VLAN config not working properly

[palbiez]

When I'm creating 2 new VLANs in 23.05.3 on my Cudy WR1300 v3 all is working fine in the first view.
I change the bridge LAN and add VLAN 1 untagged all ports also VLAN 140 tagged all ports for Guest WiFi with multiple APs.
The configuration is looking fine.
Relating to #5948
I saw that vlan_filtering is set to 0.

# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd9f:f265:6dcf::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        option vlan_filtering '0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.130.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.2.1'
        list dns '8.8.8.8'

config interface 'wan'
        option device 'wan'
        option proto 'static'
        option ipaddr '192.168.2.2'
        option gateway '192.168.2.1'
        option netmask '255.255.255.0'
        list dns '8.8.8.8'
        list dns '8.8.4.4'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config route
        option interface 'lan'
        option target '0.0.0.0/0'
        option gateway '192.168.2.2'

config route
        option interface 'wan'
        option target '0.0.0.0/0'
        option gateway '192.168.2.1'

config device
        option name 'phy1-ap0'

config interface 'Gast'
        option proto 'static'
        option device 'br-lan.140'
        option ipaddr '192.168.140.1'
        option netmask '255.255.255.0'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'eth0:u*'
        list ports 'lan1:u*'
        list ports 'lan2:u*'
        list ports 'lan3:u*'
        list ports 'lan4:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '140'
        list ports 'eth0:t'
        list ports 'lan1:t'
        list ports 'lan2:t'
        list ports 'lan3:t'
        list ports 'lan4:t'

But if I add one or more VLAN to this bridge the vlan_filtering tag has been deleted by uci.
And my network device crashes.

I think the deletion of vlan_filtering is wrong and it should be still vlan_filtering 0
In second step the vlans should be activated with a separate activation button or something like this.

[systemcrash]

Try it without VLAN 1 - https://community.cisco.com/t5/switching/what-is-difference-between-default-vlan-and-native-vlan/td-p/2095204 - and see if you get the same result.

[palbiez]

I tested today evening only on another device.

root@DAP1325_terasse:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd5e:4129:8e90::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.130.244'
        option netmask '255.255.255.0'
        option gateway '192.168.130.1'
        list dns '192.168.130.1'
        list dns '192.168.2.1'

config device
        option type 'bridge'
        option name 'Br-test'
        list ports 'eth0'

config bridge-vlan
        option device 'Br-test'
        option vlan '130'
        list ports 'eth0:t*'

config bridge-vlan
        option device 'Br-test'
        option vlan '140'
        list ports 'eth0:t'

config bridge-vlan
        option device 'Br-test'
        option vlan '150'
        list ports 'eth0:t'

config bridge-vlan
        option device 'Br-test'
        option vlan '128'
        list ports 'eth0:t'

config interface 'ALBkinder'
        option proto 'static'
        option device 'Br-test.140'
        option ipaddr '192.168.130.244'
        option netmask '255.255.255.0'

Deleted VLAN1 and made VLAN130 as default

Used this interface (Br-Test) at the adapter.

I must wait 90 seconds and then it will be reverted.
When I'm deleting the primary VLAN and use it again.

I must also wait 90 seconds and the interface will be reverted.

Test it tomorrow onto main router.
Should another VLAN made as default or no default VLAN should be defined when I'm not using VLAN 1?

[palbiez]

I haven't applied the config yet but when I'm deleting VLAN1 and add another one the vlan_filtering will be deleted completely.

I can apply this tomorrow morning and test again but I think the vlan_filtering tag shouldn't be deleted here

[palbiez]

Same result without VLAN 1
When I want to delete VLAN 1 uci want to delete the vlan_filtering tag.
Also I'm not able to do this because my router is hanging then. I must wait 90 seconds then the changes will be reverted.
Have been tested the following configurations.

Deletion of VLAN 1 all other options will be the same.

Deletion of VLAN1 and add another tagged VLAN.

Edited VLAN ID from 1 to 130

In all cases the VLAN filtering tag want to be deleted by luci

[palbiez]

Second test.
Add a new bridge
Adding 2 VLANs 130 and 140.
Wrong screenshot here. I added all ports to this interface


No VLAN_filtering tag will be set by luci. What is right because the tag should be set at the interface I think.

config device
        option type 'bridge'
        option name 'Br-test'
        list ports 'eth0'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config bridge-vlan
        option device 'Br-test'
        option vlan '130'
        list ports 'eth0:t*'
        list ports 'lan1:t*'
        list ports 'lan2:t*'
        list ports 'lan3:t*'
        list ports 'lan4:t*'

config bridge-vlan
        option device 'Br-test'
        option vlan '140'
        list ports 'eth0:t'
        list ports 'lan1:t'
        list ports 'lan2:t'
        list ports 'lan3:t'
        list ports 'lan4:t'

Added new interface in Luci

The VLAN filtering option won't be set here.

config interface 'Management'
        option proto 'static'
        option device 'Br-test'
        option ipaddr '192.168.128.1'
        option netmask '255.255.255.0'

root@WR1300v3:~#

I'm very confused at the moment when the vlan_filtering tag should be set and when it should be set from 0 to 1

[palbiez]

Last test.
Deleted VLAN 1 from the config directly in /etc/config/network
And then change anything at the VLAN configuration in luci.
Luci want to delete VLAN filtering tag here again.

Next confusion.
When I want to delete the VLAN section completely in some cases the VLAN filtering tag should be set to 1

Adding new vlans (without VLAN 1) again no filtering tag will be set by luci.

[palbiez]

The issue contains with the VLAN filtering checkbox.
If you set filtering checkbox but you don't define any vlans the vlan_filtering tag is set to 1

If you define a VLAN without checking this checkbox manually VLAN filtering tag won't be set by luci

I think in this case the checkbox shouldn't be set and the tag should set to 0

Uncheck the box manually the tag will set to 0

I only saved this config and don't apply it.
When I'm adding now the second VLAN
The tag will be deleted accidentally I think it should be still on 0 and the checkbox shouldn't be checked

The issue seems to be in this file but last time I worked with js was 20 years ago :-(

luci/modules/luci-mod-status/htdocs/luci-static/resources/view/status/include/29_ports.js

Line 85 in 071fc1b

br = bridges[s.name] || (bridges[s.name] = { ports: [], vlans: {}, vlan_filtering: false });

or here

luci/modules/luci-mod-network/htdocs/luci-static/resources/tools/network.js

Line 913 in 071fc1b

s.getOption('vlan_filtering').updateDefaultValue(s.section);

[systemcrash]

That vlan_filtering is removed is normal. The internal default is 0, which is synonymous with the setting being removed.

And my network device crashes.

Do you mean you get locked out and the device stops responding? This is because you lose network access: the device starts sending tagged frames as soon as you apply the config.

[palbiez]

That vlan_filtering is removed is normal. The internal default is 0, which is synonymous with the setting being removed.

Can you please tell me why the vlan_filtering has been deleted when I'm adding a new VLAN?
I thought that vlan_filtering must be set otherwise it isn't working
See here e.g. for Banana Pi openwrt/openwrt#14195 (comment)
and also I think here
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/tree/include/net/dsa.h?id=c16bcd70a11b52d20877aa4e0b59285690a1b268#n302

Do you mean you get locked out and the device stops responding? This is because you lose network access: the device starts sending tagged frames as soon as you apply the config.

right I get locked out here. But my Switch is also using tagged packages here and when I'm connected with Luci and I define a untagged VLAN as Standard I thought that I can still access the Router.
Also when I'm using Wifi and created vlan adapter is bound to my wifi interface. Otherwise I thought wrong and need some assistence here ;-)

[systemcrash]

You can still define untagged (PVID) - it should be u. But perhaps it shall be tagged in the cpu (eth0).

[ffainelli]

It most likely needs to be tagged for the CPU port, which means that you would need a br-lan.VID interface defined to terminate that VLAN tag at the CPU port level. This is echoing back to openwrt/openwrt#14195 (comment)

[palbiez]

I think this are two parts. One is Luci. The Vlan filtering checkbox is not correspondign with the vlan filtering Option. Another option can be to write in the documentation that VLAN filtering checkbox is also checking the vlan_filtering on CPU level or something like that.
Another one are my issues with my device which can be also a bug but not a luci bug I will reply there in the forum
https://forum.openwrt.org/t/cudy-wr1300-v3-23-05-3-add-vlans-crashes-network-adapter/204059/5

[Neustradamus]

To follow this good ticket :)

[jow-]

Netifd's implicit default for option vlan_filtering becomes 1 as soon as there's at least bridge-vlan section defined, see here:
https://git.openwrt.org/?p=project/netifd.git;a=blob;f=config.c;h=d187152b37ae9a3ac8d46a0d06890db6ae5f2bfb;hb=68c8a4f94cd3cfd654a52cbc8b57c5c9d99640dd#l125

LuCI should reflect that behaviour;

• Once at least one bridge vlan is declared, the internal implicit default of the checkbox becomes true
• Once at least one bridge vlan is delcared, LuCI auto-checks the checkbox
• When a checked checkbox with implicit default true is saved, the entire option is removed. By design, LuCI only saves options which deviate from the defaults
• If you get "locked out" after applying such a change it is either because you're doing these while connected wired and your client connection is not updated accordingly (e.g. PC you're browsing LuCI with is not configured for VLAN tagged traffic) - or - the DSA / bridge-vlan implementation of the target device is bugged