OpenWrt Forum Archive

Topic: Seeting up a VLAN leads to router becoming inaccessible

The content of this topic has been archived on 5 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

I have two devices, TP-LINK TL-WR840N v9 and TL-WR941ND v5. Both of them have OpenWRT 15.05.1. I see CPU and ports 1–4 in the Switch menu. But if I add a VLAN to an interface – for example, with id 6 – and ‘save & apply’, I can see LuCI saving firewall changes, and that spinning wheel. It spins and spins, meanwhile I cannot ping the router any more. It doesn’t show any signs that it reboots, its leds flash as usual, the link led of the port my laptop is connected to, flashes too.

I cannot ping neither the 192.168.1.1, nor 192.168.6.1, which I assigned to the VLAN interface. To check this I’ve set up the same VLAN on my laptop ethernet card. If I reboot the router and listen the interfaces on my laptop, that should be connected to the router, there’s a short time when it checks for BOOTP and then – silence. Only igmp queries once per minute.

I do not touch VLAN 1. I’ve tried to mark as tagged for VLAN 6

  • all five ports;

  • only the CPU port –that should be the switch, if I understand right;

  • only the port I am currently connected to;

  • only another port that I am not connected to;

the result is the same: I cannot ping the router from any port, on any address it should have.

eth0 on my laptop has address 192.168.1.2/24 and eth0.6 has 192.168.6.2/24, while the LAN bridge on the router has 192.168.1.1/24 (default), and the other interface I created specifically for router’s VLAN is assigned 192.168.6.1/24.

I thought, maybe I was doing something wrong, but I’ve read and watched several guides, and in all of them the setup of VLANs looks pretty simple and straightforward. So am I doing something wrong, or I’m just unlucky with my hardware?

My incredible powers of deduction have lead me to believe that you are doing something wrong. This is based on the fact that you didn't provide any evidence otherwise.

No help in = no help out.

Post your configs.

If you tag external ports, only computers also tagging their packets can reach the router.
If you tab internal ports, you must reconfigure your networks to use interfaces ethx.y instead of ethx.

jmomo wrote:

My incredible powers of deduction have lead me to believe that you are doing something wrong. This is based on the fact that you didn't provide any evidence otherwise

Ehe-he… I could take a short video with me saving settings and waiting by my laptop for ten minutes, moving camera from the laptop to the router and back from time to time, but I have doubts, that it would help anybody in diagnosis.

jmomo wrote:

Post your configs.

As I said, the LuCI just hangs when I press Save & Apply, and the Save buton alone doesn’t seem to have efeect on actual files, because when I donwload them they look untouched. So I can only provide you with the diff from LuCI.

Here I destroyed the LAN bridge and made it only ‘LAN’ interface. ‘LAN’ means eth1 in this case. The sixth VLAN on eth1 I joined with wireless interface to a new bridge. The whole purpose of this setup is making AP for guests, I’ve created 6th VLAN on the office router and started a separate DHCP server there, AP should be accessible for management from the office LAN, i.e. via eth1, but the guests should only go to the sixth VLAN.

http://i.imgur.com/v8qdQNl.png

eduperez wrote:

If you tag external ports, only computers also tagging their packets can reach the router.
If you tab internal ports, you must reconfigure your networks to use interfaces ethx.y instead of ethx.

I think I’ve mentioned that I configured the ethernet port on my laptop to get up the corresponding VLAN interface.

Hey there.

Any news on this, fgsfds?
I'm in the same situation here. Lucky me, I found this thread before trying to get my production 941ND ( stock firmware yet ) messed up...

msilveirabr wrote:

Hey there.

Any news on this, fgsfds?
I'm in the same situation here. Lucky me, I found this thread before trying to get my production 941ND ( stock firmware yet ) messed up...

No. For 941 I’d advise using stock fw.

I think I've just hit the sweet spot:

I was following this guide: wiki.openwrt.org/doc/howto/wireless.security.8021x

Because as you can see, I wish to have it working better than an ubiquiti AP ( I'm serious! )

1st error I took a time to figure out was the fact that I was not setting the lan ports to tagged.
2nd error was trying to achieve this using the GUI.... Believe me, I think this is only doable in command line
3rd "error" :  There is is a logic/hard ( not sure ) limit of VLANs number... it is limited to VLAN 1-15.

Here's a working /etc/config/network using eth0 ( LAN PORTS ) for 841ND v7.2 :


config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd0d:eed1:85db::/48'

config interface 'vlan1'
        option ifname 'eth0.1'
        option force_link '1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.69.121'
        option dns '192.168.69.1'
        option gateway '192.168.69.1'
        option broadcast '192.168.69.255'

config interface 'vlan13'
        option proto 'static'
        option ipaddr '192.168.213.253'
        option netmask '255.255.255.0'
        option type 'bridge'
        option ifname 'eth0.13'

config interface 'vlan14'
        option proto 'static'
        option ipaddr '192.168.214.253'
        option netmask '255.255.255.0'
        option type 'bridge'
        option ifname 'eth0.14'

config interface 'vlan15'
        option proto 'static'
        option ipaddr '192.168.215.253'
        option netmask '255.255.255.0'
        option type 'bridge'
        option ifname 'eth0.15'

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth1'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 1 2 3 4'

config switch_vlan
        option device 'switch0'
        option vlan '13'
        option ports '0t 1t 2t'

config switch_vlan
        option device 'switch0'
        option vlan '14'
        option ports '0t 1t 2t'

config switch_vlan
        option device 'switch0'
        option vlan '15'
        option ports '0t 1t 2t'

I have managed switchs for testing, so this config requires tagge VLANs 13,14,15 at the switch's port to work.
smile

I made quite a miracle bringing this device back to life... I had to remove the network transceiver for ports 3 and 4 ( it was getting "stuck", making the device inaccessible ) and WAN port is not working too!

I'm learning about 802.1X and I am amazed at how openwrt might work with this big_smile

Have fun!

The discussion might have continued from here.