OpenWrt Forum Archive

Topic: OpenWRT VLAN configuration and connection to switch issue

The content of this topic has been archived on 27 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
bolmsted
20 Aug 2016, 23:37

Hello OpenWRT community :)

I am trying to expand my home network into a mature configuration with a mixture of wired and wireless clients having wired our house with ports in every room and lots near the TV and computer area.  :)

Previously I had the two routers configured as WDS linked devices in the basement of our old house but now I want to extend the network physically over Ethernet.


I have my main router currently in the basement but I plan to move it upstairs to the main floor and have 2 Ethernet cables connecting it back downstairs to the cable modem and switches once I get this working.     I also have a 2nd router that I'm putting upstairs on the 2nd floor to repeat our WiFi SSIDs (lan and guest).

I have it mostly working except for 1 thing that I've noticed....   I can't ping the management IP address of one of the switches (or more importantly manage the switch) when pinging from the routers or WiFi via the routers.   I would imagine the issue would be the same from a physical connection to the router as well since it is on the same VLAN as the wireless interface.


Devices in question:

24 Port switch:  Model: TL-SG1024DE  ver 1.0
8 Port switch:   Model:  TL-SG108E   ver2.0
2 x TP-Link TL-WDR4300 both running OpenWRT  BARRIER BREAKER (14.07, r42625)



OK, so let me see if I can articulate what I see as the problem.


Here is a diagram of my setup

http://i170.photobucket.com/albums/u265/bolmsted/network%20diagram_zpsyvnb9xe6.png



Port status and VLAN configuration for the two switches:


TL-SG1024DE

Port     Status     Speed/Duplex          Flow Control
                    Config     Actual     Config     Actual
Port 1    Enabled    Auto    Link Down    Off    Off
Port 2    Enabled    Auto    Link Down    Off    Off
Port 3    Enabled    Auto    Link Down    Off    Off
Port 4    Enabled    Auto    Link Down    Off    Off
Port 5    Enabled    Auto    Link Down    Off    Off
Port 6    Enabled    Auto    Link Down    Off    Off
Port 7    Enabled    Auto    Link Down    Off    Off
Port 8    Enabled    Auto    Link Down    Off    Off
Port 9    Enabled    Auto    Link Down    Off    Off
Port 10    Enabled    Auto    1000Full    Off    Off
Port 11    Enabled    Auto    Link Down    Off    Off
Port 12    Enabled    Auto    Link Down    Off    Off
Port 13    Enabled    Auto    Link Down    Off    Off
Port 14    Enabled    Auto    Link Down    Off    Off
Port 15    Enabled    Auto    Link Down    Off    Off
Port 16    Enabled    Auto    Link Down    Off    Off
Port 17    Enabled    Auto    Link Down    Off    Off
Port 18    Enabled    Auto    Link Down    Off    Off
Port 19    Enabled    Auto    Link Down    Off    Off
Port 20    Enabled    Auto    Link Down    Off    Off
Port 21    Enabled    Auto    Link Down    Off    Off
Port 22    Enabled    Auto    Link Down    Off    Off
Port 23    Enabled    Auto    1000Full    Off    Off
Port 24    Enabled    Auto    1000Full    Off    Off


VLAN ID     VLAN Name     Member Ports     Tagged Ports     Untagged Ports     Delete
1           default       1-24             --               1-24    
101         LAN           2-24             2,9-10,23-24     3-8,11-22    
102         Guest         2,9-10,23-24     2,9-10,23-24     --


TL-SG108E

Port     Status      Speed/Duplex       Flow Control
                     Config  Actual     Config  Actual
Port 1    Enabled    Auto    1000MF     Off    Off
Port 2    Enabled    Auto    1000MF     Off    Off
Port 3    Enabled    Auto    1000MF     Off    Off
Port 4    Enabled    Auto    Link Down  Off    Off
Port 5    Enabled    Auto    Link Down  Off    Off
Port 6    Enabled    Auto    Link Down  Off    Off
Port 7    Enabled    Auto    Link Down  Off    Off
Port 8    Enabled    Auto    1000MF     Off    Off


VLAN ID     VLAN Name       Member Ports     Tagged Ports     Untagged Ports     Delete
1           Default_VLAN    1-8              1-8    
101         LAN             1-8              4,8              1-3,5-7    
102         Guest           4,8              4,8

Router #1  (br-lan = eth0.101 = 192.168.1.1;    br-guest = eth0.102 = 10.0.0.1.    eth0.100 = Internet interface)

br-guest  Link encap:Ethernet  HWaddr 10:FE:ED:89:18:60  
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fdc6:1407:6f68::1/60 Scope:Global
          inet6 addr: fe80::12fe:edff:fe89:1860/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:118682 errors:0 dropped:0 overruns:0 frame:0
          TX packets:189245 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:16089034 (15.3 MiB)  TX bytes:232811458 (222.0 MiB)

br-lan    Link encap:Ethernet  HWaddr 10:FE:ED:89:18:60  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fdc6:1407:6f68:10::1/60 Scope:Global
          inet6 addr: fe80::12fe:edff:fe89:1860/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1293722 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2088018 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:174017643 (165.9 MiB)  TX bytes:1805515836 (1.6 GiB)

eth0      Link encap:Ethernet  HWaddr 10:FE:ED:89:18:60  
          inet6 addr: fe80::12fe:edff:fe89:1860/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2728469 errors:0 dropped:27 overruns:13 frame:0
          TX packets:2190525 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2069693297 (1.9 GiB)  TX bytes:843068024 (804.0 MiB)
          Interrupt:4 

eth0.100  Link encap:Ethernet  HWaddr 10:FE:ED:89:18:60  
          inet addr:XXX.XXX.XXX.XXX  Bcast:xxx.xxx.xx.xxx  Mask:255.255.255.224
          inet6 addr: fe80::12fe:edff:fe89:1860/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2112769 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1314091 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1951215906 (1.8 GiB)  TX bytes:192612155 (183.6 MiB)

eth0.101  Link encap:Ethernet  HWaddr 10:FE:ED:89:18:60  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:568505 errors:0 dropped:0 overruns:0 frame:0
          TX packets:859117 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:63664625 (60.7 MiB)  TX bytes:631302973 (602.0 MiB)

eth0.102  Link encap:Ethernet  HWaddr 10:FE:ED:89:18:60  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:47043 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17319 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:5683862 (5.4 MiB)  TX bytes:10390866 (9.9 MiB)

eth0.101 (br-lan - 192.168.1.1/24) and eth0.102 (br-guest - 10.0.0.1/8) are tagged configuration in the router
eth0.100 is public internet connection


Router #2  (br-lan = eth0.101 = 192.168.1.2;    br-guest = eth0.102 = 10.0.0.2)

br-guest  Link encap:Ethernet  HWaddr 10:FE:ED:89:17:94  
          inet addr:10.0.0.2  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::12fe:edff:fe89:1794/64 Scope:Link
          inet6 addr: fdfa:dbf3:b1c8::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3098 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2224 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:319215 (311.7 KiB)  TX bytes:191260 (186.7 KiB)

br-lan    Link encap:Ethernet  HWaddr 10:FE:ED:89:17:94  
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fdfa:dbf3:b1c8:10::1/60 Scope:Global
          inet6 addr: fe80::12fe:edff:fe89:1794/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:111267 errors:0 dropped:0 overruns:0 frame:0
          TX packets:59847 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:9614214 (9.1 MiB)  TX bytes:13396766 (12.7 MiB)

eth0      Link encap:Ethernet  HWaddr 10:FE:ED:89:17:94  
          inet6 addr: fe80::12fe:edff:fe89:1794/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:825578 errors:0 dropped:7 overruns:0 frame:0
          TX packets:483434 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:604957170 (576.9 MiB)  TX bytes:85362615 (81.4 MiB)
          Interrupt:4 

eth0.101  Link encap:Ethernet  HWaddr 10:FE:ED:89:17:94  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:764095 errors:0 dropped:0 overruns:0 frame:0
          TX packets:416502 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:521624774 (497.4 MiB)  TX bytes:66022774 (62.9 MiB)

eth0.102  Link encap:Ethernet  HWaddr 10:FE:ED:89:17:94  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:61462 errors:0 dropped:0 overruns:0 frame:0
          TX packets:66927 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:68470556 (65.2 MiB)  TX bytes:17405607 (16.5 MiB)

eth0.101 (br-lan - 192.168.1.2/24) and eth0.102 (br-guest - 10.0.0.2/8) are tagged configuration in the router



Testing outcome

From the laptop, connected via Ethernet to the 2nd switch (TL-SG108E) I can ping the two routers (192.168.1.1, 192.168.1.2), my NAS (192.168.1.5), my VoIP ATA (192.168.1.13), my desktop computer (192.168.1.112) AND the two switch 192.168.1.254 (TL-SG1024DE) and 192.168.1.253 (TL-SG108E)

macbookpro-wifi:~ brian$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.499 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.363 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.353 ms
^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.353/0.405/0.499/0.067 ms
macbookpro-wifi:~ brian$ ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2): 56 data bytes
64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.371 ms
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.347 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.331 ms
64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=0.381 ms
^C
--- 192.168.1.2 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.331/0.357/0.381/0.020 ms
macbookpro-wifi:~ brian$ 
macbookpro-wifi:~ brian$ 
macbookpro-wifi:~ brian$ ping 192.168.1.5
PING 192.168.1.5 (192.168.1.5): 56 data bytes
64 bytes from 192.168.1.5: icmp_seq=0 ttl=64 time=0.277 ms
64 bytes from 192.168.1.5: icmp_seq=1 ttl=64 time=0.292 ms
64 bytes from 192.168.1.5: icmp_seq=2 ttl=64 time=0.246 ms
^C
--- 192.168.1.5 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.246/0.272/0.292/0.019 ms
macbookpro-wifi:~ brian$ 
macbookpro-wifi:~ brian$ ping 192.168.1.13
PING 192.168.1.13 (192.168.1.13): 56 data bytes
64 bytes from 192.168.1.13: icmp_seq=0 ttl=64 time=2.302 ms
64 bytes from 192.168.1.13: icmp_seq=1 ttl=64 time=0.637 ms
64 bytes from 192.168.1.13: icmp_seq=2 ttl=64 time=3.304 ms
^C
--- 192.168.1.13 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.637/2.081/3.304/1.100 ms
macbookpro-wifi:~ brian$ 
macbookpro-wifi:~ brian$ ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254): 56 data bytes
64 bytes from 192.168.1.254: icmp_seq=0 ttl=64 time=10.811 ms
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=5.600 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=64 time=5.485 ms
^C
--- 192.168.1.254 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 5.485/7.299/10.811/2.484 ms
macbookpro-wifi:~ brian$ 
macbookpro-wifi:~ brian$ ping 192.168.1.253
PING 192.168.1.253 (192.168.1.253): 56 data bytes
64 bytes from 192.168.1.253: icmp_seq=0 ttl=64 time=2.292 ms
64 bytes from 192.168.1.253: icmp_seq=1 ttl=64 time=1.904 ms
64 bytes from 192.168.1.253: icmp_seq=2 ttl=64 time=2.340 ms
^C
--- 192.168.1.253 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.904/2.179/2.340/0.195 ms
macbookpro-wifi:~ brian$ 
macbookpro-wifi:~ brian$ ping 192.168.1.112
PING 192.168.1.112 (192.168.1.112): 56 data bytes
64 bytes from 192.168.1.112: icmp_seq=0 ttl=64 time=0.559 ms
64 bytes from 192.168.1.112: icmp_seq=1 ttl=64 time=0.350 ms
64 bytes from 192.168.1.112: icmp_seq=2 ttl=64 time=0.349 ms
^C
--- 192.168.1.112 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.349/0.419/0.559/0.099 ms
macbookpro-wifi:~ brian$

However, if I connect from the laptop via wifi (which is going through the router for access) or ping from the router I get different results.


ROUTER1
Here we can ping the router2 (192.168.1.2, 10.0.0.2) which are also tagged.   Also we can ping the NAS (192.168.1.5), VoIP ATA (192.168.1.13), Desktop Computer (192.168.1.112), Laptop (192.168.1.114 via Ethernet), the 2nd switch (TL-SG108E = 192.168.1.253) but we CANNOT ping the 1st switch (TL-SG1024DE = 192.168.1.254) from the router1 (or manage the switch via WebGUI (via WIFI via that router)) 

root@router1:~# ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2): 56 data bytes
64 bytes from 192.168.1.2: seq=0 ttl=64 time=0.609 ms
64 bytes from 192.168.1.2: seq=1 ttl=64 time=0.410 ms
64 bytes from 192.168.1.2: seq=2 ttl=64 time=0.406 ms
64 bytes from 192.168.1.2: seq=3 ttl=64 time=0.389 ms
^C
--- 192.168.1.2 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.389/0.453/0.609 ms
root@router1:~# ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: seq=0 ttl=64 time=0.509 ms
64 bytes from 10.0.0.2: seq=1 ttl=64 time=0.456 ms
64 bytes from 10.0.0.2: seq=2 ttl=64 time=0.405 ms
^C
--- 10.0.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.405/0.456/0.509 ms
root@router1:~# 
root@router1:~# 
root@router1:~# ping 192.168.1.5
PING 192.168.1.5 (192.168.1.5): 56 data bytes
64 bytes from 192.168.1.5: seq=0 ttl=64 time=0.462 ms
64 bytes from 192.168.1.5: seq=1 ttl=64 time=0.281 ms
^C
--- 192.168.1.5 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.281/0.371/0.462 ms
root@router1:~# 
root@router1:~# 
root@router1:~# ping 192.168.1.13
PING 192.168.1.13 (192.168.1.13): 56 data bytes
64 bytes from 192.168.1.13: seq=0 ttl=64 time=0.792 ms
64 bytes from 192.168.1.13: seq=1 ttl=64 time=0.588 ms
64 bytes from 192.168.1.13: seq=2 ttl=64 time=0.602 ms
^C
--- 192.168.1.13 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.588/0.660/0.792 ms
root@router1:~# 
root@router1:~# ping 192.168.1.112
PING 192.168.1.112 (192.168.1.112): 56 data bytes
64 bytes from 192.168.1.112: seq=0 ttl=64 time=0.504 ms
64 bytes from 192.168.1.112: seq=1 ttl=64 time=0.407 ms
^C
--- 192.168.1.112 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.407/0.455/0.504 ms
root@router1:~# ping 192.168.1.114
PING 192.168.1.114 (192.168.1.114): 56 data bytes
64 bytes from 192.168.1.114: seq=0 ttl=64 time=0.423 ms
64 bytes from 192.168.1.114: seq=1 ttl=64 time=0.540 ms
64 bytes from 192.168.1.114: seq=2 ttl=64 time=0.485 ms
^C
--- 192.168.1.114 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.423/0.482/0.540 ms
root@router1:~# 
root@router1:~# 
root@router1:~# ping 192.168.1.253
PING 192.168.1.253 (192.168.1.253): 56 data bytes
64 bytes from 192.168.1.253: seq=0 ttl=64 time=1.895 ms
64 bytes from 192.168.1.253: seq=1 ttl=64 time=1.839 ms
64 bytes from 192.168.1.253: seq=2 ttl=64 time=2.166 ms
^C
--- 192.168.1.253 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1.839/1.966/2.166 ms
root@router1:~# 
root@router1:~# 
root@router1:~# ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254): 56 data bytes
^C
--- 192.168.1.254 ping statistics ---
11 packets transmitted, 0 packets received, 100% packet loss
root@router1:~#

ROUTER2

From the 2nd router, I get the same results (naturally) as router1, since it leans on router1 for its gateway and any DHCP requests, etc that the clients connected to it would use since I don't have a DHCP server that would be connected to both routers or a backbone.
router2 <---> TLSG1024DE <--> router1

root@router2:~# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: seq=0 ttl=64 time=0.570 ms
64 bytes from 192.168.1.1: seq=1 ttl=64 time=0.385 ms
^C
--- 192.168.1.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.385/0.477/0.570 ms
root@router2:~# 
root@router2:~# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: seq=0 ttl=64 time=0.576 ms
64 bytes from 10.0.0.1: seq=1 ttl=64 time=0.393 ms
64 bytes from 10.0.0.1: seq=2 ttl=64 time=0.407 ms
^C
--- 10.0.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.393/0.458/0.576 ms
root@router2:~# 
root@router2:~# ping 192.168.1.5
PING 192.168.1.5 (192.168.1.5): 56 data bytes
64 bytes from 192.168.1.5: seq=0 ttl=64 time=0.892 ms
64 bytes from 192.168.1.5: seq=1 ttl=64 time=0.284 ms
64 bytes from 192.168.1.5: seq=2 ttl=64 time=0.292 ms
^C
--- 192.168.1.5 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.284/0.489/0.892 ms
root@router2:~# ping 192.168.1.13
PING 192.168.1.13 (192.168.1.13): 56 data bytes
64 bytes from 192.168.1.13: seq=0 ttl=64 time=1.527 ms
64 bytes from 192.168.1.13: seq=1 ttl=64 time=0.560 ms
64 bytes from 192.168.1.13: seq=2 ttl=64 time=0.576 ms
^C
--- 192.168.1.13 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.560/0.887/1.527 ms
root@router2:~# 
root@router2:~# ping 192.168.1.112
PING 192.168.1.112 (192.168.1.112): 56 data bytes
64 bytes from 192.168.1.112: seq=0 ttl=64 time=0.960 ms
64 bytes from 192.168.1.112: seq=1 ttl=64 time=0.484 ms
64 bytes from 192.168.1.112: seq=2 ttl=64 time=0.524 ms
^C
--- 192.168.1.112 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.484/0.656/0.960 ms
root@router2:~# ping 192.168.1.114
PING 192.168.1.114 (192.168.1.114): 56 data bytes
64 bytes from 192.168.1.114: seq=0 ttl=64 time=0.375 ms
64 bytes from 192.168.1.114: seq=1 ttl=64 time=0.441 ms
64 bytes from 192.168.1.114: seq=2 ttl=64 time=0.468 ms
^C
--- 192.168.1.114 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.375/0.428/0.468 ms
root@router2:~# 
root@router2:~# ping 192.168.1.253
PING 192.168.1.253 (192.168.1.253): 56 data bytes
64 bytes from 192.168.1.253: seq=0 ttl=64 time=4.194 ms
64 bytes from 192.168.1.253: seq=1 ttl=64 time=1.839 ms
64 bytes from 192.168.1.253: seq=2 ttl=64 time=2.294 ms
64 bytes from 192.168.1.253: seq=3 ttl=64 time=2.061 ms
^C
--- 192.168.1.253 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.839/2.597/4.194 ms
root@router2:~# 
root@router2:~# ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254): 56 data bytes
^C
--- 192.168.1.254 ping statistics ---
9 packets transmitted, 0 packets received, 100% packet loss
root@router2:~#

If I unplug the Ethernet cable from the laptop (so it is not directly connected to the switch network consisting of the TL-SG1024DE and TL-SG108E, and connect either via wired cable to the router #1 directly or via WiFi I will get the same results as the tests for pinging from the router1 or router2 with the added bonus (not!) of not being able to manage the switch.   

If I connect  via Ethernet I can manage both switches (TL-SG1024DE = 192.168.1.254 and TL-SG108E = 192.168.1.253) but once I jump onto a connection via the router (wired or WiFi) I can only access the 8 port switch (TL-SG108E) and not the 24 port switch (TL-SG1024DE).

Here can ping router 1 (192.168.1.1), router2 (192.168.1.2), NAS (192.168.1.5), VoIP ATA (192.168.1.13), Desktop computer (192.168.1.112), Switch 2 (TL-108E = 192.168.1.253) but NOT Switch1 (TL-1024DE = 192.168.1.254)

macbookpro-wifi:~ brian$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.908 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.727 ms
^C
--- 192.168.1.1 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.727/0.818/0.908/0.091 ms
macbookpro-wifi:~ brian$ ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2): 56 data bytes
64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=1.635 ms
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=1.004 ms
^C
--- 192.168.1.2 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.004/1.320/1.635/0.315 ms
macbookpro-wifi:~ brian$ ping 192.168.1.5
PING 192.168.1.5 (192.168.1.5): 56 data bytes
64 bytes from 192.168.1.5: icmp_seq=0 ttl=64 time=3.384 ms
64 bytes from 192.168.1.5: icmp_seq=1 ttl=64 time=3.187 ms
64 bytes from 192.168.1.5: icmp_seq=2 ttl=64 time=6.237 ms
^C
--- 192.168.1.5 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.187/4.269/6.237/1.394 ms
macbookpro-wifi:~ brian$ ping 192.168.1.13
PING 192.168.1.13 (192.168.1.13): 56 data bytes
64 bytes from 192.168.1.13: icmp_seq=0 ttl=64 time=6.100 ms
64 bytes from 192.168.1.13: icmp_seq=1 ttl=64 time=1.623 ms
64 bytes from 192.168.1.13: icmp_seq=2 ttl=64 time=1.378 ms
^C
--- 192.168.1.13 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.378/3.034/6.100/2.171 ms
macbookpro-wifi:~ brian$ ping 192.168.1.112
PING 192.168.1.112 (192.168.1.112): 56 data bytes
64 bytes from 192.168.1.112: icmp_seq=0 ttl=64 time=4.949 ms
Request timeout for icmp_seq 1
64 bytes from 192.168.1.112: icmp_seq=2 ttl=64 time=3.067 ms
64 bytes from 192.168.1.112: icmp_seq=3 ttl=64 time=3.125 ms
64 bytes from 192.168.1.112: icmp_seq=4 ttl=64 time=3.306 ms
^C
--- 192.168.1.112 ping statistics ---
5 packets transmitted, 4 packets received, 20.0% packet loss
round-trip min/avg/max/stddev = 3.067/3.612/4.949/0.777 ms
macbookpro-wifi:~ brian$ 
macbookpro-wifi:~ brian$ ping 192.168.1.253
PING 192.168.1.253 (192.168.1.253): 56 data bytes
64 bytes from 192.168.1.253: icmp_seq=0 ttl=64 time=6.780 ms
64 bytes from 192.168.1.253: icmp_seq=1 ttl=64 time=2.714 ms
64 bytes from 192.168.1.253: icmp_seq=2 ttl=64 time=2.812 ms
^C
--- 192.168.1.253 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.714/4.102/6.780/1.894 ms
macbookpro-wifi:~ brian$ ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
ping: sendto: No route to host
Request timeout for icmp_seq 4
ping: sendto: Host is down
Request timeout for icmp_seq 5
ping: sendto: Host is down
Request timeout for icmp_seq 6
ping: sendto: Host is down
Request timeout for icmp_seq 7
^C
--- 192.168.1.254 ping statistics ---
9 packets transmitted, 0 packets received, 100.0% packet loss
macbookpro-wifi:~ brian$

If I use no VLAN configuration I can obviously ping everything from the 192.168.1.0/24 network from everywhere (computers, routers) but I bought these two switches so I could setup separate VLANs such that I could do things like putting two SSIDs on the routers to have a private network and a guest network and routing the traffic via VLANs over the physical cable back to the switch.   I'd also like to do similar setup for a DMZ, etc

Normally, I can't ping the 10.0.0.2 router from a computer such as the laptop (192.168.1.114/192.168.1.4) due to the VLAN setup but I told the router to forward the packets so my testing shows that you can talk to them as normally a firewall would block this so the VLAN tagging is working.

macbookpro-wifi:~ brian$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=2.072 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.923 ms
^C
--- 10.0.0.1 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.923/1.498/2.072/0.574 ms
macbookpro-wifi:~ brian$ ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: icmp_seq=0 ttl=64 time=0.855 ms
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=1.143 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=1.111 ms
^C
--- 10.0.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.855/1.036/1.143/0.129 ms
macbookpro-wifi:~ brian$

So, why can I not ping or more specifically manage the TL-1024DE (24 port switch1) via the router1 via WiFi (or the computer directly connected to the router on one of its switch ports) or trying to ping it from the router for testing purposes?

I know with no VLANs it works but then I can't have the 10.0.0.0/8 network or any other VLAN network segments obviously.    The tagging/VLAN is working as far as communication goes between the different devices, just this router to switch management interface has an issue.

Am I missing a tag on one of the ports or something to this effect?


Port 4 on the 2nd switch (TL-SG108E) was my test port for setting up my 2nd router before I moved it to another location which is currently connected on port 10 on the 1st switch (TL-SG1024DE) with the same VLAN configuration.    All of the ports are currently defaulted to PVID101 for the LAN.   The PVID102 will probably never be attached to a regular access switch port and only used for providing the WiFi access via router1 and router2  to broadcast the SSID1 and SSID2.

I plan on relocating router1 to another floor once this is fully working, so ports 1&2 have been dedicated for this to accommodate a connection between the modem and then back to the switch but I need to understand why I can't manage/ping the switch via the WiFi or direct connection to the router1.

Both of these switches have a default gateway of the router1 (192.168.1.1).



router1 /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'xxxx:xxxx:xxxx::/48'

config interface 'lan'
        option ifname 'eth0.101'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option gateway '192.168.1.1'
        option ip6assign '60'
        option _orig_ifname 'eth0.101 wlan0 wlan1'
        option _orig_bridge 'true'
        option stp '1'
        option accept_ra '1'
        option send_rs '1'

config interface 'wan'
        option ifname 'eth0.100'
        option proto 'dhcp'

config interface 'wan6'
        option ifname '@wan'
        option proto 'dhcpv6'

config interface 'guest'
        option ifname 'eth0.102'
        option type 'bridge'
        option proto 'static'
        option ipaddr '10.0.0.1'
        option netmask '255.255.255.0'
        option gateway '10.0.0.1'
        option ip6assign '60'
        option stp '1'
        option accept_ra '1'
        option send_rs '1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'


config switch_vlan
        option device 'switch0'
        option vlan '100'
        option vid  '100'
        option ports '0t 1'

config switch_vlan
        option device 'switch0'
        option vlan '101'
        option vid  '101'
        option ports '0t 2t 3 4 5'

config switch_vlan
        option device 'switch0'
        option vlan '102'
        option vid  '102'
        option ports '0t 2t'

router1 /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11ng'
        option path 'platform/ar934x_wmac'
        list ht_capab 'LDPC'
        list ht_capab 'SHORT-GI-20'
        list ht_capab 'SHORT-GI-40'
        list ht_capab 'TX-STBC'
        list ht_capab 'RX-STBC1'
        list ht_capab 'DSSS_CCK-40'
        option txpower '30'
        option htmode 'HT40-'
        option noscan '1'
        option country 'US'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option ssid 'lan'
        option encryption 'psk2'
        option key 'xxxxxxx'
        option network 'lan'
        option disassoc_low_ack '0'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option ssid 'guest'
        option encryption 'psk2'
        option key 'xxxxxxx'
        option network 'guest'
        option disassoc_low_ack '0'


config wifi-device 'radio1'
        option type 'mac80211'
        option channel '36'
        option hwmode '11na'
        option path 'pci0000:00/0000:00:00.0'
        list ht_capab 'LDPC'
        list ht_capab 'SHORT-GI-20'
        list ht_capab 'SHORT-GI-40'
        list ht_capab 'TX-STBC'
        list ht_capab 'RX-STBC1'
        list ht_capab 'DSSS_CCK-40'
        option txpower '30'
        option htmode 'HT40+'
        option noscan '1'
        option country 'US'

config wifi-iface
        option device 'radio1'
        option mode 'ap'
        option ssid 'lan'
        option encryption 'psk2'
        option key 'xxxxxxx'
        option network 'lan'
        option disassoc_low_ack '0'

config wifi-iface
        option device 'radio1'
        option mode 'ap'
        option ssid 'guest'
        option encryption 'psk2'
        option key 'xxxxxxx'
        option network 'guest'
        option disassoc_low_ack '0'

router2 /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'xxxx:xxxx:xxxx::/48'

config interface 'lan'
        option ifname 'eth0.101'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.2'
        option netmask '255.255.255.0'
        option gateway '192.168.1.1'
        option ip6assign '60'
        option _orig_ifname 'eth0.101 wlan0 wlan1'
        option _orig_bridge 'true'
        #                                                                       
        option dns '8.8.8.8 8.8.4.4 64.140.114.21'
        option stp '1'
        option accept_ra '1'
        option send_rs '1'

##config interface 'wan'
##      option ifname 'eth0.100'
##      option proto 'dhcp'
##      option disabled '1'

##config interface 'wan6'
##      option ifname '@wan'
##      option proto 'dhcpv6'
##      option disabled '1'

config interface 'guest'
        option type 'bridge'
        option proto 'static'
        option ipaddr '10.0.0.2'
        option netmask '255.255.255.0'
        option gateway '10.0.0.1'
        option ip6assign '60'
        option dns '8.8.8.8 8.8.4.4 64.140.114.21'
        option stp '1'
        option _orig_ifname 'eth0.102 wlan0-1 wlan1-1'
        option _orig_bridge 'true'
        option ifname 'eth0.102'
        option accept_ra '1'
        option send_rs '1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '101'
        option vid  '101'
        option ports '0t 1t 2 3 4 5'

config switch_vlan
        option device 'switch0'
        option vlan '102'
        option vid  '102'
        option ports '0t 1t'

router2 /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        #option channel '11'
        option channel '10'
        option hwmode '11ng'
        option path 'platform/ar934x_wmac'
        list ht_capab 'LDPC'
        list ht_capab 'SHORT-GI-20'
        list ht_capab 'SHORT-GI-40'
        list ht_capab 'TX-STBC'
        list ht_capab 'RX-STBC1'
        list ht_capab 'DSSS_CCK-40'
        option txpower '30'
        option htmode 'HT40-'
        option noscan '1'
        option country 'US'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option ssid 'lan'
        option encryption 'psk2'
        option key 'xxxxxxx'
        option network 'lan'
        option disassoc_low_ack '0'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option ssid 'guest'
        option encryption 'psk2'
        option key 'xxxxxx'
        option network 'guest'
        option disassoc_low_ack '0'



config wifi-device 'radio1'
        option type 'mac80211'
        ##option channel '36'
        option channel '40'
        option hwmode '11na'
        option path 'pci0000:00/0000:00:00.0'
        list ht_capab 'LDPC'
        list ht_capab 'SHORT-GI-20'
        list ht_capab 'SHORT-GI-40'
        list ht_capab 'TX-STBC'
        list ht_capab 'RX-STBC1'
        list ht_capab 'DSSS_CCK-40'
        option txpower '30'
        option htmode 'HT40+'
        option noscan '1'
        option country 'US'

config wifi-iface
        option device 'radio1'
        option mode 'ap'
        option ssid 'lan'
        option encryption 'psk2'
        option key 'xxxxxxx'
        option network 'lan'
        option disassoc_low_ack '0'

config wifi-iface
        option device 'radio1'
        option mode 'ap'
        option ssid 'guest'
        option encryption 'psk2'
        option key 'xxxxxxx'
        option network 'guest'
        option disassoc_low_ack '0'


Many thanks in advance.   Any suggestions or comments would be welcome.    I've opened a case with TP Link regarding the switch configuration but I'm pretty sure that I've got the OpenWRT config right based on what I'm reading online.   

Is it that the router or switch can't pass tagged packets between each other but it works for all the devices on the VLAN from what I can tell and I can access the 2nd 8 port switch which is connected to the 24 port switch.

Do I need to put the switches on another VLAN, but then again I don't see how this would solve the issue since the router-switch connection is on a VLAN setup anyway.

(Last edited by bolmsted on 22 Aug 2016, 17:15)

Post #2
bolmsted
21 Aug 2016, 01:13

I know some may say TL;DR.    So summary is I can't ping my management interface (or use the web GUI management page) of my primary switch after doing VLAN configuration changes.   The second switch from the same manufacturer can be pinged and managed but it is not the one doing the router-switch VLAN communication.

Post #3
dktn
22 Aug 2016, 09:16

where is your 2 x TP-Link TL-WDR4300 both running OpenWRT  BARRIER BREAKER (14.07, r42625) on diagram. What do you want to set on the future (show your ideal on diagram)?

Post #4
bolmsted
22 Aug 2016, 14:00

The same just on different ports as I go to a patch panel.   I moved the routers to their final destination on the weekend.   Same results

Post #5
bolmsted
22 Aug 2016, 15:14
dktn wrote:

where is your 2 x TP-Link TL-WDR4300 both running OpenWRT  BARRIER BREAKER (14.07, r42625) on diagram. What do you want to set on the future (show your ideal on diagram)?


Sorry may have misread this while on the go.   The two routers running OpenWRT Breaking Barrier 14.07 on the diagram are the two routers with IP addresses below.  Logically they will stay in the same location, I just changed physical port allocation as I have a patch panel interconnection to the switch when I moved them on the weekend:

router1:  192.168.1.1, 10.0.0.1
router2:  192.168.1.2, 10.0.0.2


I moved them on the weekend to different locations so the only config change on the switch was to enable tagging on the VLAN101 and VLAN102 on the port associated with the two OpenWRT.



I just noticed from the router1 perspective it looks like it sees a 00:00:00:00:00:00 MAC for the main switch (24 port TL-SG1024DE) for some reason.   I guess the router is doing the same thing for the Internet interface bridging interface for some reason so perhaps this normal behavior?

root@router1:~# arp -a
IP address       HW type     Flags       HW address            Mask     Device
192.168.1.3      0x1         0x2         c4:2c:03:37:73:9a     *        br-lan
XXX.XXX.XXX.XXX  0x1         0x0         00:00:00:00:00:00     *        br-lan     <---- Internet IP
XXX.XXX.XXX.XXX  0x1         0x2         00:14:f1:eb:db:d9     *        eth0.100   <---- next hop/default gateway
192.168.1.4      0x1         0x2         58:b0:35:78:70:0a     *        br-lan
10.0.0.166       0x1         0x2         00:56:cd:40:17:16     *        br-guest
192.168.1.231    0x1         0x2         b0:c0:90:ae:49:49     *        br-lan
192.168.1.185    0x1         0x0         a4:e4:b8:0b:9f:5f     *        br-lan
192.168.1.5      0x1         0x2         00:11:32:1d:6d:7e     *        br-lan
192.168.1.132    0x1         0x0         9c:4e:36:1c:52:b8     *        br-lan
192.168.1.112    0x1         0x0         a8:20:66:35:2e:8a     *        br-lan
10.0.0.207       0x1         0x0         f0:24:75:84:20:a1     *        br-guest
192.168.1.166    0x1         0x0         00:56:cd:40:17:16     *        br-lan
192.168.1.253    0x1         0x2         18:a6:f7:e0:a6:4d     *        br-lan      <------ TL-SG108E (connected to TL-SG1024DE)
192.168.1.13     0x1         0x2         00:0b:82:5b:17:22     *        br-lan
192.168.1.160    0x1         0x0         4c:25:78:7c:9c:90     *        br-lan
192.168.1.207    0x1         0x0         f0:24:75:84:20:a1     *        br-lan
10.0.0.2         0x1         0x2         10:fe:ed:89:17:94     *        br-guest
192.168.1.167    0x1         0x0         5c:c5:d4:9b:55:28     *        br-lan
192.168.1.254    0x1         0x0         00:00:00:00:00:00     *        br-lan      <------ TL-SG1024DE
192.168.1.174    0x1         0x2         44:61:32:cd:39:a2     *        br-lan
192.168.1.114    0x1         0x0         c4:2c:03:37:73:9a     *        br-lan
192.168.1.2      0x1         0x2         10:fe:ed:89:17:94     *        br-lan
root@router1:~#

so the fact that the MAC is not showing up makes we wonder if the switch can tag its own management interface packets or something like that.

(Last edited by bolmsted on 22 Aug 2016, 17:17)

Post #6
Foobartender
9 Sep 2016, 16:45

I didn't read everything, I just stumbled upon this while googling for problems with the TL-SG108E. Throw it out. I have a TP-Link Archer C7 router with OpenWrt and a TL-SG108E switch. The router could ping my PC on the link-local IPv6, but not on the global IPv6. "ip neigh show" showed FAILED for the global IPv6. Thus, IPv6 internet didn't work, too. I replaced the switch with a dumb switch. Problem solved, and it's reproducible.

(Last edited by Foobartender on 9 Sep 2016, 16:49)

Post #7
bolmsted
9 Sep 2016, 17:07

Thanks.   I think everything is working except the ability to get to the switch management IP from the router (OpenWRT) or its physical ports/wifi.   I have a case open with tplink but the 2nd level guy thinks it may be a limitation of the TL-1024DE V1 switch and I said well I'm trying to do something that I should be able to do and I asked if it is a V1 limitation could they send me out a V2 switch but they are consulting with the engineering and product teams.

The discussion might have continued from here.