OpenWrt Forum Archive

Topic: Problem with WAN Iface

The content of this topic has been archived on 11 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hi all!

I have a problem with the WAN Iface on TP-Link 1403ND (v1.x).
I want to have my uplink for 2 VLAN's on WAN iface (VLAN 5 and VLAN 15) and have there my 'admin' IP. The 'normal' ports of the router I want to use for devices they doesnt support tagging. (port 1/2 untagged vlan 5, port 3/4 untagged vlan 15).

It is possible?

My config doesnt work for this:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd38:0f06:810b::/48'

config interface 'lan'
        option ifname 'eth0.1'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.50.9'
        option gateway '192.168.50.2'
        option dns '192.168.50.10 192.168.50.210'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
        option mirror_source_port '0'
        option mirror_monitor_port '0'
        option enable_vlan4k '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 5t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5t'

config switch_vlan
        option device 'switch0'
        option vlan '5'
        option ports '0t 5t'

config switch_vlan
        option device 'switch0'
        option ports '0t 5t'
        option vlan '15'

config interface 'root'
        option proto 'none'

config interface 'uplink'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.50.5'
        option netmask '255.255.255.0'
        option gateway '192.168.50.2'
        option broadcast '192.168.50.255'
        option dns '192.168.50.10 192.168.50.210'
        option _orig_ifname 'eth0.15 eth0.5'
        option _orig_bridge 'true'
        option ifname 'eth0.15 eth0.2 eth0.5'

The LAN iface has the IP only for backup til the WAN iface is accessible. What Im doing wrong?

BTW: I dont need VLAN 1 and 2, it is possible to delete them?

TiA
Greetz

Morbid Angel wrote:

The LAN iface has the IP only for backup til the WAN iface is accessible. What Im doing wrong?

You really should not have the same network range on two different interfaces.

When you do this kind of a configuration, then the routing table of your router (i.e. "To what interface should I send this packet, which is going to X.X.X.X?") is pretty messed up.

This is especially true for packets that are destined to external addresses that can only be reached through a specific port (DNS queries, external website requests and so on). Your router will select the interface with the lowest metric value, and since you are not setting the metric value explicitly, then DNS queries which should go to '192.168.50.10' might never reach their destination, because the packet was routed out of the LAN-side ports, and the target host cannot be found from there.

Do you need a static IP on your WAN? If so, configure it correctly according to the upper level network's requirements. You most likely do need static IP on the LAN side as well, and it should be different from the WAN range. Just choose a different third octet (e.g. 192.168.100.X) and enable DHCP on the LAN side -> Your router will remain accessible from the LAN side just fine, and you can use this access route until you get the WAN access configured correctly.

Morbid Angel wrote:

BTW: I dont need VLAN 1 and 2, it is possible to delete them?

VLAN ID 1 is currently used to identify traffic coming in from the ports assigned to LAN. You should not remove it, as then the ports 1, 2, 3 and 4  on the switch would end up in an undetermined state and you switch might do weird things. VLAN ID 2 can be removed: it is not really being used, since only the port 5 is in the list, and that's the CPU-facing port. If you remove VLAN ID 2, you should also remove "eth0.2" from the "uplink"'s list of interfaces.

Hi

as I said, the IP on LAN iface was only unitl the wan uplink wasnt working.

Now it works all with this config:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd38:0f06:810b::/48'

config interface 'lan'
        option _orig_ifname 'eth0.1'
        option _orig_bridge 'false'
        option type 'bridge'
        option ifname 'eth0.1 eth0.15 eth0.5'
        option proto 'none'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
        option mirror_source_port '0'
        option mirror_monitor_port '0'
        option enable_vlan4k '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 4 5t'

config switch_vlan
        option device 'switch0'
        option vlan '5'
        option ports '0t 5t'

config switch_vlan
        option device 'switch0'
        option ports '0t 5t'
        option vlan '15'

config interface 'root'
        option proto 'none'

config interface 'uplink'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.50.5'
        option netmask '255.255.255.0'
        option gateway '192.168.50.2'
        option broadcast '192.168.50.255'
        option dns '192.168.50.10 192.168.50.210'
        option _orig_ifname 'eth0.15 eth0.5'
        option _orig_bridge 'true'
        option ifname 'eth0.1 eth0.15 eth0.5'

Looks like a dummy switch config to me. But if it works the way you want to, then all is fine, I guess smile

The discussion might have continued from here.