The VLAN (802.1ad) function of openwrt version 23.05.0 does not work properly.

[Tonkercke]

Describe the bug

When I use the openwrt 23.05.0 system, I need to create a lan2 network interface for IP address isolation. The steps are: first add a ‘VLAN (802.1ad) ’device, select eth0 as ‘Base device’ and save it, and then create a ‘Bridge device’. ‘Bridge ports’ select the eth0.1 just created, named br-lan2, and then save it. After adding the device, go back to Interfaces to add the lan2 interface, set the interface to a static address, and set the IP address to an address different from the lan. Finally, add a WiFi signal for broadcast in the wireless settings, and set the ‘network’ in the WiFi settings to lan2. After setting up, connect to WiFi on the PC.

Under normal circumstances, the PC-side wireless network card can quickly connect and obtain the IP address of lan2, but now it has been unable to obtain the IP address after connecting to WiFi. After repeated testing, the IP address cannot be obtained, and the IP address of the PC-side wireless network card is manually set. Can't log in to the console either.

It can be used normally under the openwrt 19 and openwrt 21 versions of the system by following the above steps, but after updating to openwrt 22.03.5 and the current openwrt 23.05.0 system, it cannot be used normally.

Note: Every time I upgrade, I manually reset all system settings. After reset, I still cannot use it after following the above steps.

OpenWrt version

openwrt 23.05

OpenWrt target/subtarget

openwrt 23.05.0

Device

xiaomi R3G,Netgear r8000,ac2100

Image kind

Self-built image

Steps to reproduce

No response

Actual behaviour

No response

Expected behaviour

No response

Additional info

No response

Diffconfig

No response

Terms

• [X] I am reporting an issue for OpenWrt, not an unsupported fork.

[vampubus]

If this device got converted to DSA try this:

Don't create vlan devices yourself. Create a bridge for your physical interface(s) (eg br-lan for lan1,... ), if it doesn't already exist, and use the tab 'bridge vlan filtering' to configure your VLANs there. Interfaces for the individual vlan bridges will appear automatically. DSA uses vlan aware bridges.

Edit: lan1, not eth0. See here https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial

[brada4]

from the picture eth0 looks like DSA switch. You need to assign DSA ports like LAN1 LAN2 LAN3 all @eth0 to partitions of your liking.

[Tonkercke]

If this device got converted to DSA try this:

Don't create vlan devices yourself. Create a bridge for your physical interface(s) (eg br-lan for lan1,... ), if it doesn't already exist, and use the tab 'bridge vlan filtering' to configure your VLANs there. Interfaces for the individual vlan bridges will appear automatically. DSA uses vlan aware bridges.

Edit: lan1, not eth0. See here https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial

Set up according to ' 2. Multiple bridged networks ' in the tutorial you provided, I set the first bridge device br-lan to the two physical ports lan1 and lan2, and set the 3rd lan physical port (lan3) to Create a new bridge device (br-office), then re-create a new interface (office), and finally set the WiFi network to the new office interface. After setting up, the PC still cannot obtain the IP address when connected to WiFi. I plugged the network cable into the lan3 interface. The PC still cannot obtain the IP address, but lan1 and lan2 under br-lan can obtain the IP address normally.

In addition, I found that the WiFi signal broadcast by the MT7603 network card device in redmi ac2100 and xiaomi R3G cannot be connected using the PC wireless network card. No matter whether the network in the WiFi settings is changed to lan or office, the connection cannot be made, or Can connect but cannot get IP address, only 5G signal, MT7612E and MT7615 can be used normally. However, the MT7603 network card can relay other wireless signals to access the Internet.

[brada4]

default is input/reject forward/reject for interface (bridge on your case, not cable socket) not assigned to firewall zones. It is under network/firewall, add new zone and add interface. Allow forwarding if/where intended.

-ad support is kind of clarified, you can make tagged/trunked interfaces out of DSA physical sockets

PS What I find strange there is no step-by-step in wiki on how to make a new LAN/DMZ/IOT bridge. Once you walk through it - it is like easy after.

[Tonkercke]

All communication rules of the firewall are disabled, and the outbound, inbound, and forwarding in the interface have been changed to 'accept', but the IP address is still unable to be obtained.

[brada4]

• check logread for dhcp requests
• check brctl that wlan is indeed in the bridge
• tcpdump on accesspoint and bridge interfaces.

[brada4]

R8000 is broadcom chipset and works differently. Can you edit original post to contain one you are editing here?

[Tonkercke]

Running 'brctl show' displays the following information:

root@OpenWrt:~# brctl show bridge name bridge id STP enabled interfaces br-lan 7fff.16c2c1a1a7c1 no lan2 lan3 lan1 br-ofiice 7fff.26a5ff334598 no wlan1-1

wlan1-1 is my wireless network name.

[brada4]

so you claim lan3 mysteriously does not get dhcp address. Reset configuration and redo whole setup again. Something is left from your -ad experiment and you are trying to conceal jumping image compatibility warning. Namely lan3 in brctl does not match config, interface name wlan2-5 is migrated from v22.

[Tonkercke]

Just now, I reset all the settings of the router and manually set up the interface, bridge, and wireless again. However, the newly created interface still cannot obtain an IP address.

I uploaded a copy of my relevant configuration files, please help me see where the problem lies.

config.zip

[brada4]

You need to connect wifi to a bridge in wifi config, not add as bridge port.

[brada4]

And click empty bridge checkbox for that bridge...

[brada4]

and accept input on office net, and probably allow forward to wan (see lan setup)

[Tonkercke]

According to your suggestion, I can finally obtain the IP address. Thank you very much.

[brada4]

you may now move physical port to the 'office' as intended in pictures. First remove from old bridge, save/apply, check brctl, then add/save and check command again.

[Tonkercke]

ok .