Bridge 2 wifi on 1 interface

Cookie · November 21, 2021, 8:56pm

Hi,

in OpenWrt 19.07 I can select 2 Wireless Networks to use the same Network interface 'WIFI_INTERNAL' and OpenWrt created a brige for me.

Now i've installed OpenWrt 21.02.1 with DSA and i have no clue how to create this bridge in Luci for my 2 Wireless Networks so they use the same interface. Option type 'bridge' is not possible anymore for interfaces in the LUCI Webinterface because in the interface options i can only select one Wireless Network. But after editing /etc/config/network and set option type 'bridge' manual it works.

After CLI editing the network config the Luci Webinterface does not show the bridge correctly and it is imposible to select 2 or more Wireless Networks and assosiate them to one interface.

2021-11-21 21_46_42-OpenWrt - Interfaces - LuCI

config interface 'WIFI_INTERN'
        option proto 'static'
        option ipaddr '10.10.200.1'
        option netmask '255.255.255.0'
        option delegate '0'
        option type 'bridge'

config wifi-iface 'wifinet3'
        option device 'radio1'
        option mode 'ap'
        option ssid 'Wfi-FP-Intern'
        option encryption 'psk2+ccmp'
        option key 'xxxxxxxx'
        option network 'WIFI_INTERN'

config wifi-iface 'wifinet4'
        option device 'radio0'
        option mode 'ap'
        option ssid 'Wifi-FP-Intern-Fast'
        option encryption 'psk2+ccmp'
        option key 'xxxxxxxx'
        option network 'WIFI_INTERN'

My Device: Linksys WRT1900ACS
Firmware: Firmware Version OpenWrt 21.02.1 r16325-88151b8303 / LuCI openwrt-21.02 branch git-21.295.67054-13df80d

Regards,

Ronny

jaromanda · November 21, 2021, 11:24pm

that config you're showing with config interface and 2 x config wifi-iface ... that's from two different files? correct? i.e. network and wireless

what would help is showing the full contents of /etc/config/network and /etc/config/wireless - as there's more to the correct configuration than you are showing

Cookie · November 22, 2021, 6:33pm

The 2x config-iface are from /etc/config/wireless and from /etc/config/networkis the config interface 'WIFI_INTERN'.

Here are my full config files:
/etc/config/network
/etc/config/wireless

mk24 · November 22, 2021, 7:07pm

For networks that will only have wifi, but it will be multiple wifi interfaces, create an empty bridge to be their device.

config device
    option name 'br-fritz'
    option type bridge

config interface 'fritz'
    option device 'br-fritz'
    option proto 'static'
    ---

Then use option network 'fritz' on each wifi AP that will be in that bridge.

As lan already has a bridge (though it also contains VLANs) use the interface name: option network 'lan' and that wifi will be in VLAN 5.

The brctl show command sort of shows how your configuration landed in the kernel, though it does not follow VLANs very well.

Cookie · November 22, 2021, 7:50pm

@mk24 Thx for this very usefull hint. I was thinking way too complicated and that's why I got a knot in my brain. I've solved my issue with the following configuration:
/etc/config/network

config device
        option name 'br-wifi-intern'
        option type 'bridge'
        list ports 'wlan0'
        list ports 'wlan1-2'

config interface 'WIFI_INTERN'
        option proto 'static'
        option ipaddr '10.10.200.1'
        option netmask '255.255.255.0'
        option delegate '0'
        option device 'br-wifi-intern'
        list dns '10.10.10.15'
        list dns '10.10.10.16'
        list dns_search 'intern.xxx.network'

/etc/config/wireless

config wifi-iface 'wifinet3'
        option device 'radio1'
        option mode 'ap'
        option ssid 'Wfi-FP-Intern'
        option encryption 'psk2+ccmp'
        option key 'xxxxxxxx'
        option network 'WIFI_INTERN'

config wifi-iface 'wifinet4'
        option device 'radio0'
        option mode 'ap'
        option ssid 'Wifi-FP-Intern-Fast'
        option encryption 'psk2+ccmp'
        option key 'xxxxxxxx'
        option network 'WIFI_INTERN'

Best regards,
Ronny

Spyderdyne · November 22, 2021, 8:26pm

A couple things:

Bridging between VLANs creates an internal resource-intensive CPU bound process that can add unnecessary latency.
If your 2 networks are different subnets but in the same zone (both in LAN, both in Wifi, etc.) consider "Super-Netting." ex:

VLAN 1 wifi1 192.168.1.0/24
VLAN 2 wifi2 192.168.2.0/24

SUPERNET = 192.168.1.0/23 !!! one single network comprised of 2 or more smaller subnet aggregates...

you can also do smaller segments and subdivide a network the same way. ex:

192.168.1.0/26 = 64 addresses, so 62 hosts, which allows 4 separate segments.

Screen Shot 2021-11-22 at 3.23.04 PM

It is general best-practices to run an L3 device (router) for inter-vlan routing because you can implement firewall rules to control what each source network can pass to each destination. This also allows you to monitor the traffic being passed between networks on most appliances. If the traffic on each subnet is in the same "zone" (i.e. LAN, Wifi, DMZ, whatever...) you are fine using the bridge to aggregate different hardware and virtual interfaces under a zone, but if that is the sole purpose then you wouldn't actually need separate subnets in the first place, would you?

FWIW

Cookie · November 22, 2021, 8:39pm

The two wireless networks wifinet3 and wifinet4 are in the same subnet 10.10.200.1/24, but once in the 2.4 GHz and once in the 5GHz range. Therefore, I want to have both wireless networks on one interface with one subnet.

system · December 2, 2021, 8:39pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.