DUMB AP, LAN hosts only ping through VLAN

dasdevas · June 8, 2023, 5:54pm

Hi Everyone,

I'm new to this community and any help I can get from this community will be great.

I running pfsense on an old desktop with dual LAN ports, a TP-Link 100Mbps Unmanaged 8 port switch and 2 TL-MR3420 V5 routers running Openwrt 22.3.

My PFsense box has 1 LAN and 1 VLAN setup and I'm currently trying to setup OpenWRT Dumb AP with TP-Link routers, but the problem I'm running into is when I setup Dumb AP with just LAN connection I can see all my LAN devices, but the moment I add tagged VLAN 10 in openwrt switch config, my LAN devices completely disappear from the network, and despite of having valid IP's from the LAN DHCP server they can't ping each other, however I can ping them when I'm connected to VLAN.

I'm fairly a beginner in the OpenWRT universe and I'm sure I must be missing something in the config part, please guide me in the right direction.

lleachii · June 8, 2023, 6:14pm

Welcome to the community!

Can you show us your config?

cat /etc/config/network
cat /etc/config/wireless

darksky · June 8, 2023, 8:51pm

Slightly OT but it's not a dump AP it's a dumb AP

papdee · June 9, 2023, 1:28am

you have the same issue as a just recently poster vLAN SSID and pfSense

DSA always catches out the newbie, me included. Read through the comments in this post apply it to your situation and you'll be all good.

dasdevas · June 9, 2023, 4:07am

Noted, Thanks

dasdevas · June 9, 2023, 12:16pm

cat /etc/config/network returns

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd95:e899:f060::/48'

config interface 'lan'
        option delegate '0'
        option proto 'dhcp'
        option hostname 'openwrt-test'
        option ifname 'eth0.1'
        option type 'bridge'

config device 'lan_eth0_1_dev'
        option name 'eth0.1'
        option macaddr 'mac_addr'

config device 'wan_eth0_2_dev'
        option name 'eth0.2'
        option macaddr 'mac_addr'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 6t'

config switch_vlan
        option device 'switch0'
        option ports '1t 4 6t'
        option vlan '410'

config interface 'vlan410'
        option proto 'dhcp'
        option ifname 'eth0.410'
        option type 'bridge'

dasdevas · June 9, 2023, 12:22pm

cat /etc/config/wireless returns


config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/10300000.wmac'
        option htmode 'HT20'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'
        option network 'lan'

config wifi-iface 'wifinet1'
        option device 'radio0'
        option mode 'ap'
        option ssid 'OpenWrt-vlan'
        option encryption 'none'
        option network 'vlan410'

dasdevas · June 9, 2023, 12:44pm

I flashed OpenWRT 19.07.9 in my TP-Link TL-MR3420 router due to stability issues.

With my current configuration detailed above the following things are working,

1) I'm able to connect to both LAN an VLAN "Physically" through the router, devices get correct IP address from Pfsense DHCP servers.

2) I'm able to connect to both LAN an VLAN through "WiFi", devices get correct IP address from Pfsense DHCP servers.

3) Internet connectivity is as fast as it is supposed to be on both LAN and VLAN via physical or wireless connection.

4) I can only reach my local devices (e.g. Printer, NAS, Laptop etc.) when connected to VLAN network either Physically or through WiFi.

What's not working

1) I cannot ping or reach my "Printer - 192.168.1.3" when connected either Physically or through WiFi; my ping response shows "Reply from 192.168.1.x: Destination host unreachable."

2) Windows network section doesn't display any local devices either.

Note: when I change "Lan 1 - Port 410" from "tagged" to "Off", I can reach my local network devices.

lleachii · June 9, 2023, 1:52pm

Can you explain why you're attempting to carry both a tagged VLAN 410 and untag VLAN 1 on Port 1?

(This is generally not advisable.)

dasdevas · June 9, 2023, 2:49pm

because I have just one Cat6 cable running under the wall and to put another one I will have to break things.

lleachii · June 9, 2023, 2:51pm

Then you'll need to tag both VLANs 1 and 410 - and use a managed switch (or another device that recognizes VLAN tags) on the far-end to separate them again for use.

Hope this helps.

dasdevas · June 9, 2023, 3:03pm

I actually don't have 2 VLANs, I have 1 Physical LAN and 1 VLAN, but in Openwrt config all of that is being looked at as VLAN.

Also I was thinking I should use just use two tagged VLANs coming from PFsense, that way I can have them both tagged in OpenWRT and everything should work, but then if I connect any devices directly to my OpenWRT router in future they would get IP from my VLAN and not the LAN, which is when managing them would be a bit of an issue again.

so as per knowledge, my config is wrong I'm not missing anything, right?

If you still think there is a way to fix this issue please let me know how?

lleachii · June 9, 2023, 3:05pm

Not sure what this means, the VLANs are clearly enumerated. Therefore, I'm not sure what distinction you're making by calling one "physical" and the other "a VLAN" - feel free to explain.

Then set a port as untagged, set to the correct VLAN, use Port 2, 3 or 4.

dasdevas · June 9, 2023, 3:23pm

This is what I meant by 1 Physical LAN and 1 VLAN, it means my LAN has no tag, so if I use tagged in VLAN 1 in Openwrt my connection will break completely.

papdee · June 11, 2023, 12:16am

you might need to check the switch in your router can handle VLAN IDs above 15.

psherman · June 11, 2023, 12:53am

Based on the switch configuration you've shown here, your uplink to the PFSense box is using port LAN 1. Then...

If you plug a computer into either LAN2 or LAN3, you should get an IP address in the VLAN 1 subnet. Please verify that this is true.
If you plug your computer into LAN4, you should get an IP in the VLAN 410 subnet. Please verify that.

lleachii · June 11, 2023, 1:06pm

To be clear:

Yes this is expected - unless you tag the other end (it doesn't matter if the remote side is virtual or PHY, it still needs to be tagged)
You need to tag both VLAN 1 and 410

Have you done so?

dasdevas · June 20, 2023, 6:14pm

My Apologies for the delay, I have been tied with a lot.

I couldn't tag my physical interface, at least I don't see a way to do that without creating a VLAN interface in pfsense, so I took your advise to not mix things up.

I had 3 mini unmanaged switches lying around so I created 3 VLANs as per my requirements, tagged all of them as per your advise and I'm routing them through these switches to wherever they need to be; everything is working fine for now, Thank you for your support.

system · June 30, 2023, 6:15pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.