OpenWrt Forum Archive

Topic: Can't create vlan's

The content of this topic has been archived on 7 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hi

My router is a TP-Link TL-WR841N/ND v9 with Chaos Calmer 15.05, and I'm struggling to set 2 working vlan's.

After applying the configuration below and reboot I lose connectivity to the router on all ports.


/etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option ifname 'eth1.1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.2.254'
        option netmask '255.255.255.0'
       
config interface 'lan2'
        option ifname 'eth1.2'
        option type 'bridge'
        option proto 'static'
        option ipaddr '10.0.0.254'
        option netmask '255.255.255.0'
                                               
config interface 'wan'
        option ifname 'eth0'
        option proto 'dhcp'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan 'eth1_1'
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 0t'
       
config switch_vlan 'eth1_2'
        option device 'switch0'
        option vlan '2'
        option ports '4 0t'

adding to /etc/config/firewall

config zone
      option name 'lan2'
      option network 'lan2'
      option input 'ACCEPT'
      option output 'ACCEPT'
      option forward 'REJECT'

adding to /etc/config/dhcp

config dhcp 'lan2'
      option interface 'lan2'
      option start '200'     
      option limit '250'
      option leasetime '12h'

Is there any problem with this configuration?

Many thanks,

Silva

(Last edited by thxred on 27 Nov 2016, 01:58)

Switch configuration seems to be ok.
I know some switches can hang if used with multiple VLANs.
I experienced that with rtl8366 on dir-825 and wndr3700/3800.
Check dmesg to find out what switch is used on your router.

What I have here :

[    3.137821] Realtek RTL8366S ethernet switch driver version 0.2.2
[    3.153108] rtl8366s rtl8366s: using GPIO pins 5 (SDA) and 7 (SCK)
[    3.159567] rtl8366s rtl8366s: RTL8366 ver. 1 chip found
[    3.172471] rtl8366s rtl8366s: applying initvals


Some revisions connect eth0 to wan, some eth1. Check if your router connects eth1 to lan

(Last edited by bolvan on 27 Nov 2016, 10:21)

yes, the wan is connected to eth1, I've made the correction, but still have no connection after reboot..

The router uses a AR934X "switch0"

Correction to /etc/config/network

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp

This is my default configuration after resetting

/etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd3f:e7c3:4d9e::/48'

config interface 'lan'
        option ifname 'eth0'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth1'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 4'

/etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fe80::/10'
        option src_port '547'
        option dest_ip 'fe80::/10'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

/etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

Many thanks,
Silva

config interface 'lan'
        option ifname 'eth0.1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 1 2 3 4'

If that does not work then your switch is likely broken or not properly supported

Set up a WLAN into lan so you have a way to log into the router if ethernets stop working.  Then you can do things like check ifconfig and brctl to see if the interfaces that you wanted were actually created.

If at all possible, the most certain way to configure your switch is the LuCI switch configuration page.  Also on that page you can watch the status icons as you plug a live cable into each port one at a time to confirm how the physical ports correspond to the port numbers.

You should not need to do anything with the firewall to be able to ping and SSH the router (if SSH is configured to "any" interface) on a local port that you've set a static IP.   Set your PC to static IP as well to eliminate the possibility that the router is not DHCP serving.

(Last edited by mk24 on 27 Nov 2016, 18:09)

The discussion might have continued from here.