Cudy WR3000S and VLANs on ethernet switch?

I'm trying to set up a Cudy WR3000S with two VLANs (and two separate WLANs connected to those VLANs). Each VLAN should also be attached to two ethernet ports each.

I have gotten a similar setup to work on my GL.Inet MT6000 before where I have a separate IOT network, so I thought I knew what I was doing in the DSA config. But here is the issue I'm having:

• The wifi side works fine, I can connect to either wifi network and end up the correct network and get assigned an IP in the correct DHCP range.
• When I plug in an ethernet cable I get link on my computer and on the router. I don't get DHCP. If I manually configure an IP in the right subnet on my laptop I can't ping the router on it's IP (I can over wifi). However, if I use netdiscover on my Linux laptop to do an ARP scan I do see the router on the expected IP. The router can't ping the computer either.
• Without any VLANs configured the ethernet ports work, so I don't think it is broken hardware.

I'm not sure what part of the config you need to help debug this, I assume I just missed a crucial step somewhere. Let me know and I'll try to get it to you as soon as possible.

Firmware version: OpenWrt 24.10.3 r28872-daca7c049b / LuCI openwrt-24.10 branch 25.250.61039~923f8d9 (image from firmware selector, not customised with owut or anything like that)

It would be easier if you'd share the network file for deep examination. Explain what you need on each LAN port and VLAN.

@badulesia No problem:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fda9:57f3:cf80::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1'
	list ports 'lan2'

config bridge-vlan
	option device 'br-lan'
	option vlan '2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'network1'
	option proto 'static'
	option device 'br-lan.1'
	option ipaddr '10.46.45.120'
	option netmask '255.255.255.0'
	option type 'bridge'

config interface 'network2'
	option proto 'static'
	option device 'br-lan.2'
	option ipaddr '10.46.42.120'
	option netmask '255.255.255.0'
	option defaultroute '0'

What I need is for LAN 1 and LAN 2 to be on network1, and LAN 3 and LAN 4 to be on network2.

Additionally my wireless config (sanitised for private info) looks like:

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi'
	option band '2g'
	option channel '1'
	option htmode 'HE20'
	option country 'SE'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'network1'
	option mode 'ap'
	option ssid 'Network1'
	option encryption 'sae-mixed'
	option key 'privkey_here'
	option ocv '0'

config wifi-iface 'network2_radio0'
	option device 'radio0'
	option network 'network2'
	option mode 'ap'
	option ssid 'Network2'
	option encryption 'sae-mixed'
	option key 'privkey_here'
	option ocv '0'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi+1'
	option band '5g'
	option channel '36'
	option htmode 'HE80'
	option country 'SE'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'network1'
	option mode 'ap'
	option ssid 'Network1'
	option encryption 'sae-mixed'
	option key 'privkey_here'
	option ocv '0'


config wifi-iface 'network2_radio1'
	option device 'radio1'
	option network 'network2'
	option mode 'ap'
	option ssid 'Network2'
	option encryption 'sae-mixed'
	option key 'privkey_here'
	option ocv '0'

I see that I should remove the unused lan interface, but I don't think it would cause this issue?

I see a bunch of issues here, so let's fix them:

For the bridge-vlans, I highly recommend explicitly indicating their untagged status by adding :u* after each port (such as list ports 'lan1:u*'). this is not required, but is good practice to avoid any issues:

Remove the bridge line from below (it doesn't belong there):

Also, note that that the IP address of the router is the .120 address (for both networks). It is common practice to use .1 or .254 (top or bottom of the /24 scope) as the router's IP -- this is not required, but does make things a bit easier. That said, there is no technical reason you cannot have it at .120... but that address falls within the default DHCP pool. This will cause a problem unless you have adjusted the DHCP pool such that it does not include .120 (you didn't show your dhcp config file, so I don't know if you made the appropriate change or not).

Why do you have the default route line here? If you want the network to route normally, you'll want that enabled (that is unless you are manually defining the routes or using PBR).

It is recommended to use WPA2 or WPA3, but not mixed WPA2/WPA3. This is because some client devices don't work well when presented with mixed mode operation (this applies to all of your SSIDs):

After you fix these things, restart your router and test again. If it still doesn't work, please post the updated complete configs:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Thanks for taking your time to answer and helping.

Huh, Luci did that. I will change that when I get back to the router.

Will do, it was added by luci though, I set up the config entirely from the Web UI, not from the command line.

I know, this is intended to provide wireless access to two separate lab networks that are not on the Internet (WAN will be removed/unused) with lots of static IPs, I have adjusted the dhcp pool ranges accordingly (as there is no existing equipment providing dhcp). Do note while my target network might be unorthodox I have not yet connected it to them, so the issues I'm seeing is even with just the router on my desk when setting it up.

Left over from experiments. Didn't make a difference. I was wondering if the fact it was airgapped and didn't have a WAN made a difference.

Sure, I have yet to see issues with Linux laptops though, and that is all that will use this WiFi. I could probably set it to just WPA3.

I will try this out when I get back to the office (should be in 1-2 days). Thanks again for spending your time on this.

option defaultroute is not applicable with proto static. In a DHCP, ppp, 3G etc. connection, it means do not use it as a WAN, by ignoring any default route advertised over autoconfig from upstream. It probably is ignored with proto static (if you do want a default route via a statically configured interface, use option gateway <upstream router IP>).

Useful to know. That checkbox should probably be removed from luci then, if it doesn't do anything.

@psherman Sorry, took me a couple of days to get back to this. What fixed it was the lan1:u* syntax. Apparently the *` is "primary vlan" which needed to be set.

What is odd is that my router at home (a MT-6000) doesn't have that set, yet the VLANs work perfectly there. I should probably set that as well though to be on the safe side?

Thanks so much for the help!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.