fist of all, thanks for helping out! With the available documentation I usually get everything up and running on OpenWRT but now I'm lost and I appreciate for you help.
I want to extend my main OpenWRT router with a OpenWRT raspberry extension to bring the network to the second floor via RJ45 cable.
My network is separated to a standard br-lan plus a Guest-Wifi which is running on the main router already. Now I want to extend this two networks to the raspy by separating the br-lan and the Guest-Wifi via VLAN.
So I activated the VLAN option on both devices, with belows scheme of switch configuration.
As you can see, the VLAN1 is my br-lan, VLAN3 is my Guest-Wifi on the second floor.
Basically the br-lan acts normal with a successful connection between first and second floor, but the Guest-Wifi in the second floor has no internet connection.
Ive read somewhere, that I have to bridge the Guest-Wifi on the main router with the VLAN3 (Guest wifi on the second floor). But whenever I do this, the internet connection in the Guest-Wifi on both routers is totally lost (My connecting devices get weird IPs so it seems that the DHCP is not working when I bridge the two networks. But since I deactivated all DHCP server stuff on the Raspberry on the second floor, I have no idea what is the root cause).
Below is a cat of my network configuration.
The marked config lines is when I add the bridge.
I hope somebody has an idea what I did wrong?
Thank you!
Mario
Main Switch:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'x:x:x::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr 'x.x.x.x'
option netmask '255.255.255.0'
option ip6assign '60'
option ifname 'eth0.1'
config interface 'wan'
option ifname 'eth1.2'
option proto 'dhcp'
option peerdns '0'
list dns '1.1.1.3'
list dns '1.0.0.3'
config interface 'wan6'
option ifname 'eth1.2'
option proto 'dhcpv6'
option reqprefix 'auto'
option reqaddress 'try'
option peerdns '0'
list dns 'x:x:x::x'
list dns 'x:x:x::x'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '5t 3 2 1t 0'
config interface 'Guest'
option proto 'static'
option ipaddr 'x.x.x.x'
option netmask '255.255.255.0'
> option type 'bridge'
> option ifname 'eth0.3'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '6t 4'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '3'
option ports '5t 1t'
Raspberry Switch on second floor:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'x:x:x::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr 'x.x.x.x'
option gateway 'x.x.x.x'
list dns '1.1.1.1'
config interface 'guest'
option proto 'none'
option type 'bridge'
option device 'br-guest.3'
config device
option name 'br-guest'
option type 'bridge'
list ports 'eth0.3'
config device
option type '8021q'
option ifname 'br-guest'
option vid '3'
option name 'br-guest.3'
Dear psherman,
thank you for your quick help!
Unfortunately the behaviour is the same after I did the changes.
Whenever I add the bridge on the main router, I get a weird IP adress when connecting to Guest Wifi:
For my main switch I use a Linksys WRT3200ACM running on OpenWrt 19.07.0-rc2
My second floor router is a Raspberry Pi 3 Model B Plus Rev 1.3 running on OpenWrt 21.02.1
For the Guest wifi on the second floor (Raspberry), i set dhcp protocol to "unmanaged", and no firewall?
If I understood correctly, it should be possible to transfer all features (dhcp/firewall/wan connection) from the Main Linksys Router via VLAN3 to the Raspy Router, so I need no dhcp, firewall or something else?
Is this correct?
config device
option name 'br-guest'
option type 'bridge'
list ports 'eth0.3'
config interface 'guest'
option proto 'none'
option device 'br-guest'
Then in the wifi config, use option network guest. Note that the device is just br-guest, not br-guest.3, since VLANs do not exist inside that bridge. The notation eth0.3 will add and remove tags as they move from the bridge to the port.
Also there should be no plain eth0 anywhere in the Pi config, the LAN is attached to eth0.1.
The Pi is probably the worst possible Wifi AP you could choose. It has a 1x1 radio which means that it is severely limited in terms of bandwidth and general performance (especially with multiple client devices), and it has a small PCB antenna which will be bad for range.
AFAIK, the Pi wifi also doesn't support multiple SSIDs.
Get a real AP -- any standard router will do the trick (even an older 802.11n all-in-one wifi router device). Just make sure you get one that is supported by OpenWrt 21.02, or that it has firmware that can accommodate multiple SSIDs and VLANs.
This should be upgraded to at least 19.07.9. Better would be 21.02.2 (just released).
So again thanks for Help, I run some more tests with your recomended changes but was not successful until now. (I did not do an update until now, since I would like to prepare backups and have some time to troubleshoot if I run into problems.)
Weekdays is not a good option for big changes since Internet is needed for homeoffice
I figured out, that the problem seems to be on the main router (Linksys). The Guest Wifi Internet gets lost as soon as I activate "bridge" in the "guest" interface, even if I don't add a second network:
I switched of the second router (Raspi) so the problem cannot be on this device!
config interface 'Guest'
option proto 'static'
option ipaddr 'x.x.x.x'
option netmask '255.255.255.0'
option type 'bridge' <<<< this leads to broken internet on guest wifi
I work with Lucy, so if I cannot bridge an interface, I'm wondering why Lucy gives this option?
Thanks for help.
Mario
ps.: My raspi has no wifi, I added a CSL 300Mbit USB Wifi dongle. Until now it works fine enough to provide youtube and instagram to the childrens rooms. I think the bottle neck is my internet anyway.
what version of owrt you are using per device? with 21.02 release network stack has been changed to so called DSA switch configuration method which is quite different to old swconfig based setup. for example there is no bridge option in interface config.
Dear grrr2,
thank you for your help.
The video is quite usefull, i will watch it full length tomorrow.
Currently I use OpenWrt version 19.07.0-rc2
I'm currently thinking if it is better to upgrade to 21.02 or I stay at the 19.07 version but upgrate to the latest release.
And you are right, the guest network has its own firewall zone and is forwarded to the WAN zone.
Finally, thanks to everybody helped in this topic!
I'm not 100% sure what was the root cause, but in the video was mentioned, that low VLAN numbers might be hardcoded, so I changed the VLAN from 3 to 30.
The suggestions how to configure the interfaces and VLANs I did allready.
Also I had to restart the Interface, then it worked!
So thanks! I now start to implement a nodogsplash capture page for my Guests...
I keep you updated!
THX!
Mario
