LAN4 -> ETH2 is not working (not an hardware issue)

Hi,

I want to use LAN4 as a DMZ so I create new VLAN (id 3) and I set the switch with everything off except port 4 (untagged) and port 6 (tagged). Then I add an interface using eth0.3 as physical interfaces.

I plug a box on LAN4 (and I tried also with a laptop) and I didn’t receive any DHCP-OFFER but on main interface settings on LuCi I can see this interface has some TX: value but RX: is always 0.

So, I don’t know if I missed something but the behavior is strange. Have you any idea to fix that issue ?

Cheers,

Can be you need use eth2.3 and not eth0.3?

Well, I don’t know but I can’t see any eth2.3. For my understanding, eth0 and eth2 are on the switch (but not through the same chip). So After creating VLAN id 3 I was surprised to find eth0.3 and not eth2.3. So I don’t know if I missed something.

Why create a new VLAN with LAN4 and eth0 when LAN4 and eth2 are already connected and isolated?

The corrected version of my out-of-the-box network switch configuration graphic:

blue is VLAN 1, red is VLAN 2, all ports are untagged

Well I’m ok with your settings but the fact is I was using eth2 without vlan and I got the same behavior described in my first post.

I use eth0 for LAN and servers and I’d like eth2 for dmz but I’m stuck with RX:0 and I’m wondering if I forgot something.

Take the first image of VOIP and IPTV VLANs on separate physical ports as reference for the VLAN config. The number 243 does not matter. It is default 1 and 2. Only the first image counts. Ignore the rest.

This is how the vlan config for the switch should look like for your configuration. Then check if eth2 is part of br-lan (lan interface). If it is remove it there.

Well I don’t think the issue come from the switch configuration. I use two VLANs, one for the LAN and one for the servers. It works well.

Now, VLAN or not I have no DHCP on eth2 and I don’t think the issue is DHCP because on eth2 interface I have RX: 0 (if config and luci). TX seems ok.

So is it ok to have RX:0 on eth2 when a box try to get an IP address ?

RX:0 means it never received anything so the DHCP can’t answer.

Well this is the problem. I remove the VLAN for Port 4. So I use eth2 directly. I plug a laptop and “dhcpcd -t 10 -d eth0” the laptop get the default IP address (169…) and on LuCi and ifconfig I got RX:0.

Hi,

After updated the router the problem still persist. So I can’t get anything to work from eth2 (port 4). I plug a box and that port and no dhcp answer so I tried with my laptop and I got the same issue. By looking that interface on luci and through ifconfig the only strange things is RX field with a value of 0.

So I checked the log but it reveals nothing. Do you have an idea to debug that ?

By default, eth2 is part of lan bridge. If you taken it out of the brigde, you have to create a new logical interface for it, set up some non-overlapping IP range and also set a new DHCP pool and firewall zone.

Well I did that.

I’ll try to make some screenshot of my config.

You could cut and paste /etc/config/network and /etc/config/wireless to here. Remember to remove password and other sensitive information before pasting them to here.

root@turris:/etc/config# cat network

config interface ‘loopback’
option ifname ‘lo’
option proto ‘static’
option ipaddr ‘127.0.0.1’
option netmask ‘255.0.0.0’

config globals ‘globals’
option ula_prefix ‘fd38:370f:9ce4::/48’

config interface ‘lan’
option force_link ‘1’
option type ‘bridge’
option proto ‘static’
option netmask ‘255.255.255.0’
option ip6assign ‘60’
option ipaddr ‘10.10.1.1’
option _orig_ifname ‘eth0 eth2 radio0.network1 radio1.network1’
option _orig_bridge ‘true’
option ifname ‘eth0.1’

config interface ‘wan’
option proto ‘dhcp’
option _orig_ifname ‘eth1’
option _orig_bridge ‘false’
option ifname ‘eth1’

config switch
option name ‘switch0’
option reset ‘1’
option enable_vlan ‘1’

config switch_vlan
option device ‘switch0’
option vlan ‘1’
option ports ‘0 5t’
option vid ‘1’

config switch_vlan
option device ‘switch0’
option vlan ‘2’
option ports ‘1 5t’
option vid ‘2’

config interface ‘server’
option proto ‘static’
option ifname ‘eth0.2’
option ipaddr ‘10.10.2.1’
option netmask ‘255.255.255.0’
option type ‘bridge’

config interface ‘dmz’
option proto ‘static’
option ipaddr ‘10.10.3.1’
option netmask ‘255.255.255.0’
option _orig_ifname ‘eth2’
option _orig_bridge ‘true’
option ifname ‘eth2’

config interface ‘wifi01’
option type ‘bridge’
option proto ‘static’
option ipaddr ‘10.10.4.1’
option netmask ‘255.255.255.0’
option _orig_ifname ‘wlan0’
option _orig_bridge ‘true’

root@turris:/etc/config# cat wireless

config wifi-device ‘radio0’
option type ‘mac80211’
option hwmode ‘11a’
option path ‘platform/soc/soc:pcie-controller/pci0000:00/0000:00:02.0/0000:02:00.0’
option htmode ‘VHT80’
option txpower ‘23’
option channel ‘xxx’
option country ‘xx’

config wifi-iface
option device ‘radio0’
option mode ‘ap’
option ssid ‘xxx’
option encryption ‘psk2+tkip+ccmp’
option key ‘xxx’
option network ‘wifi01’

The internal switch configuration doesn’t match what you want to do.

The port LAN4 (port 4) is not connected to anywhere. And the same for eth2 (port 6).

Without checking or testing try adding something like this to first fix the switch configuration:

config switch_vlan
     option device 'switch0'
     option vlan '3'
     option ports '4 6t'
     option vid '3'

I tried that setting before. So now I have eth0.3 with that setting. So I add my interface on that VLAN through luci in physical settings.
The issue remain the same that interface is not receiving anything so RX remains to 0.

Try next:

config interface 'lan'
     option ifname 'eth0.1'
     [...]

config interface 'server'
     option ifname 'eth0.2'
     [...]

config interface 'dmz'
     option ifname 'eth2'
     [...]

config switch_vlan
     option device 'switch0'
     option vlan '1'
     option ports '0 5t'

config switch_vlan
     option device 'switch0'
     option vlan '2'
     option ports '1 5t'

config switch_vlan
     option device 'switch0'
     option vlan '3'
     option ports '4 6'

Or if you prefer:

config interface 'lan'
     option ifname 'eth0.1'
     [...]

config interface 'server'
     option ifname 'eth0.2'
     [...]

config interface 'dmz'
     option ifname 'eth2.3'
     [...]

config switch_vlan
     option device 'switch0'
     option vlan '1'
     option ports '0 5t'

config switch_vlan
     option device 'switch0'
     option vlan '2'
     option ports '1 5t'

config switch_vlan
     option device 'switch0'
     option vlan '3'
     option ports '4 6t'

DUDE !!! It works. Thx