D-Link DAP 2610: first steps with VLANs

StifflersMagic · March 20, 2022, 12:38pm

Hi,
is there any reason to use snapshot image?
You can use the stable version, wich provides all packages to configure the DAP-2610 including vlans.
https://downloads.openwrt.org/releases/21.02.2/targets/ipq40xx/generic/
Because you run the snapshot, I would prefer the factory image.

You have to create the vlans at the switch menu first. For my VLAN 3 and VLAN 11 ist looks like:

Then you can create the vlan devices at Network / Interfaces (Devices tab) and the VLAN bridge devices.
After this you can create the WLAN ssid(s) and set it to the vlan bridges.

sgw · March 20, 2022, 6:21pm

There is no switch menu here! Maybe because of the snapshot? Or some missing support for that hw?
I think we chose snapshots because the wiki page told that also snapshots should run OK on that appliance.

sgw · March 21, 2022, 7:57am

I have that AP on the stable version now. Still NO switch menu entry available.
When I try to add bridge vlan filtering to br-lan it does not work, and I have to revert the change after 90 seconds.
Remove firewall zones and set static IP in our LAN, disabled DHCP.

anon89577378 · March 21, 2022, 8:13am

DSA devices do not have the Switch menu.

See the mini tutorial for DSA network configuration -

sgw · March 21, 2022, 8:32am

thanks. I read and followed that x times already

I have vlan filtering on again, and added VLAN 1 untagged, PVID ... and VLAN 11 tagged (both should go out via br-lan bridged to eth0).

br-lan.11 does not get a DHCP lease.

Looked at swconfig and set this:

	pvid: 1
	link: port:5 link:up speed:1000baseT full-duplex auto
VLAN 1:
	vid: 1
	ports: 0t 5 
VLAN 2:
	vid: 2
	ports: 0t 
VLAN 11:
	vid: 11
	ports: 0t 5t

As far as I understand that should not be needed. And it doesn't work either.
please advise.

Model	D-Link DAP 2610
Architecture	ARMv7 Processor rev 5 (v7l)
Target Platform	ipq40xx/generic
Firmware Version	OpenWrt 21.02.2 r16495-bf0c965af0 / LuCI openwrt-21.02 branch git-22.046.85957-59c3392
Kernel Version	5.4.179

sgw · March 21, 2022, 8:52am

I followed DLink DAP-2610: Can't get VLANs running - #7 by StifflersMagic , btw ... thanks to @StifflersMagic

That thread tells that these steps should not be necessary anymore. Hmm ...

sgw · March 21, 2022, 9:39am

Should there be switch-definitions in /etc/config/network ? There are none here:

# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd46:90da:fc7b::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config device
	option name 'eth0'
	option macaddr 'ec:ad:e0:7b:19:c0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.97.167'
	option gateway '192.168.97.1'
	list dns '192.168.97.1'

config bridge-vlan
	option device 'br-lan'
	option vlan '11'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '12'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth0:u*'

config interface 'TestVLAN11'
	option proto 'dhcp'
	option device 'br-lan.11'

config interface 'TestVLAN12'
	option proto 'dhcp'
	option device 'br-lan.12'

StifflersMagic · March 21, 2022, 4:58pm

Hi,

yes, there have to be switch definitions to work with VLANs.

In LUCI, it has to be configured here:
grafik

I edited my post from 2020 because VLANS doesn't work without swconfig on this hardware.

Did you changed to stable release or are you trying with snapshot again?

sgw · March 21, 2022, 5:14pm

@StifflersMagic I mentioned above: flashed stable. No "Switch" entry under "Network" for me.

StifflersMagic · March 21, 2022, 6:43pm

Hi,

I tried with an unused DAP-2610: You are right.
First you have manually add the switch. You can do this via console:
ssh to the AP and login, then perform the following commands:

uci add network switch
uci set network.@switch[0]=switch
uci set network.@switch[0].name='switch0'
uci set network.@switch[0].reset='1'
uci set network.@switch[0].enable_vlan='1'
uci commit network

reboot the device.

When the device has rebooted, you are able to configure the switch and VLAN tags via the GUI.

There is a limitation using vlans:
At some switching environments you can add VLAN 1 as tagged VLAN.
This is NOT possible with this device. Only tagged vlans >1 can be used

This MAY work also with the snapshot, but I would prefer the stable version.

sgw · March 21, 2022, 7:52pm

Thanks @StifflersMagic for testing things and sharing the commands. I followed them and rebooted, unfortunately the AP didn't come up online again so far ...

The AP is at a customer's site, I toggled it off and on again via POE (on the switch), I still don't ping its static IP or the original 192.168.1.1 it might have somehow fallen back to. Currently I don't know how to proceed, the AP does not have a serial console port to plug into and soldering isn't a quick option ...

Maybe the customer might press the physical reset or boot into failsafe mode so that I can proceed (tomorrow morning).

thanks so far, Stefan

StifflersMagic · March 22, 2022, 4:36am

Hi,

My test DAP-2610 has a TTL serial soldered, so I check it with your provided config.
I changed the ip adresses only to my internal network.
If I do the switch config, the AP doesn't respond at all after reboot.

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth0:u*'

This part will break your configuration.

To get the AP back, customer may press and hold the reset button until the LED flashes with red color. After releasing the button, the AP reboots with his standard configuration, it will be reachable at 192.168.1.1 again.

To proceed, only change the IP adress for your needs, then do the switch config and NEVER touch VLAN 1

sgw · March 22, 2022, 6:17am

@StifflersMagic great, sounds good. I managed to mess it up again in failsafe mode (I edited the network file, removed the mentioned part only and rebooted. Seems I edited the wrong file in the wrong place, my fault).

Now I wait for another reset by the customer, then I might just use first_boot, log in (I have a system in 192.168.1.0/24 for access), then do the switch part etc again.

thanks a lot so far, looking forward to real progress and working VLANs today

sgw · March 22, 2022, 6:58am

Ah, one more: as soon as I have that basic configuration up and running, we want to manage multiple APs via OpenWISP. I already have the config to register them to the WISP server, the idea would be to build a (stable?) image with the required packages and that basic switch config inside. The other configuration like the individual VLANs and ESSIDs would come from WISP later.

So: image with predictable IP, packages, WISP-URL + creds (to register), switch0. Any opinions on that?

StifflersMagic · March 22, 2022, 7:36am

I would prefer to start with a clean config because parts of it looked very strange to me (like the part of interface aliasing eth0:t*)

sgw · March 22, 2022, 7:58am

will do, yes

sgw · March 22, 2022, 8:03pm

I am some steps closer, but not there yet.

Right now I get a DHCP Lease on Interface VLAN11: that is progress.

I set a Wireless ESSID onto this Interface and a WIFI client does NOT get a DHCP-Lease.

What do I miss?

btw: I was not able to add Bridge VLAN filtering on br-lan. That failed with an error message (I can't quote exactly right now). So I added a VLAN device myself directly.

I assume br-lan.11 and eth0.11 behave differently. Which one to use for the Wifi?

here the status:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd64:2d89:830d::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'
	option vlan_filtering '1'

config device
	option name 'eth0'
	option macaddr 'ec:ad:e0:7b:19:c0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.97.167'
	option gateway '192.168.97.1'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option ports '0t 5t'
	option vlan '11'
	option description 'VLAN11'

config switch_vlan
	option device 'switch0'
	option ports '0t 5t'
	option vlan '12'
	option description 'VLAN12'

config device
	option type '8021q'
	option ifname 'eth0'
	option vid '11'
	option name 'eth0.11'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '11'
	option name 'br-lan.11'

config interface 'VLAN11'
	option device 'eth0.11'
	option proto 'dhcp'

sgw · March 22, 2022, 8:20pm

Here the error when I try to add VLAN 11 via VLAN bridge filtering for br-lan:

Save error
An error occurred while saving the form:

RPC call to uci/delete failed with ubus code 4: Resource not found
  at ClassConstructor.handleCallReply (http://192.168.97.167/luci-static/resources/rpc.js?v=git-22.046.85957-59c3392:15:3)

StifflersMagic · March 23, 2022, 6:33am

Hi,

here is my working config:

root@DAP2600-OG:~# cat /etc/config/network

config interface 'loopback'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
        option device 'lo'

config globals 'globals'
        option packet_steering '1'

config interface 'lan'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option proto 'dhcp'
        option delegate '0'
        option device 'br-lan'

config device 'lan_eth0_dev'
        option name 'eth0'
        option macaddr 'ec:ad:e0:79:97:d0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '0t 5t'
        option description 'Vlan3'

config switch_vlan
        option device 'switch0'
        option ports '0t 5t'
        option vlan '11'
        option description 'Techlan2'

config interface 'vlan11'
        option proto 'static'
        option ipaddr '10.11.1.102'
        option netmask '255.255.255.0'
        option device 'br-vlan11'

config interface 'vlan3'
        option proto 'static'
        option ipaddr '10.20.1.102'
        option netmask '255.255.255.0'
        option device 'br-vlan3'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config device
        option name 'br-vlan11'
        option type 'bridge'
        list ports 'eth0.11'

config device
        option name 'br-vlan3'
        option type 'bridge'
        list ports 'eth0.3'

config device
        option name 'eth0.11'
        option type '8021q'
        option ifname 'eth0'
        option vid '11'

config device
        option name 'eth0.3'
        option type '8021q'
        option ifname 'eth0'
        option vid '3'

config device
        option name 'wlan0'

config device
        option name 'wlan0-1'

config device
        option name 'wlan0-2'

config device
        option name 'wlan1'

config device
        option name 'wlan1-1'

config device
        option name 'wlan1-2'

root@DAP2600-OG:~#

Default vlan (br-lan) is set to dhcp, but I always keep the failsafe 192.168.1.1 adress, so if dhcp assignments fail, I have the chance to connect to the device via 192.168.1.1.

Your config looks like manually edited, I had all things configured via luci GUI.

sgw · March 23, 2022, 6:56am

@StifflersMagic I also did everything via luci. I will try to adjust things according to your example, thanks.