I'm just trying to get to grips with how the various vlan variables are read and operated on.

Taking a default wrt54gs - it's bridged between vlan0 and vlan1 (and the wireless).  So I tried to "rename" all instances of vlan1 to be vlan2.  I also changed all references to vlan1 into vlan2 (for me this was lan_ifnames and wan_ifname). 

However, if I do this (and reboot) then the bridging stops working ("some" packets get through), and in fact routing becomes extremely wierd (I can't ping lots of stuff which is plugged in directly and was working fine before I switched the vlan name)

Is this all deliberate and I'm missing something obvious.  Or is this some subtle bug somewhere?  I tried grepping the code, but I don't see anything particular which makes vlan1 special, but it does seem to be so?

(As to "why".  I was trying to debug why I'm having problems with more than two vlans.  Looks like the issue might be this rather than the multiple vlans)

Could someone else repro the situation above please and tell me if I am just testing it incorrectly or if really does do this (day old CVS)

Thanks

The switch itself uses vlans as a way to map multiple physical ports to a single ethernet interface. The vlan*port variables in nvram control which ports are part of which vlan.

http://wiki.openwrt.org/OpenWrtDocs/Con … 37c5318626

Agreed.  I have been using the Wrt for about a year and  I am fairly familiar with the vlan vars (however, I haven't tried any of the admcfg tools, etc)

What I would ulitimately like to do is setup a bridge using three vlans instead of the usual two vlans.  When I do this though the networking stops working properly and it's often hard even to log into the box.

I am trying the simple experiment above to see if it's something magic about the default vlan vars or something deeper.  Can you confirm that the above experiment works/fails on your device?

Cheers

(Last edited by ewildgoose on 3 Sep 2005, 08:23)

To be specific, here is a slightly different vlan setup to that described, but it illustrates the problem.  If anyone can see a problem with this then please explain:

# nvram show|egrep "[wl]an|dmz"|sort
dmz_ifname=vlan2
dmz_proto=dhcp
lan_gateway=192.168.105.254
lan_ifname=br0
lan_ifnames=vlan0 vlan1 vlan2 eth1 eth2 eth3
lan_ipaddr=192.168.105.250
lan_netmask=255.255.255.0
lan_proto=static
vlan0hwname=et0
vlan0ports=1 2 5*
vlan1hwname=et0
vlan1ports=0 5
vlan2hwname=et0
vlan2ports=3 4 5
wan_ifname=vlan1
wan_proto=dhcp

I then added a line in S40network to do an ifup dmz, and totally removed S45firewall

This setup above works if you plug two things into any two ports, it bridges between them.  However, if you plug a third thing into the third vlan (doesn't seem to matter what order) then networking seems to stop working.  Unplug one thing and everything else seems to start working again.  It's as though it gets confused what port to send/rcv on...

Can anyone explain what is wrong here (I know it's slightly different to the first question)

Thanks

I could confirm that.

Same problem here on a Asus WL-500g deluxe. I think vlan configuration has some bugs in OpenWrt.

Maybe the core developers should have a look at this problem.

Actually, I noticed that it all gets a lot worse when a switch is added to one of the ports.  I'm wondering if it might be something to do with all the interfaces having the same MAC address?

> Taking a default wrt54gs - it's bridged between vlan0 and vlan1 (and the wireless). 

no, by default it's bridged between eth1 (wireless) and vlan1 (LAN). Vlan0 is wan port, what is not bridged. I dont understand, why you want to bridge several vlan's. If you need pass traffic between ethernet ports, then much simpler is put them to same vlan. All vlans in switch have same MAC address, and if you create bridge between 3 devices, and two of them have same MAC, then you be screwed anyway.

(Last edited by netmaster on 3 Sep 2005, 21:24)

Nope, the default is definitely to bridge "vlan0 vlan1 eth1 eth2 eht3"

I know because I have locked myself out of this router a couple of times while upgrading and had to hold in the reset button while booting and that's basically a copy and paste from the router (which has lost all my other variables)

Anyway, that aside, the reason for doing this is that I want a device that I can use to segregate the WAN and two lan segments, but in a totally transparent way.  Consider walking into a potential client and being able to push the transparency aspect of the firewall, ie nothing to reconfigure and if something goes wrong you just remove the firewall and it's back to normal (but unprotected of course).  In my case I am only doing QOS, so the ability is to show the client adding and removing the device and the effect on the network without them making any other changes

What I would like is to have 5 vlans (ie each port in a seperate vlan) and to be able to apply firewall rules to each, but they are all bridged so that no reconfig is needed.

I think you are right though that the issue might be because I have the same MAC for each vlan?  Interesting that this seems to be the default and it works fine for the default 2 vlan bridge setup.  I will investigate how to change it and retest. 

Please try my nvram config from above and you can repro my situation.  I still see the original problem though that even creating three vlans and then changing the "wan" port to use the "other" vlan and the device stops working.  So I still wonder if there isn't something special about the two original vlans which makes this work, but doesn't apply once you create new vlans...?

> Nope, the default is definitely to bridge "vlan0 vlan1 eth1 eth2 eht3"

why do you think that?
my WRT54G shows after reset that:

root@WRT54G:~# nvram show|grep ifnames
size: 8646 bytes (24122 left)
lan_ifnames=vlan0 eth1 eth2 eth3
wan_ifnames=vlan1

this means vlan0 and vlan1 is NOT bridged, vlan0 (port1-4 in switch) and eth1 (wireless) is bridged. I have no idea, what is eth2 and eth3. If vlan1 is WAN port, and vlan0 is LAN, then WRT does by default between them NAT or routing, not bridging.
I think this is just impossible, what you want to do because MAC issue. You need physical (ethX) interfaces not logical (vlanX) interfaces for that.

(Last edited by netmaster on 4 Sep 2005, 09:49)

I have a wrt54gs and using the cvs from a few days ago and after a reset my router shows:

lan_ifnames=vlan0 vlan1 eth1 eth2 eth3

How very strange...

Anyway, the fact remains that the device works fine with vlan0 and vlan1 (and wireless) in a bridge.  But as you say it all breaks down if you add more vlans and then bridge them.  I wonder if there is some special code which makes it work for vlan0/1 (hence my original question about how it all seems to break if I rename the vlan1 settings into vlan2 and reboot), or whether I can change the effective MAC address on a VLAN...?

Thanks for any further thoughts

Ed