I bought a Unifi LR6 and installed Openwrt (OpenWrt version 22.03 RC1, kernel 5.10.111). I want to use this OpenWrt AP in combination with my Opnsense firewall. At the same time the AP should remain "dumb". DHCP, DNS etc. should come from Opnsense. Of course I don't want to mount the AP just like that but would like to work with two VLANs. VLAN10 is my home network, VLAN20 should give a gas network. And exactly here I fail.
I've been trying to get the VLAN to work every day for almost 2 weeks now and I'm really frustrated.
Can someone please tell me what I need to set under Luci configure or the /etc/config/network to make it work?
Do I need to put the VLAN on the br-lan or on the eth0 device? How do I configure the interface then? Unmanged or static IP assigned
pls give a try to this theoretical approach, might help:
you did not tell how AP and Opnsense is connected physically, is there a VLAN-aware switch in between or you directly connect the AP to a port on the opnsense box. So i assume opnsense is properly configured and connection to AP (whatever it is) is already tagging the "home" and "guest" traffic.
also i assume the single ethernet port in your AP is indeed called eth0.
create a bridge (call it for example br0) with eth0 as member. enable VLAN bridging for br0 and add vlan 10 + 20 as both tagged under eth0.
reuse the default br-lan by replacing eth0 device with the newly created br0.10 device. set your lan interface as you wish using br-lan as device.
create a new bridge called br-guest add br0.20 device as member. create a new interface called guest on top of device br-guest and choose unmanged from protocol list.
add your wifi networks to corresponding wired networks (lan / guest).
note: having a single port and setting vlans can be tricky as you may get locked out of your box, so i'd suggest to try this config in virtualbox or similar and see what working config is created, then make necessary changes in the /etc/config/network directly.
note2: the guide i think is outdated as option ifname; option type is not used with config interface anymore as i know.
thanks for your reply. You are right. My Unifi LR6 is directly connected to my opnsense and I assume that my opnsense is configured correctly.
I have followed your steps 1 - 4 and can report first partial successes. Briefly about configuration: I reset the AP and gave it the IP address 192.168.1.2 with netmask 255.255.255.0. After that I followed your steps 1 - 4. I currently have two wireless networks on the AP. One is called "Home" and the other "Guest". When I connect to "Home" the whole thing works as expected. I can browse the Internet and I can access the AP.
When I connect to "Guest", my phone only says "IP address is being retrieved" and that's it. Even a laptop does not connect to the "Guest" - WIFI.
Do you have any other idea what this could be?
My /etc/config/network looks like this:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdbc:ca13:0163::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'br0.10'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.2'
config device
option type 'bridge'
option name 'br0'
list ports 'eth0'
config bridge-vlan
option device 'br0'
option vlan '10'
list ports 'eth0:t'
config bridge-vlan
option device 'br0'
option vlan '20'
list ports 'eth0:t'
config device
option type 'bridge'
option name 'br-guest'
list ports 'br0.20'
config interface 'guest'
option proto 'none'
option device 'br-guest'
option type 'bridge'
Edit: Okay strange. It had worked for a short period of time, now the internet is down again
Edit2: Okay the "Home" network Problem is resolved. It was an opnsense Problem. But "Guest" Network didn't work.
