hi
i asked this before and many others too.
How to create a separate lan with vlans?
I read all post and guides but i dont get this sorry.
This 2 CPU Ports confuses me.
Normally you just set cpu to be tagged on every vlan or?

Im using the wrt1200ac.

The default switch config looks like this i think:

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option vid '1'
    option ports '0 1 2 3 6'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '4 5'
    option vid '2'

So i tried to change my config to this but it didnt work:

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option vid '1'
    option ports '1 2 3 6t'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '4 5t'
    option vid '2'

config switch_vlan
    option device 'switch0'
    option vlan '3'
    option vid '3'
    option ports '0 6t'

config interface 'lan'
    option ifname 'eth0.1'
    option proto 'static'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option ipaddr '192.168.0.254'

config interface 'wan'
    option ifname 'eth0.2'
    option _orig_ifname 'eth0'
    option _orig_bridge 'false'
    option proto 'static'
    option ipaddr '192.168.178.2'
    option gateway '192.168.178.1'
    option dns '84.200.69.80 84.200.70.40'
    option netmask '255.255.255.252'

What did i wrong? Has the lan interface to be a bridge? Where is stored which interfaces are bridged?
As soon as i set port 6 (cpu port of switch?) i loose all connectivity.
The wan side works fine with port 5 tagged (cpu) and wan interface switched to eth0.2
Thank you.

//Edit
I noticed in the web gui. There is only one column labeled  CPU Port which is port 5.
But Port 5 should be wan cpu port.
So changed the config like this:

config interface 'lan'
    option type 'bridge'
    option ifname 'eth1'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

config interface 'wan'
    option proto 'dhcp'
    option _orig_ifname 'eth0'
    option _orig_bridge 'false'
    option ifname 'eth0.2'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option vid '1'
    option ports '1 2 3 6'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '4 5t'
    option vid '2'

config switch_vlan
    option device 'switch0'
    option vlan '3'
    option vid '3'
    option ports '0 5t'

config interface 'Isolated'
    option proto 'static'
    option ifname 'eth0.3'
    option ipaddr '192.168.0.254'
    option netmask '255.255.255.0'

And it seems to work. Can someone please tell me why this works.
I also tought when vlans are enabled eth1 bridge isnt suppose to work anymore? Shouldnt it be set to eth0.1 ?
thank you.

(Last edited by shm0 on 4 Jun 2016, 13:44)

Bridged interfaces are set by

option type 'bridge'

in the 'config interface' stanza.

on the 1200 the WAN port is eth0, which is connected to port 5 on the switch. The LAN is eth1, which is port 6 on the switch. The GUI doesn't have a feature for two CPU ports, so it shows only 5 right now.

So, if you want VLANs on the LAN interface, add them with '6t' as the CPU port and add a corresponding eth1.X interface. For WAN, that'd be eth0.X with '5t' as the CPU port.

Thank you for your answer.
When i set the port 6 to tagged for the lan.
Do i create new interface with eth1.x ?
Or do i change the current bridge interface to eth1.x?

Any particular reason for wanting to create another layer 2 broadcast domain?

So for now only ACS has this squashfs issue?

Seems like all reports so far have been v2/acs. Has anyone experiencing this reported same to the ML?

@leitec thanks a ton i think i got it working now
here is my current network config:
Lan Port 4 is now separated.

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '4 5t'
    option vid '1'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option vid '2'
    option ports '1 2 3 6t'

config switch_vlan
    option device 'switch0'
    option vlan '3'
    option vid '3'
    option ports '0 6t'

config interface 'lan'
    option type 'bridge'
    option ifname 'eth1.2'
    option proto 'static'
    option netmask '255.255.255.0'
    option ipaddr '192.168.0.254'
    option ip6assign '64'

config interface 'isolated'
    option _orig_ifname 'eth0.3'
    option _orig_bridge 'false'
    option ifname 'eth1.3'
    option proto 'static'
    option ipaddr '192.168.1.254'
    option netmask '255.255.255.0'
    option ip6assign '64'

config interface 'wan'
    option _orig_ifname 'eth0'
    option _orig_bridge 'false'
    option ifname 'eth0.1'
    option proto 'static'
    option netmask '255.255.255.252'
    option ipaddr '192.168.178.2'
    option gateway '192.168.178.1'
    option dns '84.200.69.80 84.200.70.40'

For the "isolated" network i created the following firewall rules:

config zone
    option name 'isolated'
    option output 'ACCEPT'
    option input 'REJECT'
    option forward 'REJECT'
    option network 'isolated'

config forwarding
    option src 'lan'
    option dest 'isolated'

config forwarding
    option src 'isolated'
    option dest 'wan'

# Allow the isolated network to query Router DNS
config rule
        option name 'Allow isolated network DNS'
        option src 'isolated'
        option dest_port '53'
        option proto 'tcpudp'
        option target 'ACCEPT'

# Allow the isolated network to use the router as a DHCP server
config rule
    option name 'Allow isolated network DHCP'
    option src 'isolated'
    option proto 'udp'
    option dest_port '67'
    option target 'ACCEPT'

I set ssh/uhttpd to listen on the trusted networks ip only.

Is this the correct setup?
The goal i want to archive is to completely isolate the network on port 4 from the other networks and the openwrt router (interface/ssh). But allow acces from trusted network to the isolated network.

(Last edited by shm0 on 4 Jun 2016, 18:03)

Only acs even! At least i haven't seen reports from any V2 owner.

Try ftp something, install vsftp, add hdd to the router and voilaaa:-) errors everywhere,
I think that we need to inform LEDE developers about that!

(Last edited by gsustek on 4 Jun 2016, 15:49)

I don't understand how you can get nand errors while writing to the external harddrive :s

Scp'ing my firmware blobs to the USB stick never caused issues, but i guess that 20~30mb is not enogh to trigger it?

With scp can't reproduce the issue either uploading to /tmp or usb stick. However the speeds are slow, 14.3MB/s to tmp and ~9MB/s to usb.
Had nand timeout only once after flashing. Since that rebooted 2 times and both reboots were ok.

(Last edited by Bogey on 4 Jun 2016, 16:18)

Wy would router even need to write anything to nand except for saving config?

Yes how that would affect nand if you upload to hdd?

Edit: those SQUASHFS errors for others was for read only?

(Last edited by Bogey on 4 Jun 2016, 16:52)

You guy's running statistics? If so. where is the data being written?

For me it saves stats to usb.

This test was ok
dd if=/dev/zero of=1MB bs=1M count=1
sync

Please note that will wear the nand so do not run many times. And you should have 1MB free.
Edit: changed to 1MB write, that or even smaller should be enough if there is a problem with writing. I did it for 10MB it was fine.

Edit2: Only these has been edited in one day, so nothing much should be written to NAND

root@lede:/overlay/upper# find -mtime -1
./etc/modules.d
./lib/firmware/mwlwifi
./lib/modules/4.4.12
./usr/lib/opkg/info
./usr/lib/opkg/info/kmod-mwlwifi.list
./usr/lib/opkg/status
./root

Modules and opkg was updated due mwlwifi driver update and root was updated as I run dd in that dir.

Edit3: and I haven't faced that SQUASHFS error, only nand timeout once in startup after flash (with keeping settings).

(Last edited by Bogey on 4 Jun 2016, 16:54)

Where do I go to find the 4.4.x kernel hashes to add to the kernel makefile?

On a side note, I noticed as I was going back through posts I had flagged in my RSS feed a lot of questions from different users on where to find this or that patch at... is there a consolidated location I could add to the Wiki on where to look for patches?

https://www.kernel.org/category/signatures.html to verify authenticity and generate it using md5sum, though in case of the kernel no md5 needs to be provide but must not be wrong in case it is.

@mrfrezee
I assume you are saying the current build is still based on Openwrt and not LEDE project.
Just installed your latest mrf16060412 on my WRT1900AC V1 seems to be working fine so far. No install issues and seems to be just running, like a router firmware should. 
Thanks for your efforts.
--bill

I *think* that's what you want, but I'll warn I didn't check the firewall config all that thoroughly.

The only comment I have on the switch side of things is that you don't need to tag the WAN port. It's a different eth device and switch CPU port, so you can remove the tag on port 5 VLAN 1, and change eth0.1 to eth0. It's not a big deal, though. I think these days you don't incur any hit from having tagging on (that was the case maybe a year ago)

Hi,
I have got linksys 1900acs with today's firmware from @mrfrezee, 
I still got high ping to wan issue, I am using basic wifi config

Ping statistics for 192.168.0.1:
    Packets: Sent = 760, Received = 760, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 202ms, Average = 14ms

Distance from laptop to the router about 50cm, only 3 network's on 5GHz,
My wirelles config:

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11a'
        option path 'soc/soc:pcie-controller/pci0000:00/0000:00:01.0/0000:01:00.0'
        option htmode 'VHT80'
        option country 'DE'
        option txpower '20'
        option noscan '1'
        option channel '52'

config wifi-iface
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option macaddr '16:91:82:2e:1e:03'
        option encryption 'psk2'
        option key 
        option ssid 'OpenWrt_5GHZ'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'soc/soc:pcie-controller/pci0000:00/0000:00:02.0/0000:02:00.0'
        option country 'DE'
        option channel '13'
        option htmode 'HT40'
        option txpower '20'
        option noscan '1'

config wifi-iface
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option macaddr '16:91:82:2e:1e:02'
        option encryption 'psk2'
        option key 

My wifi card is Intel Dual Band 3160, it doesnt matter if laptop is connected to the 2,4 or 5Ghz issue is same on both network's.
Any advise please?

@UPDATE
I think wifi card in my laptop is s**t this is not the first case...

(Last edited by padlak on 4 Jun 2016, 20:15)

Its doubtful it's a wifi issue... have you tested via ethernet?  If not, please do so, and if similar results are had, it may be odhcpd causing the issue.  Switching to dhcpd solved this for another user.

Your WiFi card quality shouldn't matter if you're pinging an IP in your LAN, as it should resolve in ~1ms.

I did notice two things in your wifi config: 

• Your ac channel is far too low; it should be as high as possible.  Try channels in the 150 range (or whatever the highest channels allowed in DE are).

• Your encryption is not sufficient; it should be psk2+ccmp, as TKIP is not secure

(Last edited by JW0914 on 4 Jun 2016, 22:49)

I would really love if that could be true, however seems it's not used by cache:

                   total                 used         free       shared      buffers
Mem:          515216       510636      4580         1720         5876
-/+ buffers:                    504760       10456
Swap:                    0            0            0

Free memory stuck on 10MB after I successfully copied 500MB file to attached USB 3.0 HDD.

I even reinstalled firmware today, but this didn't fix the problem.

Can somebody help me, please? Problem is described in post here.

When using Transmission and RAM decreases to 10-50MB - download speed in Transmission is decreasing as well.

Thanks for your reply,
I will try to change encryption tomorrow but I installed basic app for android phone and ping to the gateway is no higher than ~6ms.
I have tested via ethernet and pings are <1ms
I will keep you updated.

Search for an option named cache-size-mb in your transmission config and reduce it to 16MB at most.

Also, try to issue an:

sync && echo 3 > /proc/sys/vm/drop_caches

to see if it solves your problem.

Hi Everyone - I just updated to David's latest build Firmware version OpenWrt Designated Driver r49377 / LuCI Master (git-16.151.26687-f4af114), Kernel 4.4.7, on the Linksys 1900ACS

Working great so far, but:

I'm seeing the issue with only one wireless network working. Both are recognized, but only the 5GHZ one is accepting clients. I seem to remember a couple of posts addressing this with a configuration change, but for the life of me I cannot find the post. Does anyone happen to have what needs to be changed to fix this?

Thanks!
Paul