Additionally... assuming the lan is the network that is used for administering the device, the others should be unmanaged... so it should look like this:
config device
option type 'bridge'
option name 'br-domotique'
list ports 'eth0.25'
config interface 'vlan_domotique'
option proto 'none'
option device 'br-domotique'
Fix all your networks, then reboot and test again. If that doesn't work, please provide the updated config file.
Thank you for your super fast answer. Yep, I know I need bridges to make wifi work, but before creating my bridges for this intent, I wanted first to ensure my interfaces were able to get their DHCP addresses on their respective VLAN's and that VLAN were working fine in the switch. It is not the case.
When I add the bridges, it behaves the same, but let me provide you the config file with the bridge and the dump of the switch internal config. I'll be back soon with this, and will edit this post.
Where do you advice me to customize mac addresses for each interface then ?
Why did you set protocol to "none" ?
I'm back, I think I did all the modifications you asked, and only the admin network, untagged, is working fine.
When connecting to the different wifi networks associated to each VLAN, there is no connection to the internet available my iphone says. It's not working.
Please note that the switch config dump is still showing only one VLAN configured, but not all others. Why ?
Here is the dump of the /etc/config/network and swconfig dev switch0 show :
BusyBox v1.36.1 (2024-12-03 11:41:08 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 24.10.0-rc2, r28161-ea17e958b9
-----------------------------------------------------
root@OpenWrt-R2:~# cd /etc/config/
root@OpenWrt-R2:/etc/config# cat network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdeb:9dd0:c980::/48'
config switch 'switch0'
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '0t 1 2 3 4'
config switch_vlan
option device 'switch0'
option vlan '25'
option vid '25'
option ports '0t 1t 2t 3t 4t'
config switch_vlan
option device 'switch0'
option vlan '30'
option vid '30'
option ports '0t 1t 2t 3t 4t'
config switch_vlan
option device 'switch0'
option vlan '35'
option vid '35'
option ports '0t 1t 2t 3t 4t'
config device
option type 'bridge'
option name 'br-lan'
option macaddr '28:EE:52:58:80:02'
list ports 'eth0.2'
config device
option type 'bridge'
option name 'br-domotique'
option macaddr '28:EE:52:58:80:25'
list ports 'eth0.25'
config device
option type 'bridge'
option name 'br-smartphone'
option macaddr '28:EE:52:58:80:30'
list ports 'eth0.30'
config device
option type 'bridge'
option name 'br-invite'
option macaddr '28:EE:52:58:80:35'
list ports 'eth0.35'
config interface 'lan'
option proto 'dhcp'
option hostname 'AP-Admin'
option device 'br-lan'
config interface 'vlan_domotique'
option proto 'none'
option hostname 'AP-Domotique'
option device 'br-domotique'
config interface 'vlan_smartphone'
option proto 'none'
option hostname 'AP-Smartphone'
option device 'br-smartphone'
config interface 'vlan_invite'
option proto 'none'
option hostname 'AP-Invite'
option device 'br-invite'
root@OpenWrt-R2:/etc/config# swconfig dev switch0 show
Global attributes:
enable_vlan: 1
ar8xxx_mib_poll_interval: 500
ar8xxx_mib_type: 0
enable_mirror_rx: 0
enable_mirror_tx: 0
mirror_monitor_port: 0
mirror_source_port: 0
arl_table: address resolution table
Port 0: MAC 28:ee:52:58:80:02
Port 0: MAC d8:d6:68:2b:ba:af
Port 1: MAC 00:1c:25:9f:2f:4e
Port 1: MAC f0:9f:c2:60:6a:01
Port 0:
mib: MIB counters
RxGoodByte : 2148052694 (2.0 GiB)
TxByte : 160971 (157.1 KiB)
pvid: 0
link: port:0 link:up speed:1000baseT full-duplex txflow rxflow
Port 1:
mib: MIB counters
RxGoodByte : 158232 (154.5 KiB)
TxByte : 556086 (543.0 KiB)
pvid: 2
link: port:1 link:up speed:100baseT full-duplex auto
Port 2:
mib: No MIB data
pvid: 2
link: port:2 link:down
Port 3:
mib: No MIB data
pvid: 2
link: port:3 link:down
Port 4:
mib: No MIB data
pvid: 2
link: port:4 link:down
VLAN 2:
vid: 2
ports: 0t 1 2 3 4
root@OpenWrt-R2:/etc/config#
I still don't understand either why you don't want to set DHCP on those VLAN interfaces for my wifi networks, I've never heard of this rule before. Please note also that for the wifi network I am planning to enable the Wifi Roaming, because I have multiple AP TP-Link EAP-225-Wall V2, and I don't want to use the mode "over the air", but over cable, to transmit these data needed for roaming between AP's
Thanks a lot anyway for your help.
The main issue, the weird thing being for me the switch config dump showing only one VLAN configured. This is pretty weird. I wonder why.
This switch hardware only has a 16 entry VLAN table. The vlan option must be less than 16. The vid option is the tag which goes into the packets and it can be up to 4094.
config switch 'switch0'
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '2'
option ports '0t 1 2 3 4'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '25'
option ports '0t 1t 2t 3t 4t'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '30'
option ports '0t 1t 2t 3t 4t'
config switch_vlan
option device 'switch0'
option vlan '4'
option vid '35'
option ports '0t 1t 2t 3t 4t'
config device
option type 'bridge'
option name 'br-lan'
option macaddr '28:EE:52:58:80:02'
list ports 'eth0.2'
config device
option type 'bridge'
option name 'br-domotique'
option macaddr '28:EE:52:58:80:25'
list ports 'eth0.25'
config device
option type 'bridge'
option name 'br-smartphone'
option macaddr '28:EE:52:58:80:30'
list ports 'eth0.30'
config device
option type 'bridge'
option name 'br-invite'
option macaddr '28:EE:52:58:80:35'
list ports 'eth0.35'
config interface 'lan'
option proto 'dhcp'
option hostname 'AP-Admin'
option device 'br-lan'
config interface 'vlan_domotique'
option proto 'none'
option hostname 'AP-Domotique'
option device 'br-domotique'
config interface 'vlan_smartphone'
option proto 'none'
option hostname 'AP-Smartphone'
option device 'br-smartphone'
config interface 'vlan_invite'
option proto 'none'
option hostname 'AP-Invite'
option device 'br-invite'
Prevents me from accessing the device in untagged, unsusable. It doesn't get its DHCP address any longer for the admin interface untagged in the switch.
Tell me, those list port 'eth0.x' in a bridge definition refer to the vlan number in the table, or the vid of a vlan ? I thought it was the VID, but it seems to go wrong.
The config above is unsusable. I have to enter fail safe to change it.
Tagged and untagged on the same port should be avoided because it may not work on some hardware. Possibly, setting a pvid explicitly on the port pointing at the untagged VLAN could help, or it may not. This is consumer grade hardware not really built or tested for edge cases.
The vid tags also apply to packets on the CPU port of the switch. When vid is also specified, the vlan numbers represent only a position in the 16 entry table, which must be unique.
While tinkering with Ethernet settings it is a good idea to set up an 'admin' SSID and network so you can log in directly by wifi and not lose access if Ethernet is broken.
Not that it should be totally avoided, protocol-wise there is no problem, but one has to understand how to deal with suddenly crashed switch after config or precisely determine mis-config from the wire.
I have one first observation so far for OpenWRT developpers of swconfig :
They could have implemented an error triggering mechanism when committing an incorrect network configuration file with uci commit network command using VLAN ID's (For the VLAN table of a switch) that are wrong because greater than the the VLAN's table maximum size for a given "switch integrated circuit". There is nothing complex here, and it would really harden swconfig from a user perspective.
The limitations you are mentionning me (Do not mix tagged and untagged on some ports) on some given ethernet switch IC's could have been listed and documented in swconfig software too, so that LuCI can display them, or so that they are displayed anywhere, like added automaticaly as comments into network configuraton file, to warn users.
I'm going to try making the admin network tagged too, and see if it all works again, and be back here.
When the problem is solved, to thank you for your help, and to play the community game I always played here, I will update the wiki page of these kind of routers (TP-Link EAP-225 series) on OpenWRT wiki, to inform other users of these limitations with the switch so that they don't loose time hitting their head on the wall like I did.
Thank you very much for your educated answers and your help.
Apples to oranges there because the C7 contains an AR8337 switch. It is a much more capable chip, including a 4096 entry VLAN table which directly supports any possible combination of VLANs.
swconfig is no longer in active development, as the kernel project has directed the future to be DSA.
Changing the admin network to a tagged one made the whole thing work again. Let me do a few test to ensure my 3 wifi networks over dedicated VLAN are okay.
I have another question needing your educated answers :
This time, for this new configuration of my wifi network at home, I want to use, for the first time in my life, the wifi roaming facility, because I'll have like 6 AP for these 3 wifi networks.
The wifi roaming configuration differs from the default wifi roaming config with :
Use of the mode "Over Cable" and not "Over the air" for inter-AP key negociation/transfer.
Use of the mode "Push R1 key".
My question is : Is it going to work with my current configuration if no IP address is assigned to the interface of each of them for these 3 wifi networks ? Does the mechanism "Over the cable" need specific configuration of the bridge device or its associated interface (Currently in option proto 'none' mode), like having an assigned IP Address in order to allow inter-AP communication for the Wifi roaming key information transfer between AP's "Over the cable" ?
I hope my question is understandable, as I am new to Wifi Roaming and know nothing about the underlying mechanisms used to enable the inter-AP communication for this purpose.
Thanks a lot by advance for your educated answers.
You can skip R part, it is .3 vs 1.3s to roam,
KV can be instrumented by dawn or usteer, later needs just wpad-full and no extra config to communicate net maps over lan named network,
I shall keep the default wifi roaming config, and not activate Push R1 Key mode, it is useless.
Just need to ensure wpad-full is installed.
I didn't understand what you said regarding lan named networks, would you please rephrase a little bit. What network will those wifi drivers / interface use to exchange their informations ? Are they the corresponding 3 VLAN networks for the corresponding wifi interface networks tagged 25, 30 and 35 in my configuration ?
Thanks a lot for these details, I really need to understand truly what I am doing and why.
1 yes
2 not required, just will not roam if you install generic sysupgrade accidentally
3 usteer broadcasts network maps on the network named "lan , it needs one network for backend, it works on ssid-s not vlans. You can easily try it on dual band router.
DAWN requires adding K V parameters to /etc/config/wireless which then becomes invalid for wpad-basic like in sysupgrade to next release. Just 1c of reliability.
