Cant get TP-Link EAP615-Wall v1 Dumb AP vlan 1 to work

TP-Link EAP615-Wall v1
OpenWrt 23.05.0-rc3 r23389-5deed175a5 / LuCI openwrt-23.05 branch git-23.219.80063-bece581

So here is what the router vlan setup looks like

Here is what the EAP615 device bridge vlan filtering looks like to start with

I add valn 1 and I get this

I go back to the lan config and pick the new device br-lan.1

I hit save&apply , wait 90 seconds and revert the changes .
Note that this device is plugged into eth3 on the router

What am I doing wrong this time ?

this is what Luci is generating to do this

uci add network bridge-vlan # =cfg08a1b0
uci set network.@bridge-vlan[-1].device='br-lan'
uci set network.@bridge-vlan[-1].vlan='1'
uci add_list network.@bridge-vlan[-1].ports='lan0'
uci add_list network.@bridge-vlan[-1].ports='lan1'
uci add_list network.@bridge-vlan[-1].ports='lan2'

uci set network.lan.device='br-lan.1

An index of -1 ? That looks odd but perhaps it isnt

try using vlan# that is > 10

[-1] translates to 'next entry' for UCI. You will need to include eth3 into br-lan.1 if you want to keep connectivity after activating VLANs.

@zagi-tng The default VLAN when activating tagging is 1.

I avoid using vlan 1 because of that.
It's the "default" vlan on most of network equipment.

Using only tagged vlans on eth ports is more secure in these days of BYOD.

Vlan 1 untagged should work just fine. Try using the u* option on the port(s) of interest.

He's excluding his uplink though... Quite evident that breaks stuff.

How so? Maybe I am missing something (I prefer to look at the text config files).

As long as the uplink is on port eth4 of the router, we expect vlan1 untagged and vlan3 tagged. The ap has lan0-lan3, all with untagged vlan1 assigned. Therefore, we would expect this to work unless the lan interface hasn’t been updated for br-lan.1.

There's only 4 ports on this device, they're numbered lan0 through lan3. He says his uplink is on lan3. He then sets the default LAN bridge to lan0-2..

I have one myself, the uplink here is on lan0, which is the PoE port.

now I'm more confused . The 'uplink' is the port on the back of the device which is lan0 . I have 'carved' lan3 off into another device to use to directly attach to the device for recovery purposes . Are you saying 'lan0' should be excluded from the vlan ? If so how would I set the vlan tag for it? This is an AP so there is no 'wan' .

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like

@pluffmud Apologies, I misread that it was connected to port 3 on your router (which does not matter, BTW).

You might want to try this script, that should get you going to enable VLANs at least and keep your network functional. You can then split off ports to your liking.

The failsafe feature in the web UI might be triggering prematurely but I can't tell, I seldom use it and certainly not for low-level configuration.

{
        "kernel": "5.15.127",
        "hostname": "ollie",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "TP-Link EAP615-Wall v1",
        "board_name": "tplink,eap615-wall-v1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.0-rc3",
                "revision": "r23389-5deed175a5",
                "target": "ramips/mt7621",
                "description": "OpenWrt 23.05.0-rc3 r23389-5deed175a5"
        }
}
root@ollie:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd8d:f8c3:0d4c::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        option acceptlocal '1'
        list ports 'lan0'
        list ports 'lan1'
        list ports 'lan2'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '10.10.10.4'
        option gateway '10.10.10.1'
        list dns '10.10.10.1'

config device
        option name 'eth0'
        option acceptlocal '1'

config device
        option type 'bridge'
        option name 'breth3'
        list ports 'lan3'

config interface 'breth3'
        option proto 'static'
        option device 'breth3'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option gateway '10.10.10.4'

root@ollie:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option band '2g'
        option cell_density '0'
        option country 'US'
        option htmode 'HT20'
        option channel '11'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'ollie24'
        option encryption 'psk2'
        option key '***'
        option disassoc_low_ack '0'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
        option band '5g'
        option htmode 'HE80'
        option country 'US'
        option cell_density '0'
        option channel '149'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'ollie5'
        option encryption 'psk2'
        option key '***'
        option disassoc_low_ack '0'

root@ollie:~# cat /etc/config/dhcp

config dnsmasq
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option logqueries '1'
        list rebind_domain 'evinrude.net'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'
        option dynamicdhcp '0'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'breth3'
        option interface 'breth3'
        option start '100'
        option limit '150'
        option leasetime '12h'

I have been looking at that script but have not yet tried it . Waiting for a downtime window .

Although very similar to what you hd before... try adding this:

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan0:u*'
        list ports 'lan1:u*'
        list ports 'lan2:u*'

and then edit the lan device to use br-lan.1

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '10.10.10.4'
        option gateway '10.10.10.1'
        list dns '10.10.10.1'

Will do when I have a downtime window ;}
Thanks for the reply

I'm still going to try this but I noticed the code I posted claiming it was what LUCI produced was bogus . This is what LUCI spit out

uci add network bridge-vlan # =cfg08a1b0
uci set network.@bridge-vlan[-1].device='br-lan'
uci set network.@bridge-vlan[-1].vlan='1'
uci add_list network.@bridge-vlan[-1].ports='lan0:u*'
uci add_list network.@bridge-vlan[-1].ports='lan1:u*'
uci add_list network.@bridge-vlan[-1].ports='lan2:u*'
uci set network.lan.device='br-lan.1'

which looks to be what your config changes represent .

Yes, it does appear to be the same. But there is no reason that I am aware of that it shouldn’t work. Try editing your config file directly with my recommended changes and see what happens.

Use it to configure your single port VLAN as well, no need for a bridge there.

Edit: unless you're linking it to the wireless, of course.

OK so psherman's manual network config file changes made it work .
My next task is to tear it all down and try and figure out what I was doing wrong .

Thanks again to psherman.

I will mark this as solved in the not too distant future .

1 Like