Weird vlan behavior with CTF enabled/disabled

[kyzhk]

Hi,

First off my network topology:

modem <-ethernet-> ac68u on merlin <-ethernet through port 1-> access pointA

From access point A:

access point A <-ethernet-> wired client
access point A <-wifi-> wireless client

With CTF enabled, I used the following commands to create a port based vlan on ac68u:

robocfg vlan 1 ports "2 3 4 8t"
robocfg vlan 3 ports "1 8t"
vconfig add eth0 3
ifconfig vlan3 up
brctl addif br0 vlan3

Observation with CTF enabled:
1) Wired client works fine i.e. can access internet.
2) Wireless client works partially -> ping google.com is successful i.e. at least DNS and ICMP works. But internet does not work in general i.e. browser opening google ip address would be stuck. Curl would be stuck.

With CTF disabled I need to replace port 8 by port 5 in the vlan creation command i.e.

robocfg vlan 1 ports "2 3 4 5t"
robocfg vlan 3 ports "1 5t"
vconfig add eth0 3
ifconfig vlan3 up
brctl addif br0 vlan3

Observation with CTF disabled:
1) Wired client works fine.
2) Wireless client works fine.


I am rather confused as to how CTF selectively discriminate packets through wifi interface vs lan interface on a bridged access point - the packets arriving from / sent to the bridged access point should be indistinguishable to the ac68u, no?

Anyways, if anyone had experience with this issue please share! I would love to get vlan working without sacrificing CTF.

 

[vc1234]

In my experience with N66U and AC68U, vlan bridging does not work with CTF enabled. I described my observations several days ago.

So, it's one or the other: vlans or CTF.

 

[kyzhk]

I did some more testing and figured out an interesting behavior - internet stops working only when the device is previously connected to a different vlan.

That means a new device that had never been connected (since reboot) will work on either vlan as long as it stays on the first vlan it connected to.

I think this is some sort of caching behavior by CTF on some sort of custom implemented ARP table. What I did to test the hypothesis is that by using a random mac address on every new connection I am able to switch between the two vlans without loss of internet connectivity.

 

[vc1234]

As I wrote earlier:

I had a similar issue with both N66U (AP mode) and AC68U (router mode) when I configured a second bridge and a VLAN(4). On N66U, depending on whether I used VLAN1 first or VLAN4 first from the same device, the second connection could not work because the ethernet frames were tagged with the previous VID.

 

[kyzhk]

As I wrote earlier:

I had a similar issue with both N66U (AP mode) and AC68U (router mode) when I configured a second bridge and a VLAN(4). On N66U, depending on whether I used VLAN1 first or VLAN4 first from the same device, the second connection could not work because the ethernet frames were tagged with the previous VID.

Ah! Only if I had read your post earlier today I wouldn't have spent two hours looking at this. At least my observation confirmed yours.

Well for now I think I can live with that because other than initial configuration I probably won't be switching the same devices across vlans.

Thanks.