Skip to content

Run-time changes of per-VID VLAN configuration (RTU forwarding rule) breaks the PTP operation of the access-mode ports

Reported by Enkhbold.

Run-time changes of per-VID VLAN configuration (RTU forwarding rule) breaks the PTP operation of the access-mode ports

At startup both per-port and per-VID VLAN configurations (PVID and forwarding rules for VLANs) are set from dot-config. Depending on RADIUS authentication, certain PVIDs are set to the access-mode ports dynamically.

Now if a forwarding rule for a certain VLAN is deleted 'on-the-fly' with 'wrs_vlans' tool, then PTP synchronisation breaks at those access-mode ports, which have same PVID. As result nodes loose the WR lock!

This problem can be re-produced in following cases (firmware release v6.0-75-gbfe12fbc). Node A is known to the RADIUS service, but not node B. VLANs 30 and 31 are for service, VLAN 4094 is for unauthenticated nodes.

Case 1:

  • at startup forwarding rules only for VLANs 30 and 31 are set (no rule for 4094)
  • nodes A and B are connected to the access-mode ports wri10 and wri12 respectively and both have WR lock
  • depending on RADIUS authentication PVID 31 is assigned to wri10 and PVID 4094 to wri12
  • during run-time a new forwarding rule for VLAN 4094 is added -> both nodes have still WR lock
  • after VLAN status check the new rule for VLAN 4094 is then removed -> in effect nothing has been changed for VLAN configuration, but node B at wri12 (PVID 4094) cannot do PTP synchronisation and looses the WR lock!
  • this PTP failure persists if node B (or any unauthenticated node) is later re-connected to other access-mode ports, which get PVID 4094 dynamically
  • node A at wri10 (PVID) has still WR lock

Case 2:

  • at startup forwarding rules for all VLANs 30, 31 and 4094 are set
  • nodes A and B are connected to the access-mode ports wri10 and wri12 respectively and both have WR lock
  • dynamic assignment of PVIDs 31 and 4094 is same as in case 1: wri10 has PVID 31, wri12 has PVID 4094
  • forwarding rule for VLAN 4094 is then removed -> only VLAN-relevant configuration has been changed, but node B at wri12 (PVID 4094) cannot do PTP and looses the WR lock!
  • same as in case 1 the PTP failure persists if node B (or any unauthenticated node) is later re-connected to other access-mode ports, which get PVID 4094 dynamically
  • node A at wri10 (PVID 31) has still WR lock

Commands used to add and remove a forwarding rule:

  • wrs_vlans --rvid 4094 --rmask 0x20000
  • wrs_vlans --rvid 4094 --del
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information