I have a tplink archer c20v5, and Im looking to create vlans for my network.
What are the steps I need to follow to create a vlan.
When ever I use switch tab in network and tag my lan1 interface I loose control to my network when connected to lan.
I need some guidence on how I can create vlans
If you search the forums, it is pretty easy to find examples - likely even for your own device.
However, if you describe your goals, we can help with some specifics.
Im trying to achieve following network topology.
I have configured my router to have lan and guest network with appropriate firewall rules, however when configuring vlan im losing access to my lan when connected to lan and internet does not work for both lan and wifi.
VLANs are only necessary if you will be setting up multiple networks on a single Ethernet port - this would be for connections to downstream managed switches or vlan aware APs.
Is that your intent?
What ports will each network be connected to?
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
ubus call system board
{
"kernel": "5.10.176",
"hostname": "OpenWrt",
"system": "MediaTek MT7628AN ver:1 eco:2",
"model": "TP-Link Archer C20 v5",
"board_name": "tplink,archer-c20-v5",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.4",
"revision": "r20123-38ccc47687",
"target": "ramips/mt76x8",
"description": "OpenWrt 22.03.4 r20123-38ccc47687"
}
}
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd06:35fb:ee49::/48'
config interface 'lan'
option proto 'static'
option delegate '0'
option ipv6 '0'
list ipaddr '10.100.11.1/27'
option device 'br-lan'
config device
option name 'eth0.2'
option macaddr '9t:a2:f5:09:b1:52'
option ipv6 '0'
config interface 'wan'
option device 'eth0.2'
option proto 'pppoe'
option username 'admin'
option password 'admin'
option ipv6 '0'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 6t'
config device
option type 'bridge'
option name 'br-lan'
option ipv6 '0'
list ports 'vlan0.1'
list ports 'wlan1'
config interface 'wlan1'
option proto 'static'
option device 'wlan0'
option ipaddr '10.100.11.96'
option netmask '255.255.255.224'
config device
option type 'bridge'
option name 'vlan0'
option igmp_snooping '1'
option ipv6 '0'
list ports 'eth0.1'
config interface 'Restricted'
option proto 'static'
option ipaddr '10.100.11.80'
option netmask '255.255.255.248'
option device 'vlan0.10'
config device
option name 'eth0'
option ipv6 '0'
config bridge-vlan
option device 'vlan0'
option vlan '1'
list ports 'eth0.1:u*'
config bridge-vlan
option device 'vlan0'
option vlan '10'
list ports 'eth0.1:t'
config device
option name 'eth0.1'
option ipv6 '0'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/10300000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'wlan'
option encryption 'psk2'
option key 'admin'
option network 'wlan1'
config wifi-device 'radio1'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option ssid 'wlan-5Ghz'
option encryption 'psk2'
option key 'admin'
option network 'lan'
You have a number of things wrong here - you are mixing dsa and swconfig syntax which is invalid. Fastest path is to reset to defaults and then post the config as well as your indented port mapping.
Can you help me understand which configuration is part of swconfig and which is dsa or you could also point me to documents which clarify this to me.
If you can wait a few days, sure. But it will be faster just to start fresh. Lmk.
Why few days?
Travel. I can easily advise about the small things for implementing it correctly in the few minutes I will have between now and then. But a few days will be needed for the next time I can sit down at a computer to do a deep dive about what is wrong with the current config.
I would like to get the deep dive information about whats wrong with my configuration.
Its okay I can wait for you to give me detailed information, I need to understand whats going wrong.
Im planning to implement openwrt in our office network, so for me to do that I need to be sure as hell before I propose my plan.
Appreciated for your support.
Just to be clear, your configuration is in a state that's really best factory-reset and started over again. It's going to be difficult to dissect what's expected, what's right and what's wrong, with a high potential to miss things.
My only motive is to be in a state that I can do this openwrt deployment with vlans whenever required.
Will the explanation be provided for changes made to thr configuration?
I think mt7628 is still using swconfig (but the generated /etc/config/network after the factory reset will confirm that - or not), so following swconfig specific advice (and not DSA/ bridge-vlan) should be the way to go. Different than DSA, but still a well-known (and documented) approach. The wild mixture of different approaches you have in your configuration now, is what makes it unwieldy (and invalid, in its current form).
Thank you for your explanation, will share the factory reset configuration by eod today.
I performed factory reset and below are fresh configuration of my router.
I want my vlans to be created on port eth0.1 as this is the physical port on my router where my switch is connected and then the switch is connected to my desktop and my hypervisor.
Vlans to created
ubus call system board
{
"kernel": "5.10.176",
"hostname": "OpenWrt",
"system": "MediaTek MT7628AN ver:1 eco:2",
"model": "TP-Link Archer C20 v5",
"board_name": "tplink,archer-c20-v5",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.4",
"revision": "r20123-38ccc47687",
"target": "ramips/mt76x8",
"description": "OpenWrt 22.03.4 r20123-38ccc47687"
}
}
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fda0:f1f8:43f5::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth0.2'
option macaddr '9a:b2:c1:09:d2:e2'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 6t'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/10300000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-device 'radio1'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
What physical port is being used for the trunk? Or what is the port mapping of your main lan and your two VLANs? (As labeled on the back of the device)
Im using the port 1 for connecting all my machines and I want to create vlans in the first port itself.
Anyone can help me?
