GL-B2200 issue with VLAN configuration

philskents · December 3, 2023, 3:04am

I am trying to migrate from my single TPLink EAP615 running OpenWRT to a pair of GL-B2200’s that I can mesh (eventually). The issue I am having is that I cannot get either one of the GL-B2200’s to even connect to my network.

The network is pretty simple:

PfSense -> Netgear Managed Switch -> AP

DHCP is handled by the PfSense device. VLANS are all 802.1q. The AP is currently not configured with any wireless networks, I’m trying (and failing) to get it to get an IP from DHCP.

Version


OpenWrt 22.03.5, r20134-5f15225c1e

Network.conf


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fde0:b30d:4a11::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan'
	option proto 'none'

config interface 'wan'
	option device 'eth1'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'

config interface 'wan6'
	option device 'eth1'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 5 0'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 0'

config bridge-vlan
	option device 'br-lan'
	option vlan '11'
	list ports 'eth0:t*'

config interface 'test'
	option proto 'dhcp'
	option device 'br-lan.11'

config device
	option name 'br-lan.11'
	option type '8021q'
	option ifname 'br-lan'
	option vid '11'

Firewall.conf


config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'wan'
	list network 'wan6'
	list network 'test'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

ifconfig


br-lan    Link encap:Ethernet  HWaddr 94:83:C4:15:9A:72
          inet6 addr: fe80::9683:c4ff:fe15:9a72/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:236 errors:0 dropped:0 overruns:0 frame:0
          TX packets:779 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:93375 (91.1 KiB)  TX bytes:249426 (243.5 KiB)

br-lan.11 Link encap:Ethernet  HWaddr 94:83:C4:15:9A:72
          inet6 addr: fe80::9683:c4ff:fe15:9a72/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:231 errors:0 dropped:0 overruns:0 frame:0
          TX packets:509 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:90895 (88.7 KiB)  TX bytes:171966 (167.9 KiB)

eth0      Link encap:Ethernet  HWaddr 94:83:C4:15:9A:72
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:266 errors:0 dropped:0 overruns:0 frame:0
          TX packets:707 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:103467 (101.0 KiB)  TX bytes:233948 (228.4 KiB)

eth1      Link encap:Ethernet  HWaddr 94:83:C4:15:9A:73
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::9683:c4ff:fe15:9a73/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11217 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10344 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1483665 (1.4 MiB)  TX bytes:4924351 (4.6 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1852 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1852 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:135784 (132.6 KiB)  TX bytes:135784 (132.6 KiB)

brctl show


bridge name	bridge id		STP enabled	interfaces
br-lan		7fff.9483c4159a72	no		eth0

No other device, including my existing OpenWRT devices seem to be having any issues. Anyone have any ideas?

psherman · December 3, 2023, 3:07am

You are mixing swconfig and dsa syntax. This will not work.

Reset to defaults and then post your default. Work config as well as the mapping of VLANs to ports (and what should be tagged on each port).

philskents · December 3, 2023, 3:15am

Stock network config after reset to defaults:


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd48:69c4:07d2::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth1'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 5 0'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 0'

I need VLANs 11, 22, and 33 trunked down eth0

psherman · December 3, 2023, 3:33am

eth0 is the cpu connection to the built-in switch.

What port on the device are you using for your trunk?

And is this intended as a dumb ap configuration?

philskents · December 3, 2023, 3:42am

I’m missing something here so let me expand on what I’m trying to replicate from my current OpenWRT setup.

I have 4 VLANs, one for management, one for my devices, one for IOT devices, and one for guests. Each VLAN has a corresponding wireless network. The AP does nothing other than serve as a dumb AP. All routing, DNS, firewall activity etc happens elsewhere on my network. The config on my current TPLink AP looks like this and is essentially what I want to recreate on the new devices:


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fd8a:5d3d:a754::/48'

# Setup a bridge (switch) for all 4 ports:
config device
        option name 'br-router'
        option type 'bridge'
        list ports 'lan0'
        list ports 'lan1'
        list ports 'lan3'
        list ports 'lan4'
        option vlan_filtering '1'

# Setup an internal VLAN for talking to the router on the default VLAN:
config bridge-vlan
        option device 'br-router'
        option vlan '1'
        list ports 'lan0:t'

# Get a DHCP address for the WAP from the router:
config interface 'management'
        option device 'br-router.1'
        option proto 'dhcp'

# Setup VLAN 22 for an SSID:
config bridge-vlan
        option device 'br-router'
        option vlan '22'
        list ports 'lan0:t'

# Setup the interface for the SSID, DHCP provided by the router:
config interface 'LittleEmily'
        option device 'br-router.22'
        option proto 'none'

# Setup VLAN 11 for an SSID:
config bridge-vlan
        option device 'br-router'
        option vlan '11'
        list ports 'lan0:t'

# Setup the interface for the SSID, DHCP provided by the router:
config interface 'Astronomicon'
        option device 'br-router.11'
        option proto 'none'

config bridge-vlan
	option device 'br-router'
	option vlan '33'
	list ports 'lan0:t'

config interface 'EmmetNet'
	option device 'br-router.33'
	option proto 'none'

The new devices have one port labeled LAN (eth0 by my reckoning) and one WAN (eth1). I’d like to use the LAN port to trunk to my switch. Judging by the documentation that would be switch port 4?

psherman · December 3, 2023, 3:56am

The new device appears to have multiple lan ports based on the switch configuration.

But I see that the device (when I look at the product page) indeed only has 2 physical ethernet ports (wan and lan).

All of that said, you should upgrade to 23.05 first, then we can get everything working as you'd like

https://firmware-selector.openwrt.org/?version=23.05.2&target=ipq40xx%2Fgeneric&id=glinet_gl-b2200

philskents · December 3, 2023, 4:12am

Upgrade done

New default config


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fddd:8c1e:6b22::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

psherman · December 3, 2023, 4:23am

Great. This looks better since it has only 2 ports defined (lan and wan).

Now, I'm not 100% certain if this is DSA or swconfig, but we can use a bridge VLAN here anyway...

From your other config, it looks like the management network is on VLAN 1, tagged.

So, we'll add the bridge VLANs:

[quote="philskents, post:7, topic:179496"]

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '11'
	list ports 'lan:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '22'
	list ports 'lan:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '33'
	list ports 'lan:t'

Then we'll edit your lan config to represent the management VLAN usingthe new bridge-vlan for VLAN1 and set it to DHCP as was used in the other config (adjust or ask questions if any of this is not your desired config/mode, feel free to rename the interface to management or similar):

config interface 'lan'
	option device 'br-lan.1'
	option proto 'dhcp'

Now we'll add the other networks (unmanaged):

config interface 'Astronomicon'
        option device 'br-lan.11'
        option proto 'none'

config interface 'LittleEmily'
        option device 'br-lan.22'
        option proto 'none'

config interface 'EmmetNet'
	option device 'br-lan.33'
	option proto 'none'

Finally, create new SSIDs in the wireless config file, and attach them to the networks for each of the VLANs.

Once done, restart and test.

philskents · December 3, 2023, 4:37pm

Latest stable works! Rookie mistake installing the old version, thanks for the assist

system · December 13, 2023, 4:37pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.