Modify

Opened 6 years ago

Last modified 2 years ago

#9477 reopened defect

WNDR3700 (v1) switch issues.

Reported by: Litch Owned by: juhosg
Priority: response-needed Milestone: Barrier Breaker 14.07
Component: kernel Version: Trunk
Keywords: wndr3700 rtl3866s switch vlan arp Cc: kyle@…

Description

Well I've read http://wiki.openwrt.org/toh/netgear/wndr3700#switch.ports.for.vlans about 10 times and it still doesn't help...

Basically I want this from my router:

Ports: 1-4 (Software ports 3-0; eth0) = VLAN None (LAN+WiFi), VLAN 5 Tagged
Port: WAN (Software port eth1) = VLAN 5 access port (Cisco terminology, meaning untagged VLAN 5)

#####################################
My config:
#####################################

config interface lan

option ifname eth0.1
option type bridge
option proto static
option ipaddr 192.168.30.254
option netmask 255.255.255.0

config interface wan

option ifname eth1

config interface vlan5

option type bridge
option ifname "eth0.5 eth1"

config switch

option name rtl8366s
option reset 1
option enable_vlan 1
option blinkrate 2

config switch_vlan

option device rtl8366s
option vlan 0
option ports "5*"

config switch_vlan

option device rtl8366s
option vlan 1
option ports "0 1 2 3 5t"

config switch_vlan

option device rtl8366s
option vlan 5
option ports "3t 5t"

#####################################
End.
#####################################

  • Now Port 1 is connected back to a managed HP switch with the HP's uplink to the WNDR3700 set to: VLAN30 Untagged, VLAN5 Tagged
  • The switch has an IP of 192.168.30.2/24 on it's vlan30 interface
  • VLAN 5 and VLAN 30 is trunked to a linux gateway via the HP switch.
  • Internet is active (VLAN 5 works fine)

Here's the issue:

  • Wireless devices connected to the WNDR (VLAN30) can access the WNDR but no further
  • The linux firewall cannot access the WNDR or anything after that on VLAN30
  • If I run a ping from the WNDR to the linux firewall or the switch on it's respective VLAN 30 address I can pack sniff ARP packets asking "Who has 192.168.30.1 (the firewall); The firewall responds (192.168.30.1 is at X:X:X:X:X:X)" but the WNDR doesn't even register the ARP packet sent back.

I've checked all the /proc/sys/net/ipv4/conf values, and I've checked the switch config over and over again (It was working fine with the previous device; a WRT54G2)
I've also checked the output of swconfig

VLAN 1:

"Ports "01235t"

VLAN 5:

"Ports 0t1t2t3t5t"

I've also seen a lot of post around various forums detailing issues with the switch device the WNDR has, but I assumed it has been resolve by now.

Attachments (0)

Change History (14)

comment:1 Changed 6 years ago by Litch

*UPDATES*

So I've done some methodical elimination...

I've plugged a PC directly into the WNDR and connected another via wlan0.

I packet trace on the cabled PC and try and ping the br-lan interface (192.168.30.254/24).

I see ARP requests for 192.168.30.254 from the PC; There are no ARP replies from the Netgear.

I plug in to the WAN port (Bridged with VLAN5 (native)) - it replies with ARP but pings fail, the arp table on the PC timesout and the process repeats.

I am at a loss here so I've moved it from the forum to the bugtracking system as I assume it's more of a bug that a configuration error.

-Litch

comment:2 Changed 6 years ago by Litch

*UPDATED*

  • Re-formatted network config as it became garbled above.
  • Config has also changed.
  • Tried this config and plugged in to the WAN port and tried to ping 192.168.100.254 - same result; no arp response.

config interface lan

option ifname eth0.1
option type bridge
option proto static
option ipaddr 192.168.30.254
option netmask 255.255.255.0

config interface wan

option ifname eth1

config interface vlan5

option type bridge
option ifname "eth0.5 eth1"
option ipaddr 192.168.100.254
option netmask 255.255.255.0

config switch

option name rtl8366s
option reset 1
option enable_vlan 1
option blinkrate 2

config switch_vlan

option device rtl8366s
option vlan 0
option ports '5*'

config switch_vlan

option device rtl8366s
option vlan 1
option ports '0 1 2 3 5t'

config switch_vlan

option device rtl8366s
option vlan 5
option ports '0t 1t 2t 3t 5t'

comment:3 Changed 6 years ago by Litch

ok, looks like trac hates my formatting.

3rd attempt:

config interface lan

option ifname eth0.1
option type bridge
option proto static
option ipaddr 192.168.30.254
option netmask 255.255.255.0


config interface wan

option ifname eth1


config interface vlan5

option type bridge
option ifname "eth0.5 eth1"
option ipaddr 192.168.100.254
option netmask 255.255.255.0


config switch

option name rtl8366s
option reset 1
option enable_vlan 1
option blinkrate 2


config switch_vlan

option device rtl8366s
option vlan 0
option ports '5*'


config switch_vlan

option device rtl8366s
option vlan 1
option ports '0 1 2 3 5t'


config switch_vlan

option device rtl8366s
option vlan 5
option ports '0t 1t 2t 3t 5t'


comment:4 Changed 6 years ago by jow

  • Owner changed from developers to juhosg
  • Status changed from new to assigned

comment:5 Changed 5 years ago by nbd

  • Resolution set to worksforme
  • Status changed from assigned to closed

making ports untagged and tagged at the same time is not supported, this is probably causing your issues.

comment:6 Changed 5 years ago by true_openwrtdev@…

I have this same issue. In addition, I have the issue when trying to use a trunk on more than one port WITHOUT untagged VLANs, so there's something wrong with OpenWrt's config system for setting this up.

* vlan5 is option ports '0t 1t 2t 3t 5t'
* vlan6 is option ports '0t 1t 2t 3t 5t'

root@main-wap:~# swconfig dev rtl8366s vlan 5 show
VLAN 5:
        info: VLAN 5: Ports: '', members=002f, untag=000f, fid=0
        fid: 0
        ports: 

root@main-wap:~# swconfig dev rtl8366s vlan 6 show
VLAN 6:
        info: VLAN 6: Ports: '0t1t2t3t5t', members=002f, untag=0000, fid=0
        fid: 0
        ports: 0t 1t 2t 3t 5t

So something isn't being set right.

WORKAROUND:
Yes, having tagged VLANs on a port taking part of an untagged VLAN is a normal operating mode. But OpenWRT's config system doesn't seem to support it correctly. The switch works fine with it, though.

I've set up /etc/config/network with my interface bridges as I think it should be. (This WAP is being used for private LAN and guest internet access):

config 'interface' 'lan'
        option 'ifname' 'eth0.5'
        option 'type' 'bridge'
        option 'proto' 'static'
        option 'ipaddr' '192.168.5.6'
        option 'netmask' '255.255.255.0'
        option 'gateway' '192.168.5.10'
        list 'dns' '192.168.5.10'

config 'interface' 'public'
        option 'ifname' 'eth0.6'
        option 'type' 'bridge'
        option 'proto' 'static'
        option 'ipaddr' '192.168.6.6'
        option 'netmask' '255.255.255.0'
        option 'gateway' '192.168.6.1'
        list 'dns' '192.168.6.1'

Next I stuck the following in /etc/rc.local to get my VLANs operating at all.

# this should be on but forcing it anyway
swconfig dev rtl8366s set enable_vlan 1
# set port vlan settings
swconfig dev rtl8366s vlan 5 set ports '0 1 2 3 5t'
swconfig dev rtl8366s vlan 6 set ports '0t 1t 2t 3t 5t'
# set untagged vlan ports to correct PVID
swconfig dev rtl8366s port 0 set pvid 5
swconfig dev rtl8366s port 1 set pvid 5
swconfig dev rtl8366s port 2 set pvid 5
swconfig dev rtl8366s port 3 set pvid 5
# is this necessary?
swconfig dev rtl8366s set apply 1

Results:

root@main-wap:~# swconfig dev rtl8366s vlan 5 show
VLAN 5:
        info: VLAN 5: Ports: '01235t', members=002f, untag=000f, fid=0
        fid: 0
        ports: 0 1 2 3 5t

root@main-wap:~# swconfig dev rtl8366s vlan 6 show
VLAN 6:
        info: VLAN 6: Ports: '0t1t2t3t5t', members=002f, untag=0000, fid=0
        fid: 0
        ports: 0t 1t 2t 3t 5t

root@main-wap:~# ping 192.168.5.10 ***THIS IS A ROUTER ACROSS 2 SWITCHES***
PING 192.168.5.10 (192.168.5.10): 56 data bytes
64 bytes from 192.168.5.10: seq=0 ttl=64 time=0.423 ms
^C
--- 192.168.5.10 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.423/0.423/0.423 ms

root@main-wap:~# ping 192.168.6.1 ***THIS IS A ROUTER ACROSS 2 SWITCHES***
PING 192.168.6.1 (192.168.6.1): 56 data bytes
64 bytes from 192.168.6.1: seq=0 ttl=64 time=0.373 ms
^C
--- 192.168.6.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.373/0.373/0.373 ms

My switch that the WNDR3700 is plugged into is configured for VLAN5 untagged, VLAN6 tagged on this port. I can properly see this device from each respective VLAN on it's respective IP across the network, and I've set up my wireless to bridge to these LANs and it functions properly, so this makes it work.

comment:7 Changed 4 years ago by apm@…

  • Resolution worksforme deleted
  • Status changed from closed to reopened

Why is this closed?

" ...making ports untagged and tagged at the same time is not supported, this is probably causing your issues."

That may be, but there's still problems.

On a WNDR3800 using AArc1 I try having VLAN 1,2,4 tagged on port 3(casing port 1). No untagged VLANs at that port.
VLAN 1 is untagged at port 0(casing 4).

So the config is:

config switch_vlan
        option device 'rtl8366s'
        option vlan '1'
        option ports '0 3t 5t'

But swconfig shows:

VLAN 1:
        info: VLAN 1: Ports: '03t5t', members=0029, untag=0001, fid=0
        fid: 0
        ports: 0 3 5t


So the router answers ARP request coming in tagged (1) with untagged replies, confusing the switch it's talking to.

comment:8 Changed 4 years ago by jow

  • Priority changed from high to response-needed
  • Version changed from Backfire 10.03.1 RC4 to Trunk

Attach the *complete* configuration, also did you reboot after doing your changes to the config?

comment:9 Changed 4 years ago by anonymous

Hmm... I'm almost certain I've rebooted, since the change since the router was turned of at night.
However. When I booted the router this evening it came up with the correct tagging on port 3 for VLAN1.
So, - I'm having rouble reproducing the state where I had UCI saying "tagged" and the port showing untagged with swconfig. (changed were made with LUCI btw.)

The last change made to the port in LUCI was to tag VLAN1 on port 3, from a state where the port had mixed tagged/untagged VLANs. (to the state were all VLANs on the port were tagged).

So, it might just be a bug for LUCI saving-n-applying changes, when coming from the unsupported situation requiring a reboot.
I'll return when/if I manage to reproduce it.

Sorry for the inconvenience so far.

comment:10 Changed 4 years ago by anonymous user 2

Hello,
(another user here)

I've actually had a lot of similar issues. It started with getting sporadic results while trying to bridge all switch ports.

Since I haven't been able to properly reproduce all scenarios (it "sometimes" work, and "sometimes" doesn't), I haven't replied yet, but as soon as I have enough to go on I will reply both here and in the forums.

https://forum.openwrt.org/viewtopic.php?id=42273 (contains configs)

comment:11 Changed 4 years ago by apm@…

First... sorry for forgetting not being anonymous in my previous reply.

So... another couple of evenings experiments show that the problems are way more complex than just re-opening this bug report.

First: I can confirm that making changes via LuCI doesn't always take effect before a reboot. I just added a VLAN5 (tagged) to port3 which only contained tagged VLANs and swconfig showed no ports at all for VLAN5 until I rebooted.

Secondly: I then tried bridging VLAN1 (untagged on port 0) with VLAN5 (tagged on port 3) and that broke ARP. I was not able to get in touch with the router at all until I manually added the MAC address to my arp cache on my workstation.

Third: Thinking that the bridge was a bad idea, I "un-bridged" the interfaces in LuCI and instead I added both the VLAN1 IP and the VLAN5 IP as listeners to uhttpd (thinking that now I still had access to the web-interface at both port 0 and 3). ... then I rebooted.
The result was that no interface at all worked for any IP. So I couldn't get in touch with the router. I then went for "failsafe" mode (a really good idea - cudos) ... AND! I discovered that there was not /etc/config/networok AT ALL. - *gone*

Conclussion: It's possible via the LuCI interface to get into a situation where the network configuration is gone. No config file exists.

comment:12 Changed 4 years ago by apm@…

Oh ... stupid me ...

I realize that failsafe mode is implemented by not mounting my filesystem :)

Anyway ... The "secondly" point still holds.

comment:13 Changed 4 years ago by apm@…

Ok ... wrt. to no ARP replies being sent if I bridge VLAN1 and VLAN5, I suspect this:
https://forum.openwrt.org/viewtopic.php?id=28218

It works if I Disable learning.

However it also works if I set arp_ignore to 0 for eth0.1 and eth0.5 ... which puzzles me. shouldn't it be overridden by conf/all/arp_ignore=1 ?

So maybe bridging 2 VLANs on the switch on a WNDR3x00 just isn't a good idea.

comment:14 Changed 2 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as reopened .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.