Unable to activate VLAN Filtering on br-lan

[andreklug]

Hi @dangowrt

I have 3 similar devices of which on one I was able to activate VLAN filtering after several reset / restore procedures. The first symptom is that trying to save the br-lan device setting after enabling VLAN-Filtering does not close the window, when hitting save again every time a new set of changes is created. When I hit Save one time, then dismiss and refresh the page, 4 or 5 changes are being displayed ok. Applying the settings never works, it tries to do this for 90 seconds and then rolls back. Usually for my convenience I do an opkg update after a fresh install and then opkg remove wpad* && opkg install wpad-openssl luci-theme-openwrt-2020 openssh-sftp-server nano-plus **ip-full** rpcd-mod-file uhttpd-mod-ubusbut this doesn't make any difference.

I even went back to a fresh install including the recovery image first and then the sysupgrade image without any change in the result. Forcing the settings results in this:

In another attempt I pasted the config (taken from the working device) right under the existing network settings. Rebooting after this results in the device not being reachable anymore.

config interface 'loopback'
    option device 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd49:3847:aab9::/48'

config device
    option name 'br-lan'
    option type 'bridge'
    list ports 'lan1'
    list ports 'lan2'
    list ports 'lan3'
    list ports 'lan4'

config interface 'lan'
    option device 'br-lan'
    option proto 'static'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option ipaddr '192.168.11.5'
    option gateway '192.168.11.1'
    list dns '192.168.11.10'

config bridge-vlan
    option device 'br-lan'
    option vlan '10'
    list ports 'lan1:t'

config device
    option type '8021q'
    option ifname 'br-lan'
    option vid '10'
    option name 'br-lan.10'
    option ipv6 '0'

config interface 'home'
    option proto 'none'
    option device 'br-lan.10'

As the AP doesn't boot up with the changes applied I cannot provide a dmesg. Is there anything else I could provide for debugging?

Thanks in advance! andre

[andreklug]

There is no bug and this is just another issue I created here based on my lack of knowledge, so closing it.

I am quite new to VLAN, so after my switches this is the first time I configured it on OpenWRT with DSA.

First mistake: One thing that wasn't clear to me is that when you enable VLAN filtering, the br-lan does not accept IP-packets on the "pure" br-lan anymore. This is why it looks like it's becoming unresponsive.

Second mistake: When I set up an unmanaged bridge first, where should the packets go? So the first VLAN that needs to be created as a managed VLAN interface inside the IP range that's defined for this network. For example, my br-lan IP address was 192.168.11.5/24 and my "admin" VLAN now has the ID 45 and (just for convenience, could be anything) an IP-range 192.168.45.0/24. Therefore the managed interface needs to get the IP 192.168.45.5 in my example.

And make sure the switch port is tagged for VLAN ID 45.

What in fact is an issue, but not related to dangoWRT is that when you try to enable VLAN filtering and hit "save", nothing happens. Hit Save only once! Then dismiss and go on, and check the number of changes - they are there. But only do this AFTER you have created the VLAN device ("Save & Apply" afterwards) and the managed interface (also "Save & Apply"). ONly when this is done and you see the interface with a MAC and IP Assigned go to br-lan and in a single step enable the filtering, add the VLAN ID, select tagged / untagged as needed. Hit Save once, if the window is not closed dismiss it, and then a last "save & Apply". NOW you need to open your new VLAN Interface IP in the browser before the rollback timeout occurs.

Hope this saves lifetime for someone else.