AVM FRITZ!Repeater 1750E - VLANs not working

Hi!

I have equipped an AVM Fritz! repeater 1750E with OpenWrt.
During setup, however, I discovered that 802.1q is not supported correctly.
I have 4 VLANs.
VLAN 1, 11, 30 and 40.
There is a suitable WLAN SSID for each VLAN.

VLAN 1 works without any problems.
The adapter receives an IPv4 address and I can reach Luci very easily.
WLAN via this also works great.

With all other “real” VLANs, however, nothing works.
I have created all the VLANs, but a connection to the network cannot be established.
None of the virtual network adapters receive an IP address.

Are there currently problems with the device and OpenWrt?

Interfaces:

Devices:

Overview - Status:

Firmware Version: OpenWrt 23.05.5 r24106-10cc5fcd00 / LuCI openwrt-23.05 branch git-24.264.56413-c7a3562
Kernel Version: 5.15.167

Other OpenWrt devices in the house work without any problems with several VLANs.

Let's see what's going on in your config.

Also, please confirm that this is an AP, not serving as a router.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Hi!

The Repeater is running in AP-Mode.
DHCP, DNS and firewall is deactivated and stopped in the startup-config.

All APs in the Network have the same config.
Other hardware, but same config.

Here is the output:

root@AP04:~# ubus call system board
{
	"kernel": "5.15.167",
	"hostname": "AP04",
	"system": "Qualcomm Atheros QCA9556 ver 1 rev 0",
	"model": "AVM FRITZ!WLAN Repeater 1750E",
	"board_name": "avm,fritz1750e",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.5",
		"revision": "r24106-10cc5fcd00",
		"target": "ath79/generic",
		"description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
	}
}

root@AP04:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd59:fe14:1c10::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.178.240'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.178.1'
	list dns '192.168.178.2'
	list dns '192.168.178.200'
	list dns '192.168.178.203'
	list dns '192.168.178.1'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth0'

config bridge-vlan
	option device 'br-lan'
	option vlan '11'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '30'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '40'
	list ports 'eth0:t'

config interface 'censored'
	option proto 'none'
	option device 'br-lan.11'

config interface 'Guest'
	option proto 'none'
	option device 'br-lan.40'

config interface 'IoT'
	option proto 'dhcp'
	option device 'br-lan.30'

root@AP04:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option channel '40'
	option band '5g'
	option htmode 'VHT80'
	option txpower '26'
	option country 'DE'
	option cell_density '0'
	option noscan '1'
	option beacon_int '100'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option channel '11'
	option band '2g'
	option htmode 'HT40'
	option country 'DE'
	option cell_density '0'
	option noscan '1'
	option beacon_int '150'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'censored'
	option encryption 'sae-mixed'
	option dtim_period '1'
	option key 'censored'
	option ieee80211r '1'
	option nasid '0004'
	option mobility_domain 'ab12'
	option ft_over_ds '0'
	option ieee80211w '2'
	option wpa_disable_eapol_key_retries '1'
	option network 'lan'

config wifi-iface 'wifinet1'
	option device 'radio0'
	option mode 'ap'
	option ssid 'censored'
	option encryption 'sae-mixed'
	option dtim_period '1'
	option key 'censored'
	option ieee80211r '1'
	option nasid '0004'
	option mobility_domain 'ab12'
	option ft_over_ds '0'
	option ieee80211w '0'
	option wpa_disable_eapol_key_retries '1'
	option network 'lan'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'censored'
	option encryption 'sae-mixed'
	option dtim_period '2'
	option key 'censored'
	option ieee80211r '1'
	option nasid '0004'
	option mobility_domain 'ab12'
	option ft_over_ds '0'
	option network 'IoT'
	option wpa_disable_eapol_key_retries '1'
	option disabled '1'

config wifi-iface 'wifinet3'
	option device 'radio0'
	option mode 'ap'
	option ssid 'censored'
	option encryption 'sae-mixed'
	option dtim_period '1'
	option key 'censored'
	option ieee80211r '1'
	option nasid '0004'
	option mobility_domain 'ab12'
	option ft_over_ds '0'
	option ieee80211w '2'
	option wpa_disable_eapol_key_retries '1'
	option network 'Guest'
	option disabled '1'

config wifi-iface 'wifinet4'
	option device 'radio0'
	option mode 'ap'
	option ssid 'censored'
	option encryption 'sae-mixed'
	option dtim_period '1'
	option key 'censored'
	option ieee80211r '1'
	option nasid '0004'
	option mobility_domain 'ab12'
	option ft_over_ds '0'
	option ieee80211w '0'
	option wpa_disable_eapol_key_retries '1'
	option network 'Guest'
	option disabled '1'

config wifi-iface 'wifinet5'
	option device 'radio1'
	option mode 'ap'
	option ssid 'censored'
	option encryption 'sae-mixed'
	option dtim_period '1'
	option key 'censored'
	option ieee80211r '1'
	option nasid '0004'
	option mobility_domain 'ab12'
	option ft_over_ds '0'
	option ieee80211w '2'
	option wpa_disable_eapol_key_retries '1'
	option network 'lan'

config wifi-iface 'wifinet6'
	option device 'radio1'
	option mode 'ap'
	option ssid 'censored'
	option encryption 'sae-mixed'
	option dtim_period '1'
	option key 'censored'
	option ieee80211r '1'
	option nasid '0004'
	option mobility_domain 'ab12'
	option ft_over_ds '0'
	option ieee80211w '0'
	option wpa_disable_eapol_key_retries '1'
	option network 'lan'

config wifi-iface 'wifinet7'
	option device 'radio1'
	option mode 'ap'
	option ssid 'censored'
	option encryption 'sae-mixed'
	option dtim_period '1'
	option key 'censored'
	option ieee80211r '1'
	option nasid '0004'
	option mobility_domain 'ab12'
	option ft_over_ds '0'
	option ieee80211w '2'
	option wpa_disable_eapol_key_retries '1'
	option network 'IoT'
	option disabled '1'

config wifi-iface 'wifinet9'
	option device 'radio1'
	option mode 'ap'
	option ssid 'censored'
	option encryption 'sae-mixed'
	option dtim_period '1'
	option key 'censored'
	option ieee80211r '1'
	option nasid '0004'
	option mobility_domain 'ab12'
	option ft_over_ds '0'
	option ieee80211w '2'
	option wpa_disable_eapol_key_retries '1'
	option network 'Guest'
	option disabled '1'

config wifi-iface 'wifinet10'
	option device 'radio1'
	option mode 'ap'
	option ssid 'censored'
	option encryption 'sae-mixed'
	option dtim_period '1'
	option key 'censored'
	option ieee80211r '1'
	option nasid '0004'
	option mobility_domain 'ab12'
	option ft_over_ds '0'
	option ieee80211w '0'
	option wpa_disable_eapol_key_retries '1'
	option network 'Guest'
	option disabled '1'

config wifi-iface 'wifinet11'
	option device 'radio0'
	option mode 'ap'
	option ssid 'censored'
	option encryption 'none'
	option dtim_period '1'
	option network 'censored'
	option disabled '1'

config wifi-iface 'wifinet12'
	option device 'radio1'
	option mode 'ap'
	option ssid 'censored'
	option encryption 'none'
	option dtim_period '1'
	option network 'censored'
	option disabled '1'

Since your device is ath79, you can use direct dotted notation rather than bridge vlans...

to do that, delete these:

Edit the lan to use br-lan again:

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.178.240'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.178.1'
	list dns '192.168.178.2'
	list dns '192.168.178.200'
	list dns '192.168.178.203'
	list dns '192.168.178.1'

Then create new bridges with dotted notation:

config device
	option name 'br-guest'
	option type 'bridge'
	list ports 'eth0.40'

^^^ repeat this for VLANs 11 and 30, changing the name accordingly.

Then edit your network interfaces to use the bridges, like this for guest:

config interface 'Guest'
	option proto 'none'
	option device 'br-guest'

For the IoT network, make it unmanaged (option proto 'none')

On the wifi front, I'd recommend using either WPA2 or WPA3, but not mixed mode (sae-mixed) as this is not always well tolerated by client devices.

I also recommend removing all the 802.11r stuff (on all APs) as this is also not always going to play nice with the client devices. I generally suggest only using it if it's actually required, and that is determined only after all the APs have been tuned for power, channels, and position to the best extent possible. If you only have a single AP, 802.11r does not apply and should be removed.

DHCP should be disabled explicitly within the config file itself, and I recommend keeping the service running. It is also a good idea to leave the firewall running. Both services will be largely idle, but keeping them running will ensure that you won't have any surprises if they become re-enabled.

Once you've made all those changes, reboot and test again. If things still do not work properly, please post the updated configs.

Thanks for the tips.
The VLANs are now working and I can also use them via WLAN.

I have implemented the other tips and will see if it has any effect.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.