Bridging wireless SSID to a VLAN

Hello. I'm struggling awfully to set this up right. I have googled, youtubed, checked these forums, and I still can't figure out how to properly get an SSID tied to a trunked VLAN. Most of the posts and videos I have found were done with an earlier version of LUCI that referenced a physical tab for interfaces. I understand that this area is now the devices tab. However the process is different now. In the old LUCI version you could bridge wireless to a vlan directly in the bridge.

I have an r7800 running Openwrt version 22.03. I have a main router which is Opnsense and is trunking a number of VLAN's to this r7800 that is functioning as a dumb AP. Firewall is off. I have bridged my WAN port to the LAN so that I can use it as the trunk link to my router that has all the normal services like DHCP, etc. When I plug into the physical ports of the dumb AP I am on the right VLAN (20 IoT) assigned to those ports. My problem I think is that I'm not bridging the VLAN's to wireless correctly. I'm not getting DHCP from the router to my wireless test client using USERS SSID which I am trying to tie to VLAN 10. I can't ping the gateway of VLAN 10 either. My plan is to have 3 SSID's that each tie to a different VLAN - Users, IoT, and Guests.

I only have a couple days experience playing with Openwrt. I've tried experimenting with trying to configure this a dozen different ways and I've come to the realization I'm not going to figure it out on my own. Any help would be greatly appreciated! I'm using LUCI to configure the device. Here are the contents of the config files.

Network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '......::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'eth1'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.10.3'
        option gateway '192.168.10.1'
        option device 'eth1.90'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '2'
        option ports '0t'

config device
        option type '8021q'
        option ifname 'eth1'
        option vid '10'
        option name 'eth1.10'

config device
        option type '8021q'
        option ifname 'eth1'
        option vid '20'
        option name 'eth1.20'

config device
        option type '8021q'
        option ifname 'eth1'
        option vid '30'
        option name 'eth1.30'

config interface 'INTVLAN10'
        option type 'bridge'
        option device 'eth1.10'
        option proto 'dhcp'

config interface 'INTVLAN20'
        option proto 'static'
        option device 'eth1.20'

config interface 'INTVLAN30'
        option proto 'static'
        option device 'eth1.30'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '10'
        option ports '0t 5t 6t'

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option vid '30'
        option ports '0t 5t 6t'

config switch_vlan
        option device 'switch0'
        option vlan '5'
        option vid '20'
        option ports '0t 2 3 4 5t 6t'

config switch_vlan
        option device 'switch0'
        option vlan '6'
        option vid '90'
        option ports '0t 1 5t 6t'

config device
        option name 'eth0.10'
        option type '8021q'

config device
        option type 'bridge'
        option name 'vlan10bridge'
        option stp '1'
        option bridge_empty '1'
        list ports 'eth1'

config interface 'vlan10wireless'
        option device 'vlan10bridge'
        option proto 'dhcp'

config bridge-vlan
        option device 'vlan10bridge'
        option vlan '10'
        list ports 'eth1:t'


config wifi-device 'radio0'
        option type 'mac80211'
        option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
        option band '5g'
        option htmode 'VHT80'
        option channel 'auto'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option encryption 'none'
        option ssid 'USERS'
        option network 'vlan10wireless'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'


Wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
        option band '5g'
        option htmode 'VHT80'
        option channel 'auto'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option encryption 'none'
        option ssid 'USERS'
        option network 'vlan10wireless'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

I can't look into the details now, so just a 30'000 ft. suggestion:

• set up your VLANs and bridges in /etc/config/network, keep in mind that this device isn't using DSA yet, so follow 'old' swconfig based advice.
• wireless interfaces aren't mentioned in /etc/config/network/interfaces at all, the wireless interfaces need to connect to existing bridges from /etc/config/wireless (and only from there).
• if you don't want your VLAN on a physical LAN port, you can set up dangling bridges with no connected ethernet ports (only the wireless interfaces will become the sole bridge member, once wifi is up).

Thanks SLH. Finally figured out what I was doing wrong. Each interface needs to connect to a bridge. Each bridge will have one member who is the VLAN member, eth1.x. Then the wireless SSID's attach to the interfaces. I still don't understand the logic of using a bridge that doesn't define two members. That's a little mysterious to me. But it works now, so mission accomplished.

Good note on the DSA vs swconfig. It's confusing when I see different ways of setting up the switching.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.