I have a setup with three wifi APs in my house. The omnia is used as central router, the two other APs are connected via a managed switch to lan0 of the omnia.
When a device roams from one of the other openwrt APs to the omnia, this device is unreachable from any of the lan1 to lan4 ports for several minutes (about 5 to 10 minutes). For example, if I regularly ping a wifi device to detect its presence, I can reach the device when it is still connected to the other openwrt AP, then after the device disconnects from the other router and connects to the omnia, the device is unreachable. After about 10 minutes doing nothing, the pings begin working again.
During the entire time, the device has no problems reaching the internet (wan port), it is only unreachable from the internal wired network.
This sounds like the ARP-issue. Do you have VLANs enabled? WAN and LAN4 are unaffected because they do not invoke DSA. What you can do is switch WAN and LAN(0-3) so that you can have at least two VLAN-enabled switch ports.
Btw @Pepe: did Turris team meanwhile manage to fix the ARP-bug in 6.x?
Thanks for your reply and hints. I had problems with VLANs (see my other post) since upgrading from TOS 3 and do not use them in my current configuration on the turris.
I would only need a single tagged physical lan port, the other three lan ports would be untagged. So if VLANs on LAN4 would work, that would be sufficient for my case. However, I just tried creating a VLAN interface (lan4.11 in this case). If I add that interface to an network interface, such as GUEST-TURRIS, no traffic is routed at all through this interface (may be an arp issue as dhcp works, but then no further traffic is flowing). This is the same behavior as for e.g. lan0.11.
Would I need to take further steps to use LAN4 as a non DSA managed port?
I do now believe that I am not understanding what turris os is doing or some more stuff is broken in TOS 5. I have studied the schematics and have seen what you meant by having a port that is not attached to the switch, but directly to the CPU. I tried using eth2 as trunk port to my managed switch so that any traffic is directly routed through the CPU. However, as soon as I add a vlan interface to the bridge, the bridge is no longer functioning - no traffic is going out of any port or wifi adapter attached to this bridge. As this is independent from the switch, I assume that this is not a problem with DSA.
Am I missing something here? is it insufficient to add the interface with vlan tag, e.g. eth2.11 to the bridge if I would like to sent traffic of this bridge to my managed switch using vlan tag 11?