It seemed ok at first, but there’s still weirdness happening.
Firstly, this happend:
# tcpdump -e -vvv -i eth0 arp or icmp
...
10.0.0.98 > 10.0.0.5: ICMP echo request, id 1, seq 361, length 40
21:19:17.220499 00:50:b6:b4:c4:0f (oui Unknown) > a0:b3:cc:e3:ff:aa (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.5 (a0:b3:cc:e3:ff:aa (oui Unknown)) tell 10.0.0.98, length 46
21:19:18.220942 00:50:b6:b4:c4:0f (oui Unknown) > a0:b3:cc:e3:ff:aa (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.5 (a0:b3:cc:e3:ff:aa (oui Unknown)) tell 10.0.0.98, length 46
21:19:18.234475 00:50:b6:b4:c4:0f (oui Unknown) > a0:b3:cc:e3:ff:aa (oui Unknown), ethertype 802.1Q (0x8100), length 78: vlan 1, p 0, ethertype IPv4, (tos 0x0, ttl 128, id 5179, offset 0, flags [none], proto ICMP (1), length 60)
10.0.0.98 > 10.0.0.5: ICMP echo request, id 1, seq 362, length 40
21:19:19.221091 00:50:b6:b4:c4:0f (oui Unknown) > a0:b3:cc:e3:ff:aa (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.5 (a0:b3:cc:e3:ff:aa (oui Unknown)) tell 10.0.0.98, length 46
21:19:40.238631 d8:58:d7:00:74:52 (oui Unknown) > a0:b3:cc:e3:ff:aa (oui Unknown), ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.5 tell 10.0.0.14, length 46
That’s taken from a system connected to one of the lan ports in the bridge which is set to Vlan 1 PVID Untagged. But it shows vlan tagged traffic arriving there anyway.
After a reboot this was no longer happening. It seems that things can get corrupted when making changes to the switch configuration. So I’m now always rebooting when changing thing, that way at least I’m sure I’m not hunting ghosts.
The other thing was that on the main router I had two bridges which both contained lan ports. (Also one with Vlan filtering and one without.) Things got better once I lost that second bridge, it seems that having multiple bridges confuses the switch chip or DSA driver.
Wired networking now seems fine.
Wireless was still messy though. Devices would generally loose connectivity when changing AP. My theory is that this happens because a switch or bridge somewhere doesn’t realize a certain mac address moved elsewhere. I’ve enabled STP and dropped max_age to 1s on all the bridges and at first glance that seemed to improve things a bit, but not totally resolve it. It looks like I might see the behavior described here: Lan ports aren't accessible for WiFi client for the first 250-330 seconds after connection
I’ll try to dig a bit deeper into the Wlan roaming later. For now I’ve spend too much time on it already anyway 