt.org/ticket/20739

So basically the advice above doesn't work and I've yet to see a solution to getting vlan working on WRT1200AC.

(Last edited by rtsm on 17 Jul 2016, 11:19)

I finally got VLANs working on WRT1200AC with OpenWRT 15.05.1 by following this advice https://forum.openwrt.org/viewtopic.php … 51#p327851

As they found, you can easily brick your router if you don't set the interfaces exactly right, and it's not intuitive. You MUST set WAN port to use "eth0.(vlan_number)" eg: "eth0.100" and the other external ports to use "eth1.(vlan_number)" eg: "eth1.2", even though WAN and LAN ports share the same switch and same VLAN config.

You must use the "t" tagged flag for the ports which the CPU connects to (5 on eth0 and 6 on eth1). So take careful note of the "5t" and "6t" in my example config below. Advice that is missing the essential "t" beside those entries did not work for me.

Also for some reason I found WAN had to use a specially set VID of 100 (or any number that isn't 1, and doesn't conflict with your other vlan numbers), while the VLAN itself must still be set to 1. See the example below.

Lastly, do NOT use Luci to configure the switch (eg: Network > Switch in the Luci inteface). You must edit /etc/config/network by hand to change the switch and VLAN definition. Luci will make a mess of switch and VLAN config. It autodetects the VLANs incorrectly when defining interface physical connections. It will try to call them all "eth0.1, eth0.2, eth0.3.." and so on, when in fact you must use "eth1.X" for all LAN ports and "eth0.X" for the WAN port. Using Luci's Network > Interface > (Interface Name) > Physical Settings config page is fine as long as you ignore the VLANs that Luci autodetects and type the correct ones using the "Custom Interface" box to define them the first time.

If I failed to do any one of these things, all the ports became unusable. I found that as long as I had SSH access set up to be accessible via the wifi connection, I was able to recover from mistakes easily enough.

BEWARE: The example should work for WRT1200AC v1 / WRT1900AC v2 / WRT1900ACS v1.

For WRT1900AC v1 entries for "eth0" and "eth1" need to be SWAPPED as you can see in https://wiki.openwrt.org/toh/linksys/wr … tch_layout

My working config, with WAN and each LAN port on its own VLAN (Ports labelled as 3 and 4 on the back of the device are defined here but currently unassigned to any network):

/etc/config/network:

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

#wan port
config switch_vlan
    option device 'switch0'
    option vlan '1'
    option vid '100'
    option ports '4 5t'

#port 1
config switch_vlan
    option device 'switch0'
    option vlan '2'
    option vid '2'
    option ports '3 6t'

#port 2
config switch_vlan
    option device 'switch0'
    option vlan '3'
    option vid '3'
    option ports '2 6t'

#port 3
config switch_vlan
    option device 'switch0'
    option vlan '4'
    option vid '4'
    option ports '1 6t'

#port 4
config switch_vlan
    option device 'switch0'
    option vlan '5'
    option vid '5'
    option ports '0 6t'

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix ' ( ...whatever your prefix is... ) '

#Lan on switch port 1
config interface 'lan'
        option force_link '1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.0.1'
        option ifname 'eth1.2'

#Another local network on switch port 2
config interface 'someothernetwork'
        option proto 'static'
        option ifname 'eth1.3'
        option ipaddr '192.168.8.1'
        option netmask '255.255.255.0'

#WAN on the wan port
config interface 'wan'
        option ifname 'eth0.100'
        option proto 'dhcp'

#Wireless
config interface 'wi'
        option type 'bridge'
        option _orig_ifname 'wlan0 wlan1'
        option _orig_bridge 'true'
        option proto 'static'
        option ipaddr '192.168.6.1'
        option netmask '255.255.255.0'

(Last edited by rtsm on 18 Jul 2016, 05:57)

@rtsm
you dont have to use vlans on the wan interface and it dont has to be vlan 100.
I just used 100 because it makes it easier for me to read and organize my config

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option vid '10'
    option ports '4 5'

When you use this config for the wan port. you can just use eth0 for your wan interface.

option vlan: just make sure you start by 1 and count up by 1 for each new vlan. Dont leave out any numbers.

(Last edited by shm0 on 18 Jul 2016, 19:04)

Hopefully this will help others but on my WRT1200ac after following the above and manually adding the VLAN set-up in CLI it did not seem to come back up correctly after a reboot, as there was no internet connectivity/DNS even on the local LAN, I found that each ethernet and wireless inteface had to have a VLAN to get the configuration working. Which with exception of the WAN (eth0), I added a bridge to the interface if not already bridged and the interface(s) and VLAN in to the bridge.

For the WAN (eth0) I use a PPPoE-wan config to connect to my ISP. The interface does not offer a bridge option in LUCI and would not connect if I left it on eth0, as such to get this working and connecting to the ISP I had to move from eth0 to eth0.2 (my WAN is VLAN2) using the custom option in LUCI and typing it in manually. After this change it connected fine to the ISP.

Probably worth noting that the VLAN's were added via CLI (used "nano" text editor to edit /etc/config/network), then all interfaces changes in LUCI where I added the VLAN to the interface was done by using the custom option and typing in the interface using ethx.x (i.e. interface number.VLAN sub interface) notation. This is an issue with LUCI on the WRT as mentioned above. Then I rebooted the router to ensure that all the changes were picked up before testing, this is how I found my internet connection problem as it was working OK until I rebooted.

This has now been working for a day or so now without issue and I have a tagged VLAN truck on port 1 with 4 VLAN's running to a separate managed switch which also has full connectivity on all the VLANs.

Hope the additional info helps someone else...

(Last edited by paped on 9 Aug 2016, 12:27)

Hello,

I have also bought a WRT1200ACv2 and tried the VLAN configuration above. My original running network is:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdaa:abc8:799c::/48'

config interface 'lan'
        option ifname 'eth1'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '217.0.117.92'
        option dns '217.0.43.129'
        option ipaddr '192.168.0.1'

config interface 'wan'
        option ifname 'eth0'
        option _orig_ifname 'eth0'
        option _orig_bridge 'false'
        option proto 'none'

config interface 'wan6'
        option ifname 'eth0'
        option _orig_ifname 'eth0'
        option _orig_bridge 'false'
        option proto 'pppoe'
        option username 'xxxxxxxxxxxxxxxxxxxxxxxxxx@t-online.de'
        option password 'xxxxxxxx'

And because I need minimum 2 VLAN I tried your solution of 'rtsm' and 'shm0' with:

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

#WAN port
config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '10'
        options ports '4 5'

#LAN Port 1
config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '2'
        options ports '3 6t'

#LAN Port 2
config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '3'
        options ports '2 6t'

#LAN Port 3
config switch_vlan
        option device 'switch0'
        option vlan '4'
        option vid '4'
        options ports '1 6t'

#LAN Port 4
config switch_vlan
        option device 'switch0'
        option vlan '5'
        option vid '5'
        options ports '1 6t'

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdaa:abc8:799c::/48'

# LAN on switch port 1
config interface 'lan'
        option ifname 'eth1.2'
        option force_link '1'
        #option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '217.0.117.92'
        option dns '217.0.43.129'
        option ipaddr '192.168.0.1'

# LAN on switch port 2
config interface 'lan'
        option ifname 'eth1.3'
        option force_link '1'
        #option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '217.0.117.92'
        option dns '217.0.43.129'
        option ipaddr '192.168.2.1'

config interface 'wan'
        option ifname 'eth0'
        option _orig_ifname 'eth0'
        option _orig_bridge 'false'
        option proto 'none'

config interface 'wan6'
        option ifname 'eth0'
        option _orig_ifname 'eth0'
        option _orig_bridge 'false'
        option proto 'pppoe'
        option username 'xxxxxxxxxxxxxxxxxxxxxxx@t-online.de'
        option password 'xxxxxxxx'

And that moment there was no connection over wireless and ethernet. There was also no ping to 192.168.0.1 possible.

What I done wrong?

Thanks

Wambui

(Last edited by Wambui on 22 Oct 2016, 16:45)

Hi, I just bought a LinkSys WRT1200AC, and flashed OpenWRT Chaos Calmer 15.05.1 built by kaloz (Mildly customized CC Build with latest mwlwifi driver).

But when I ssh into the router, and issue command 'swconfig list', nothing happens, there is no programmable switch. Does anyone have the same problem?

Hello,
I have written a HOWTO in German Language at debianforum.de/forum/viewtopic.php?f=18&t=162716
Maybe it will help you.

Bye
Wambui

@Wambui Thank you very much for your reply. The link (debianforum.de/forum/viewtopic.php?f=18&t=162716) is dead with 403 Forbidden error.

Is that possible that you could paste the HOWTO in this topic? Thanks a lot.

The link works fine here? I have no account on that forum either.

It's alive
https://debianforum.de/forum/viewtopic. … p;t=162716
You have to generate an account. I haven't any time to translate into English. Sorry.

(Last edited by Wambui on 30 Oct 2016, 19:10)

Here is it written too on my site for everyone https://www.linuxmaker.com/tutorials/wr … enwrt.html

(Last edited by Wambui on 1 Nov 2016, 12:31)