Hello! After updating from TOS 5 to 6, VLAN is not functioning.
LuCI still shows the VLAN interface but I cannot find it’s assigned ports (formerly unter “physical” tab) and I cannot reach the virtual network (one device has legs in both), and hosts inside the VLAN cannot connect to the Internet (which they need to via this one host that has legs in both nets).
Hello! The recent update with packages named fix- did not work it out.
The device on lan2.3 receives an IP address like in version 5, but connecting there results in “no route to host”. It cannot connect to it’s destinations in the Internet.
Do not hit the Save & Apply button yet, go back to Interfaces and update the LAN interface with the correct interface name (in my case default is VLAN 1), like this:
I am very grateful for your instructions and screenshots, hagrid! I could recreate it with VLAN-IDs and such as needed here. Traffic is flowing again, I would have never found that by myself in only one day. Thank you!
I’m trying to set this up, too, but all I get is a timeout and a rollback. I intend to have a separate interface that is not connected to LAN, but reachable via a tagged VLAN from one of the ethernet ports. The same ethernet port is usable as non-VLAN port. This has worked with 5.x.
What does your lan config look like? I noticed that now in my iot network wifi and wired devices can communicate. However in my lan they cannot. I removed the interface and added it again, I removed the wifi interfaces, added them again, no change, they cannot talk to each other. Then I noticed a difference. My iot interface seems to be a bridge while my lan interface doesnt. But I don’t understand why this is the case and where to configure it.
My config looks as follows:
config interface ‘IOT’
option device ‘br-lan.9’
option proto ‘static’
option ipaddr ‘172.21.1.254’
option netmask ‘255.255.255.0’
option type ‘bridge’
option defaultroute ‘0’
This is the generated config, note the option type bridge under iot.
I also noticed that when I edit the wifi networks, under iot it shows the wifi symbol:
While under lan it doesn’t show up even though I configured that wifi device to be in that network:
When I added the option type bridge manually to the network configuration they showed up in the symbols but it still didn’t work. So I suspect that there is a difference between those networks but I cannot find any on the luci config page.
I created both interfaces through luci, so I don’t understand why they’re different.
Also when I remove lan from the VLAN and just use br-lan directly adding the wifi networks works again. But then of course I can’t use the VLAN for my iot network anymore.
You are right, it doesn’t have the WIFI in my LAN bridge anymore, too. Haven’t noticed this, yet, but can confirm devices are not reaching each other from WIFI to LAN and vice versa. The lan section in the config looks like this now:
I tinkered a bit with the options up to the point that I wasn’t able to remove the VLAN filter and then locking myself out of the router.
I restored the last checkpoint and was able to reproduce the problem. What really bugs me is that when I recreated the interfaces the iot interface would still have the bridge option and work. Yet any additional interfaces I created didn’t have this option. I really cannot tell what is different between those.
I try to have a “regular” ethernet connection and a vlan on the same port. Each of those gets a separate wifi. When I configure “br-lan” with my lan network the lan network works with wifi but in the br-lan.9 vlan network (iot interface) wired devices cannot talk to wireless devices. When I use the solution proposed above by changing the lan interface to the br-lan.1 vlan and setting all ports to untagged, my iot network can suddently talk to wifi devices for some reason but now wired devices on br-lan.1 cannot talk to any wifi devices on wifis assigned to the lan network.
I quickly created a simple diagram that hopefully clarifies a bit. The server has a regular ethernet interface that does Internet, etc. It is connected to LAN (including the remaining ethernet ports) and Wifi1.
It also has a tagged VLAN on that same port that is connected to the IOT interface on the Turris. Added to this interface is a second Wifi interface. Both networks are separated.
This was a very simple setup on TOS 5. My naive approach was to simply add a vlan filter to br-lan that ONLY adds the tagged vlan on that port. But apparently this doesn’t work.
Tbh I don’t know how I make this setup work with the current version.
I also got problem with my VLAN config on TOS 6. I can give more details later but its a pretty simple wlan VLAN iptv config that stopped working so I reverted to 5.x,
Okay, I tried two configurations. After the last update the my initial configuration with having vlan filtering enabled on a device and then using the device with and without vlan didn’t apply anymore (not that it worked in the first place).
The default configuration doesn’t have the iot network and works fine for all devices connected to br-lan and W1-W3.
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'xxx::/48'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '172.22.1.254'
option delegate '0'
option device 'br-lan'
config interface 'wan'
option proto 'dhcp'
option ipv6 '0'
option device 'eth2'
config interface 'wan6'
option noserverunicast '1'
option proto 'none'
option device '@wan'
config interface 'guest_turris'
option enabled '0'
option proto 'static'
option ipaddr '10.111.222.1'
option netmask '255.255.255.0'
option device 'br-guest_turris'
config device 'br_lan'
option name 'br-lan'
list ports 'lan0'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
option type 'bridge'
config device 'br_guest_turris'
option name 'br-guest_turris'
option bridge_empty '1'
list ports 'guest_turris_0'
list ports 'guest_turris_1'
option type 'bridge'
I then added the vlans with tag 1 and 9. 1 is the “default” one that should make the switch ports behave as if there was no vlan, therefore it’s untagged. 9 is the vlan that is supposed to connect the lan port 4 and wifi W4 with the iot network:
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'xxx::/48'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '172.22.1.254'
option delegate '0'
option device 'br-lan.1'
config interface 'wan'
option proto 'dhcp'
option ipv6 '0'
option device 'eth2'
config interface 'wan6'
option noserverunicast '1'
option proto 'none'
option device '@wan'
config interface 'guest_turris'
option enabled '0'
option proto 'static'
option ipaddr '10.111.222.1'
option netmask '255.255.255.0'
option device 'br-guest_turris'
config device 'br_lan'
option name 'br-lan'
list ports 'lan0'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
option type 'bridge'
config device 'br_guest_turris'
option name 'br-guest_turris'
option bridge_empty '1'
list ports 'guest_turris_0'
list ports 'guest_turris_1'
option type 'bridge'
config interface 'iot'
option proto 'static'
option ipaddr '172.21.1.254'
option netmask '255.255.255.0'
option device 'br-lan.9'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan0:u*'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
config bridge-vlan
option device 'br-lan'
option vlan '9'
list ports 'lan4:t'
With this configuration devices from br-lan.9 can talk to devices in W4. But devices in br-lan.1 CANNOT talk to devices in W1-3 which has worked fine before.
All configurations are generated by luci. I did not change any firewall rules.
In one of my earlier posts I mentioned that br-lan.9 had the bridge option set while br-lan.1 didn’t. Initially I thought this might be a reason that one works and the other doesn’t. However in this config neither has this option set and it still behaves in the same way.
I hope this clears things up a bit. If you need more information, please ask.
I want to emphasize how important this step is. Without doing it that way you will loose access via the LAN ports…
@hagrid maybe TOS could be changed to use br-lan.1 for the LAN-bridge by default to make it easier for users to enable VLANs? (This comment also applies to upstream OpenWrt, but that might be something where TOS is willing to use a different default than upstream?)
@moeller0 This is exactly what I suggested to my colleagues, but nobody saw it as important. We had several discussions around this earlier this year. @pepe@miska
