Correctly configuring 2 router system with VLANs

Good evening.
I've been using openwrt on a single router for a couple months now and I'm loving it, but I recently upgraded to a bigger house and am having wireless range issues, so I purchased another router to extend my networks. I'm looking for some help in how I could go about configuring everything correctly, this is what I want to eventually end up with:

network_diagram1071×791 101 KB

Router 1 is a Netgear R7800 running openwrt.
Router 2 is a Linksys EA8500 running openwrt.

Router 1 takes in the ethernet cable to the WAN port configured as PPPOE. The 1st port goes to a smaller unmanaged 8 port switch that just connects to the houses wired LAN ports, these stay on the base subnet of 192.168.1.x
It also broadcasts the 2 wireless networks, one for home IOT devices on subnet 192.168.100.x, and the other is for laptops and phones on subnet 192.168.200.x

The second port runs to the other side of the house and connects to the LAN 1 port of router 2. Router 2 is configured with the address 192.168.1.2, and was configured utilizing the "Dumb Access Point" tutorial located at: https://openwrt.org/docs/guide-user/network/wifi/dumbap .

The second port of router2 goes to a 24 port managed switch that connects the home multimedia servers and NAS. These should be on their own VLAN with the subnet 192.168.20.x

I'm just looking for some tips on how to correctly configure this. I'm currently having problems/questions about:
1: I can't connect to router 2 without directly plugging into it with a laptop and assigning a static IP of 192.168.1.x
2. Router 2 doesn't show any wired devices connected to it (this might be normal since DHCP is disabled?)
3. How do I correctly configure the 192.168.20.x VLAN so both routers recognize it? Can it all be handled from router 1, even though router 2 and the devices connected to it are on the same port with router 2 being assigned 192.168.1.2?
4. Do the ports on switch 2 also need to be tagged with the VID?
5. I'm assuming the VLANs need to be configured and matching on both routers?

Thank you for your help.

You'll want to be connecting from router 1's LAN port to router 2's LAN port. The LAN IP of router 2 should be set to 192.168.1.2 (per your drawing), and DHCP should be disabled. At that point, the DHCP that is running on router 1 should be available on the wired ports, and route 2 should be accessible from any machine on that network.

Yes, if router 1 is running the DHCP server and router 2 is a dumb AP/switch, there won't really be any visibility of wired devices connected to it.

This depends on what you are trying to achieve. Yes, the VLANs need to be matching on the ports that connect from router 1 to router 2, and the ports that connect router 2 to switch 2. These are your trunk ports, carrying multiple networks over one wire. Most of the time, you'll configure the ports that are directly connected to end equipment (such as computers, game consoles, STBs, etc.) as access ports (untagged), but you obviously need to tell the switch which network each port should use.

It is probably easier to start with your router configurations. If your VLANs are configured and working as expected from a general functional standpoint in the primary router, it should be relatively straightforward to connect it to router 2 and then the managed switch.

Please make it clear what is coming from each router...

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless

Since you already have two switches I would have genuine access points on the second switch instead of wifi router #2. And the second switch connected directly to switch one.
Router #1 should do all the routing work with VLAN and interfaces together with the switches and access points.

Real access point vs wifi router…well a real access point cost as much as a “cheap” (below 100€) wifi home router and the design (white square box) of the access point isn’t really worth the money and the carton is usually brown so that means most of the money goes for the radio equipment.
On a home wifi router most of the money goes on the colored carton and plastic design and the router and switch chip. Not much money on the radio there, but they always have a lot of antennas sticking out!?

Thank you for taking the time to help me

Outputs from Router 1

• Main router, only has 1 VLAN which is on the port Router2 is attached to
  network output
  SSIDs emitted should be on .100/.200 subnets

root@MasterCheese:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fda8:2cb7:6878::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.1'

config interface 'wan'
        option proto 'pppoe'
        option device 'eth0.201'
        option username '*********'
        option password '*********'
        option ipv6 'auto'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '0t 6t 4 3 2'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '2'
        option ports '0t'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '0t 5t'
        option vid '201'
        option description 'Needed for ISP PPOE'

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option vid '20'
        option ports '0t 1'
        option description 'Home Servers'

config interface 'Servers'
        option proto 'static'
        option device 'eth0.20'
        option ipaddr '192.168.20.1'
        option netmask '255.255.255.0'
        list dns '192.168.1.1'

config interface 'Iot_Devices'
        option proto 'static'
        option ipaddr '192.168.100.1'
        option gateway '192.168.1.1'
        option netmask '255.255.255.0'
        list dns '8.8.8.8'
        list dns '1.1.1.1'

config interface 'Home_Devices'
        option proto 'static'
        option ipaddr '192.168.200.1'
        option netmask '255.255.255.0'
        option gateway '192.168.1.1'
        list dns '192.168.1.1'

wireless output

root@MasterCheese:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
        option htmode 'VHT80'
        option txpower '20'
        option country 'US'
        option cell_density '0'
        option beacon_int '100'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'WL2'
        option encryption 'psk2'
        option key '*********'
        option ieee80211v '1'
        option ieee80211k '1'
        option bss_transition '1'
        option wnm_sleep_mode '1'
        option time_advertisement '2'
        option rrm_neighbor_report '1'
        option rrm_beacon_report '1'
        option time_zone 'CST6CDT,M3.2.0,M11.1.0'
        option network 'Home_Devices'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
        option htmode 'HT20'
        option channel '4'
        option txpower '20'
        option country 'US'
        option cell_density '0'
        option beacon_int '100'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'WL1'
        option encryption 'psk2'
        option key '*********'
        option isolate '1'
        option network 'Iot_Devices'

From this point everything more or less works except--

• I still can't access Router 2 from any device plugged into router 1
• Devices connecting to 'WL2'/'Home_Devices' receive the correct 192.168.200.x address when they are connected to the broadcast of Router1, but when switched to Router2 they are given the 192.168.20.x address, I'm assuming because everything emitted by the port Router2 is connected to is supposed to be given that vlan/subnet.
  To fix this, do I need to re-create the wireless interface from R1 to R2, if so, will the firewall of R1 handle it exactly as it would for its broadcasts?

Router 2 (Dummy AP) - Home NAS and servers connected to it. No currently configured VLANs
SSIDs emitted should also be on .100/.200 subnets, while connected devices should be on .20, due to the port that R2 connects to R1 through and the configured VLAN on R1.

wireless

root@Cheese_AP:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '1'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid '**********'
        option encryption 'psk2'
        option key '**********'
        option ieee80211v '1'
        option ieee80211k '1'
        option bss_transition '1'
        option wnm_sleep_mode '1'
        option time_advertisement '2'
        option time_zone 'CST6CDT,M3.2.0,M11.1.0'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid '*******'
        option encryption 'psk2'
        option key '*******'

network

root@Cheese_AP:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd94:97b7:09da::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1.1'

config device
        option name 'eth1.1'
        option macaddr '14:91:82:72:fb:18'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.2'
        option gateway '192.168.1.1'
        list dns '192.168.1.1'

config device
        option name 'eth0.2'
        option macaddr '14:91:82:72:fb:18'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'
        option auto '0'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'
        option auto '0'
        option reqaddress 'try'
        option reqprefix 'auto'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 0t'

Start with just one network and then repeat the recipe once you have proven it works and understand the process.

If you want to connect the 100 and 200 networks that have been established in router 1 to ethernet so that they can physically connect to router 2, make adjustments like this... starting with router 1 :

config device
        option name 'br-iot'
        option type 'bridge'
        list ports 'eth1.100'

config interface 'Iot_Devices'
        option device 'br-iot'
        option proto 'static'
        option ipaddr '192.168.100.1'
        option gateway '192.168.1.1'
        option netmask '255.255.255.0'
        list dns '8.8.8.8'
        list dns '1.1.1.1'

Then, figure out which logical port on the primary router corresponds to the physical port that connects to the second router, and make a new VLAN config for the switch that will look something like this:

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '100'
        option ports '6t 4t'

^^^ Here, I have made two guesses that might be wrong. 1) I am guessing that port 6 equates to the CPU eth1 to enable eth1.100 and 2) I am also guessing that logical port 4 is the one that actually links between your two routers. These assumptions might be wrong, but the takeaway is that you need both of these tagged (hence the "t"). You need to determine which logical port is being used for the link to router 2, and you also need see what logical port maps to eth1 -- substitute as necessary.

Now, on to router 2... add this:

config device
        option name 'br-iot'
        option type 'bridge'
        list ports 'eth1.100'

config interface 'iot'
        option device 'br-iot'
        option proto 'none'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '100'
        option ports '1t  4t 6t'

^^^ in this case, I'm taking a guess that logical port 1 is the uplink to router 1, and that logical port 4 is the connection to your managed switch. Again, these might be wrong.

For testing purposes, you might want to take one of the other ports and make it untagged VLAN 100 -- this way you can test the connectivity with a standard wired device. To do this, you must remove one of the ports from VLAN 1 and assign it to VLAN 100. For example, if we use logical port 3:

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '100'
        option ports '1t 3 4t 6t'

Once this is proven to work, you can assign the iot network to an SSID in router 2 and it should work. But I'd start by verifying that the wired path works first so that you have a known good trunk situation.

Thank you so much!
I believe I understand how it all works with the bridge between the devices, and ensuring everything is properly tagged... and all the VLANs are now setup correctly. Your help will make it super easy to keep experimenting and and eventually expand from my current setup.

The only small annoyance I'm still having is the inability to connect to R2 from a LAN connection. It's not important at this point, I'm more curious as to what I did wrong
On this desktop:
192.168.1.1 --> connects to the main router no problem
192.168.1.2 --> 'This site can't be reached'. Results of ping:

Pinging 192.168.1.2 with 32 bytes of data:
Reply from 192.168.1.109: Destination host unreachable.
Request timed out.
Request timed out.
Reply from 192.168.1.109: Destination host unreachable.

Ping statistics for 192.168.1.2:
    Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),

Let's see the complete config files for network and firewall.

And is the ping test from a host on the 192.168.1.0/24 network (it looks like the host's IP is 192.168.1.109, but please confirm).

The network for both are in the previous post, only things modified were the additions for the 2 VLANs you instructed.

And correct, this ping is done from a host on the 192.168.1.0/24 net, and it's IP was 192.168.1.109
Firewall for R1 (192.168.1.1). It also appears as if R2 can't access the internet (can't update packages on it, maybe dns/dhcp ?)

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option synflood_protect '1'
        option flow_offloading '1'
        option flow_offloading_hw '1'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        list network 'lan'
        option forward 'REJECT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include 'qcanssecm'
        option type 'script'
        option path '/etc/firewall.d/qca-nss-ecm'
        option family 'any'
        option reload '1'

config include 'bcp38'
        option type 'script'
        option path '/usr/lib/bcp38/run.sh'
        option family 'IPv4'
        option reload '1'

config zone
        option name 'homeServers'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'Servers'

config forwarding
        option src 'homeServers'
        option dest 'wan'

config rule
        option name 'MediaCenter - Postgres'
        option src 'lan'
        list dest_ip '192.168.20.5'
        option dest_port '5432'
        option target 'ACCEPT'

config rule
        option src 'homeServers'
        option dest_port '67'
        option target 'ACCEPT'
        list proto 'udp'
        option name 'Home Servers DHCP'

config rule
        option src 'homeServers'
        option dest_port '53'
        option target 'ACCEPT'
        option name 'Home Servers DNS'

config forwarding
        option src 'homeServers'
        option dest 'lan'

config forwarding
        option src 'lan'
        option dest 'homeServers'

config rule
        option target 'ACCEPT'
        option dest_port '8080'
        option dest 'lan'
        option src 'lan'
        list dest_ip '192.168.1.5'
        list proto 'tcp'
        option name 'Kodi LAN Control'

config rule
        option name 'Kodi WL Control'
        list proto 'tcp'
        option src 'homeDevices'
        option dest 'lan'
        list dest_ip '192.168.1.5'
        option dest_port '8080'
        option target 'ACCEPT'

config rule
        option dest 'lan'
        option dest_port '9777'
        option target 'ACCEPT'
        option src 'lan'
        list dest_ip '192.168.1.5'
        option name 'Kodi LAN Event Server'

config rule
        option name 'Kodi WL Event Server'
        option src 'homeDevices'
        option dest 'lan'
        option dest_port '9777'
        option target 'ACCEPT'
        list dest_ip '192.168.1.5'

config rule
        option src 'lan'
        option dest 'lan'
        list dest_ip '192.168.1.5'
        option dest_port '5600'
        option target 'ACCEPT'
        option name 'Kodi LAN WOL'

config zone
        option name 'iot_devices'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'Iot_Devices'
        option input 'REJECT'

config forwarding
        option src 'iot_devices'
        option dest 'wan'

config rule
        option name 'Kodi WL WOL'
        option src 'homeDevices'
        option dest 'lan'
        list dest_ip '192.168.1.5'
        option target 'ACCEPT'
        option dest_port '5600'

config rule
        option name 'Wutang-DHCP'
        list proto 'udp'
        option src 'iot_devices'
        option dest_port '67'
        option target 'ACCEPT'

config rule
        option name 'Wutang-DNS'
        option src 'iot_devices'
        option dest_port '53'
        option target 'ACCEPT'

config zone
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'Home_Devices'
        option name 'homeDevices'

config forwarding
        option src 'homeDevices'
        option dest 'lan'

config forwarding
        option src 'homeDevices'
        option dest 'wan'

config forwarding
        option src 'lan'
        option dest 'homeDevices'

config forwarding
        option src 'wan'
        option dest 'homeDevices'

config rule
        list proto 'udp'
        option target 'ACCEPT'
        option src 'homeDevices'
        option dest_port '67'
        option name 'LANBeforeTime-DHCP'

config rule
        option name 'LANBeforeTime-DNS'
        option src 'homeDevices'
        option dest_port '53'
        option target 'ACCEPT'

Firewall for R2 (Which is disabled)

root@Cheese_AP:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'
        option flow_offloading '1'
        option flow_offloading_hw '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include 'qcanssecm'
        option type 'script'
        option path '/etc/firewall.d/qca-nss-ecm'
        option family 'any'
        option reload '1'

config include 'bcp38'
        option type 'script'
        option path '/usr/lib/bcp38/run.sh'
        option family 'IPv4'
        option reload '1'

So how are you reaching r2 for the config files and such?

Laptop plugged directly into a LAN port on R2, and I'm giving the laptop a static IP of 192.168.1.4, with the default gateway at 192.168.1.1

Is r1 connected to r2’s lan port or wan port? It should be the lan port.

I think I figured out the problem… check router 1. Vlan1 may not be tagged on the trunk port. Fix that and things should start working.

If not, please do post the entire network config files from each device so we can look at the latest.

Correct, R1 LAN port 4 is connected to R2 LAN port 1. I tried tagging VLAN 1 on R1 to port 4, and still no luck

Everything functions and has internet when connected to R2, it's just the management portion of it that is a bit tricky at the moment

network for R1:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fda8:2cb7:6878::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1.1'

config device
	option name 'br-iot'
	option type 'bridge'
	list ports 'eth1.100'

config interface 'Iot_Devices'
	option device 'br-iot'
	option proto 'static'
	option ipaddr '192.168.100.1'
	option gateway '192.168.1.1'
	option netmask '255.255.255.0'
	list dns '8.8.8.8'
	list dns '1.1.1.1'
	list dns '8.8.8.8'
	list dns '1.1.1.1'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option vid '100'
	option ports '6t 1t'
	option description 'IOT Device VLAN'

config device
	option name 'br-homeDevices'
	option type 'bridge'
	list ports 'eth1.200'

config interface 'Home_Devices'
	option device 'br-homeDevices'
	option proto 'static'
	option ipaddr '192.168.200.1'
	option gateway '192.168.1.1'
	option netmask '255.255.255.0'
	list dns '192.168.1.1'

config switch_vlan
	option device 'switch0'
	option vlan '6'
	option vid '200'
	option ports '6t 1t'
	option description 'Home Device VLAN'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.1'

config interface 'wan'
	option proto 'pppoe'
	option device 'eth0.201'
	option username ''
	option password ''
	option ipv6 'auto'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0t 6t 4 3 2 1t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'
	option ports '0t'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '0t 5t'
	option vid '201'
	option description 'Needed for ISP PPOE'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '20'
	option ports '0t 1'
	option description 'Home Servers'

config interface 'Servers'
	option proto 'static'
	option device 'eth0.20'
	option ipaddr '192.168.20.1'
	option netmask '255.255.255.0'
	list dns '192.168.1.1'

Network for R2:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd94:97b7:09da::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1.1'

config device
	option name 'br-iot'
	option type 'bridge'
	list ports 'eth1.100'

config interface 'iot'
	option device 'br-iot'
	option proto 'none'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid 100
	option ports '1t 4t 6t'

config device
	option name 'br-homeDevices'
	option type 'bridge'
	list ports 'eth1.200'

config interface 'homeDevices'
	option device 'br-homeDevices'
	option proto 'none'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid 200
	option ports '1t 4t 6t'


config device
	option name 'eth1.1'
	option macaddr '14:91:82:72:fb:18'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.2'
	option gateway '192.168.1.1'
	list dns '192.168.1.1'

config device
	option name 'eth0.2'
	option macaddr '14:91:82:72:fb:18'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'
	option auto '0'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'
	option auto '0'
	option reqaddress 'try'
	option reqprefix 'auto'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '5 0t'

In r2, tag 1 and 4 (1t 2 3 4t 6t)

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.