After changing the ports on my OpenWrt One Dumb AP to have 2 LAN ports as discussed in OpenWrt One using eth0 WAN as LAN
I have also cleaned up the config files in the CLI as, correctly mentioned by @ pavelgl, they were a mess. I started setting up in the Luci interface resulting in quite a messy file. Hopefully they should be a bit better now.
I am still learning (sorry for my ignorance) and my next step is having some issues with extending the Guest and IoT networks from the main unit to the Dumb AP.
The setup is:
Main unit: OpenWrt One
Unmanaged switch in the middle
Second Dumb AP in an other area of the house: OpenWrt One
I have configured the networks to be:
Private network on VLAN 76 (ipaddr '192.168.7.1')
Guest VLAN 12 (ipaddr '192.168.3.1/24')
Iot VLAN 6 (ipaddr '192.168.6.1/24')
For the main VLAN (76), everything seems to be working well. I can move through the house and the devices are switching in between the 2 units correctly and staying in the same subnet.
However for the Guest and Iot networks, I am having issues when I connect via the Dumb AP, I get an IP on a wrong subnet (169.254.121.x) and of course no connection.
I am listing below the 2 network config files:
Main unit
Dumb AP
Main Unit:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd1c:d3da:921c::/48'
option packet_steering '1'
# Wan interface
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option norelease '1'
option peerdns '0'
list dns '2606:4700:4700::1111'
list dns '2606:4700:4700::1001'
# Private
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
config interface 'lan'
option device 'br-lan.76'
option proto 'static'
option ipaddr '192.168.7.1'
option netmask '255.255.255.0'
option ip6assign '60'
config bridge-vlan
option device 'br-lan'
option vlan '76'
list ports 'eth1'
## Guest
config device 'guest_dev'
option name 'br-guest'
option type 'bridge'
config interface 'guest'
option device 'br-guest.12'
option proto 'static'
list ipaddr '192.168.3.1/24'
config bridge-vlan
option device 'br-guest'
option vlan '12'
# Iot
config device 'iot_dev'
option name 'br-iot'
option type 'bridge'
config interface 'iot'
option device 'br-iot.6'
option proto 'static'
list ipaddr '192.168.6.1/24'
config bridge-vlan
option device 'br-iot'
option vlan '6'
Dumb AP:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd73:6c5b:50b4::/48'
option packet_steering '1'
# Private
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
list ports 'eth1'
config interface 'lan'
option device 'br-lan.76'
option proto 'dhcp'
config bridge-vlan
option device 'br-lan'
option vlan '76'
list ports 'eth0'
list ports 'eth1'
# Guest
config device 'guest_dev'
option name 'br-guest'
option type 'bridge'
list ports 'br-guest.12'
config bridge-vlan
option device 'br-guest'
option vlan '12'
config interface 'guest'
option proto 'dhcp'
option device 'br-guest.12'
# Iot
config device 'iot_dev'
option name 'br-iot'
option type 'bridge'
config bridge-vlan
option device 'br-iot'
option vlan '6'
config interface 'iot'
option device 'br-iot.6'
option porto 'dhcp'
I must be clearly missing something but after being stuck on this for quite a bit I am asking for help.
And as I am still in the learning process, if you see non optimum points int e files feel free to comment. And if you need additional config files, let me know.
VLANs and unmanaged switches are a no-go. Either you need to remove the switch out of the equation (e.g. via a direct cable link between your router and the AP) or you need to replace the unmanaged switch with a managed one. Unmanaged switches can only be used as long as they never get exposed to tagged packets (so single, untagged, network, as a leaf switch carrying only a single network).
The unmanaged switch may pass or drop the larger tagged frames, you will check this after fixing the configuration.
There is no wired port defined for VLANs 6 and 12.
Move to a single bridge device (br-lan), set tagged VLANs 6 and 12 on eth1 using bridge vlan filtering and configure the interfaces defining br-lan.X as device.
Main router:
...
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
config bridge-vlan
option device 'br-lan'
option vlan '76'
list ports 'eth1'
config bridge-vlan
option device 'br-lan'
option vlan '12'
list ports 'eth1:t'
config bridge-vlan
option device 'br-lan'
option vlan '6'
list ports 'eth1:t'
config interface 'lan'
option device 'br-lan.76'
option proto 'static'
list ipaddr '192.168.7.1/24'
config interface 'guest'
option device 'br-lan.12'
option proto 'static'
list ipaddr '192.168.3.1/24'
config interface 'iot'
option device 'br-lan.6'
option proto 'static'
list ipaddr '192.168.6.1/24'
AP (assuming eth1 is used as an uplink to the router)
...
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
list ports 'eth1'
config bridge-vlan
option device 'br-lan'
option vlan '76'
list ports 'eth0'
list ports 'eth1'
config bridge-vlan
option device 'br-lan'
option vlan '12'
list ports 'eth1:t'
config bridge-vlan
option device 'br-lan'
option vlan '6'
list ports 'eth1:t'
config interface 'lan'
option device 'br-lan.76'
option proto 'dhcp'
config interface 'guest'
option proto 'dhcp'
option device 'br-lan.12'
option metric '10'
config interface 'iot'
option device 'br-lan.6'
option porto 'dhcp'
option metric '20'
When the AP's guest and iot interfaces get IP addresses from the main router (meaning tagged VLANs are working), you can switch their protocol to unmanaged/none.
@slh thanks. An other of my misconception. I though (wrongly) that an unmanaged switch would just forward everything and that a managed switch could just sort the data further down the line. However, the good news is that I had already planned to replace this unmanaged switch with a larger managed model. It is in the post but hasn't arrived yet.
@pavelgl Thanks again for your fantastic help. It looks so much cleaner now. I have updated both device with above config and so far everything seems to be working perfectly fine. And in a day or two I will retire the unmanaged switch and replace it with the new one.
Now everything seems to be working fine. All the devices connected to the VLAN from the switch are on the right subnet with the right IP address. I also created an extra VLAN for the media equipment (TV&Co). They all connect correctly (excepted one).
The Panasonic TV that doesn't seem to like the config (but it works for the other devices TV box Apple TV Nintendo Switch).
The Panasonic TV, connected to the managed switch via Ethernet on VLAN 22 (Media).
...
config bridge-vlan
option device 'br-lan'
option vlan '22'
list ports 'eth1:t'
...
config interface 'media'
option device 'br-lan.22'
option proto 'static'
list ipaddr '192.168.22.1/24'
...
While all devices connect fine on this VLAN, the TV message is saying:
"A Home network is available but the connection to the internet is not possible The Gateway did not respond"
And I can see the icons connected to the router but not to the internet. When I check the network settings of the TV I have:
I don't think that the TV is directly connected to the router. It is almost certainly connected to the switch. Therefore, the OP doesn't need to change how eth1 is currently configured.
@net_user_dhr3 - Let's take a look at the complete config:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
Your config looks fine. I suspect that the issue is with how the TV detects connectivity, rather than an actual problem with said connectivity.
Reading between the lines a bit here, I think it is saying it tried to ping the gateway and it didn't reply. This is expected based on your configuration, and it's actually following best practices. That said, you can add a rule to allow ping responses like this:
config rule
option name 'Allow-media-Ping'
option src 'media'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
I think that this will fix the issue. Try it out and let me know. (don't forget to restart the firewall or reboot the router to ensure the rule takes effect).
You were absolutely right, the ping was the issue.
After adding the rule to the firewall and running service firewall restart it just connected straight away.
Big thank you @psherman and @pavelgl for your amazing contribution, I definitely could not have done it without you guys!!!
