D-Link DAP 2160: vlans and wifi ... (newbie)

sgw · January 2, 2021, 11:06am

I am trying to set up a Wifi AP on a Dlink DAP-2160.

My customer installed

http://downloads.openwrt.org/snapshots/targets/ipq40xx/generic/openwrt-ipq40xx-generic-dlink_dap-2610-squashfs-factory.bin

and we want to have:

WebGUI (Luci) in VLAN20 (eth0.20)
2 Wifi-ESSIDs in separate VLANs 110 and 111

With much googling and fiddling I achieved point 1 ... and I could ping all the VLANs gateways on the shell. Fine.

I have to add that initially there was no "Network-Switch" menu point from the start, it appeared only after having this setup:

# cat /etc/config/network 

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '20'
	option vid '20'
	option ports '0t 1t 2t 3t 4t 5t'

config interface 'vlan_20'
	option ifname 'eth0.20'
	option proto 'dhcp'

config interface 'vlan110'
	option ifname 'eth0.110'
	option type 'bridge'
	option proto 'none'

config interface 'vlan111'
	option ifname 'eth0.111'
	option proto 'none'
	option type 'bridge'

Then the GUI told me that the switch topology was unknown or so. I found in the forum that I shouldn't use "switch_vlan", right?

I had bridged a Wifi radio to eth0.110 but never received IP-adresses via DHCP, I assume I have to make sure to untag the packets there.

Could someone point me at how to:

make the switch configurable via "Network - Switch" tab?
determine which port on the internal switch is Wifi and how to correctly set that up?
bridge Wifi to vlan110 and get the zones/fw right?

I am quite experienced with networking, but not at all with the concepts of OpenWrt, as you see

Additional issue: the box seems to lose its settings ... right now I have to wait for another admin to reset the box (remote site). This isn't good at all, and I can only guess that we maybe have the wrong FW flashed or so?

thanks in advance for any help here.

Borromini · January 2, 2021, 12:21pm

Ipq40xx is a problem child when it comes to VLANs at the moment, unfortunately.

sgw · January 3, 2021, 10:50am

OK ... that doesn't explain why the device loses its config, right?

We try to build an image containing a base config and luci etc ... is there a "base image" recommended right now for that hardware? Otherwise we seem to get lost every time.

On reddit I got a reply telling that DSA only recently was enabled for that chipset?

sgw · January 3, 2021, 11:24am

I assume my problems come from installing a snapshot ?
But I can't find a fitting image for factory right now.
BTW I got the model wrong, it's a DAP-2610 !

sgw · January 3, 2021, 11:48am

We try to build and flash our own image now. We'll see.

Borromini · January 3, 2021, 11:57am

Are you referring to settings not getting saved (if then there's probably no /overlay), or to it becoming inaccessible?

Every device starts its life in snapshot. That's no indicator support is (or isn't) mature.

For the VLAN issues, see this topic e.g.:

I haven't tried any VLAN setups on ipq40xx devices anymore, but I bumped into that issue as well back when I deployed my first ipq40xx device.

sgw · January 3, 2021, 3:10pm

Thanks for the feedback.
I am currently waiting for the "remote admin" to flash the image we prepared.
It should give us 3 tagged VLANs on eth0 and a writable overlay (as far as I understand).
From there I will see what happens.

sgw · January 4, 2021, 6:37am

After some misguided setup we had to enter failsafe mode and rewrite the config, currently it's up.

We run OpenWrt SNAPSHOT, r15404-55e23f2c02

I set a static IP in the untagged LAN and try to add VLAN interfaces.

# cat /etc/config/network 

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd80:c43b:0a8e::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option ipaddr '192.168.97.61'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.97.1'
	list dns '8.8.8.8'

config device 'lan_eth0_dev'
	option name 'eth0'
	option macaddr 'ec:ad:e0:7b:1d:20'

config interface 'vlan110'
	option proto 'none'
	option type 'bridge'
	option ifname 'eth0.110'

config interface 'vlan20'
	option type 'bridge'
	option ifname 'eth0.20'
	option proto 'dhcp'

The switch port is set to TRUNK, PVID1 (to provide "normal" LAN) and also transports the 2 tagged VLANs 20 and 110.

Currently I don't get a DHCP lease on the AP, do I need additional fw rules for that?
Or does that show that it simply won't work?

btw: no "Switch" menu in the GUI again.

thanks, good morning (here ..)

sgw · January 4, 2021, 7:00am

Update: disabled firewall, dnsmasq, odhcpd (as in howto dumbap).

Playing with swconfig on the shell now, somehow strange behavior.

swconfig dev switch0 vlan 20 set ports '0t 5'
swconfig dev switch0 show

[..]

VLAN 1:
	vid: 1
	ports: 0t 5t 
VLAN 2:
	vid: 2
	ports: 0t 
VLAN 20:
	vid: 20
	ports: 0t 5 
VLAN 110:
	vid: 110
	ports: 0t 5t

but the next one for VLAN110 toggles VLAN20 as well ->

swconfig dev switch0 vlan 110 set ports '0t 5'

VLAN 1:
	vid: 1
	ports: 0t 5t 
VLAN 2:
	vid: 2
	ports: 0t 
VLAN 20:
	vid: 20
	ports: 0t 5t 
VLAN 110:
	vid: 110
	ports: 0t 5

sgw · January 4, 2021, 7:22am

Let me also add the swconfig output here, maybe someone can tell me what these 5 ports mean:

# swconfig dev switch0 show
Global attributes:
        enable_vlan: 1
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        mirror_monitor_port: 0
        mirror_source_port: 0
        linkdown: ???
Port 0:
        mib: Port 0 MIB counters
RxBroad     : 6
RxPause     : 0
RxMulti     : 17
RxFcsErr    : 0
RxAlignErr  : 0
RxRunt      : 0
RxFragment  : 0
Rx64Byte    : 9
Rx128Byte   : 142
Rx256Byte   : 36
Rx512Byte   : 15
Rx1024Byte  : 12
Rx1518Byte  : 19
RxMaxByte   : 0
RxTooLong   : 0
RxGoodByte  : 59930
RxBadByte   : 0
RxOverFlow  : 0
Filtered    : 12
TxBroad     : 125
TxPause     : 0
TxMulti     : 11
TxUnderRun  : 0
Tx64Byte    : 106
Tx128Byte   : 231
Tx256Byte   : 14
Tx512Byte   : 10
Tx1024Byte  : 28
Tx1518Byte  : 1
TxMaxByte   : 0
TxOverSize  : 0
TxByte      : 52848
TxCollision : 0
TxAbortCol  : 0
TxMultiCol  : 0
TxSingleCol : 0
TxExcDefer  : 0
TxDefer     : 0
TxLateCol   : 0

        pvid: 0
        link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
Port 1:
        mib: Port 1 MIB counters
RxBroad     : 0
RxPause     : 0
RxMulti     : 0
RxFcsErr    : 0
RxAlignErr  : 0
RxRunt      : 0
RxFragment  : 0
Rx64Byte    : 0
Rx128Byte   : 0
Rx256Byte   : 0
Rx512Byte   : 0
Rx1024Byte  : 0
Rx1518Byte  : 0
RxMaxByte   : 0
RxTooLong   : 0
RxGoodByte  : 0
RxBadByte   : 0
RxOverFlow  : 0
Filtered    : 0
TxBroad     : 0
TxPause     : 0
TxMulti     : 0
TxUnderRun  : 0
Tx64Byte    : 0
Tx128Byte   : 0
Tx256Byte   : 0
Tx512Byte   : 0
Tx1024Byte  : 0
Tx1518Byte  : 0
TxMaxByte   : 0
TxOverSize  : 0
TxByte      : 0
TxCollision : 0
TxAbortCol  : 0
TxMultiCol  : 0
TxSingleCol : 0
TxExcDefer  : 0
TxDefer     : 0
TxLateCol   : 0

        pvid: 0
        link: port:1 link:down
Port 2:
        mib: Port 2 MIB counters
RxBroad     : 0
RxPause     : 0
RxMulti     : 0
RxFcsErr    : 0
RxAlignErr  : 0
RxRunt      : 0
RxFragment  : 0
Rx64Byte    : 0
Rx128Byte   : 0
Rx256Byte   : 0
Rx512Byte   : 0
Rx1024Byte  : 0
Rx1518Byte  : 0
RxMaxByte   : 0
RxTooLong   : 0
RxGoodByte  : 0
RxBadByte   : 0
RxOverFlow  : 0
Filtered    : 0
TxBroad     : 0
TxPause     : 0
TxMulti     : 0
TxUnderRun  : 0
Tx64Byte    : 0
Tx128Byte   : 0
Tx256Byte   : 0
Tx512Byte   : 0
Tx1024Byte  : 0
Tx1518Byte  : 0
TxMaxByte   : 0
TxOverSize  : 0
TxByte      : 0
TxCollision : 0
TxAbortCol  : 0
TxMultiCol  : 0
TxSingleCol : 0
TxExcDefer  : 0
TxDefer     : 0
TxLateCol   : 0

        pvid: 0
        link: port:2 link:down
Port 3:
        mib: Port 3 MIB counters
RxBroad     : 0
RxPause     : 0
RxMulti     : 0
RxFcsErr    : 0
RxAlignErr  : 0
RxRunt      : 0
RxFragment  : 0
Rx64Byte    : 0
Rx128Byte   : 0
Rx256Byte   : 0
Rx512Byte   : 0
Rx1024Byte  : 0
Rx1518Byte  : 0
RxMaxByte   : 0
RxTooLong   : 0
RxGoodByte  : 0
RxBadByte   : 0
RxOverFlow  : 0
Filtered    : 0
TxBroad     : 0
TxPause     : 0
TxMulti     : 0
TxUnderRun  : 0
Tx64Byte    : 0
Tx128Byte   : 0
Tx256Byte   : 0
Tx512Byte   : 0
Tx1024Byte  : 0
Tx1518Byte  : 0
TxMaxByte   : 0
TxOverSize  : 0
TxByte      : 0
TxCollision : 0
TxAbortCol  : 0
TxMultiCol  : 0
TxSingleCol : 0
TxExcDefer  : 0
TxDefer     : 0
TxLateCol   : 0

        pvid: 0
        link: port:3 link:down
Port 4:
        mib: Port 4 MIB counters
RxBroad     : 0
RxPause     : 0
RxMulti     : 0
RxFcsErr    : 0
RxAlignErr  : 0
RxRunt      : 0
RxFragment  : 0
Rx64Byte    : 0
Rx128Byte   : 0
Rx256Byte   : 0
Rx512Byte   : 0
Rx1024Byte  : 0
Rx1518Byte  : 0
RxMaxByte   : 0
RxTooLong   : 0
RxGoodByte  : 0
RxBadByte   : 0
RxOverFlow  : 0
Filtered    : 0
TxBroad     : 0
TxPause     : 0
TxMulti     : 0
TxUnderRun  : 0
Tx64Byte    : 0
Tx128Byte   : 0
Tx256Byte   : 0
Tx512Byte   : 0
Tx1024Byte  : 0
Tx1518Byte  : 0
TxMaxByte   : 0
TxOverSize  : 0
TxByte      : 0
TxCollision : 0
TxAbortCol  : 0
TxMultiCol  : 0
TxSingleCol : 0
TxExcDefer  : 0
TxDefer     : 0
TxLateCol   : 0

        pvid: 0
        link: port:4 link:down
Port 5:
        mib: Port 5 MIB counters
RxBroad     : 125
RxPause     : 0
RxMulti     : 11
RxFcsErr    : 0
RxAlignErr  : 0
RxRunt      : 0
RxFragment  : 0
Rx64Byte    : 106
Rx128Byte   : 231
Rx256Byte   : 14
Rx512Byte   : 10
Rx1024Byte  : 28
Rx1518Byte  : 1
RxMaxByte   : 0
RxTooLong   : 0
RxGoodByte  : 52848
RxBadByte   : 0
RxOverFlow  : 0
Filtered    : 0
TxBroad     : 0
TxPause     : 0
TxMulti     : 11
TxUnderRun  : 0
Tx64Byte    : 9
Tx128Byte   : 139
Tx256Byte   : 36
Tx512Byte   : 9
Tx1024Byte  : 13
Tx1518Byte  : 19
TxMaxByte   : 0
TxOverSize  : 0
TxByte      : 57498
TxCollision : 0
TxAbortCol  : 0
TxMultiCol  : 0
TxSingleCol : 0
TxExcDefer  : 0
TxDefer     : 0
TxLateCol   : 0

        pvid: 1
        link: port:5 link:up speed:1000baseT full-duplex auto
VLAN 1:
        vid: 1
        ports: 0t 5 
VLAN 2:
        vid: 2
        ports: 0t

This is after a reboot. So none of my VLANs visible here.

sgw · January 5, 2021, 5:14pm

I currently have the following configuration and things look good ...
WIFI in VLAN110, gets DHCP leases from the pfsense ... nice.

I assume I could remove some unused ports from the "option ports" lines, but as far as I understand they don't hurt .. so anyway ..

Thanks so far.

# cat /etc/config/network 

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd80:c43b:0a8e::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'dhcp'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '20'
        option vid '20'
        option ports '0t 1 2 3 5t'

config switch_vlan
        option device 'switch0'
        option vlan '110'
        option vid '110'
        option ports '0t 4 5t'

config switch_vlan
        option device 'switch0'
        option vlan '111'
        option vid '111'
        option ports '0t 4 5t'

config interface 'vlan20'
        option ifname 'eth0.20'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.20.61'
        option netmask '255.255.255.0'
        option gateway '192.168.20.1'
        option stp '1'

config interface 'vlan110'
        option type 'bridge'
        option ifname 'eth0.110'
        option stp '1'
        option proto 'none'

config interface 'vlan111'
        option type 'bridge'
        option proto 'none'
        option ifname 'eth0.111'
        option stp '1'