Help configuring a untagged vlan on 1 lan port

Hello all,

I've recently been setting up a new router ( a linksys ea8300 ) and have had some great help from user NPeca75 to set up a couple of vlans to work with 1 ssid and dynamic PSK.
What I'm trying to do now is, setup Lan port 2 as untagged for vlan20 but as I do this I do not get an IP address from the dhcp server setup for this vlan while connected, I do get an ip address from this same dhcp server if I connect thru wifi on this vlan 20.
I'm hoping someone could get me a hand I will post the configs below.

network config:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdde:e75b:eb1d::/48'

config device
        option name 'lan1'
        option macaddr 'e8:9f:80:a2:c6:fa'

config device
        option name 'lan2'
        option macaddr 'e8:9f:80:a2:c6:fa'

config device
        option name 'lan3'
        option macaddr 'e8:9f:80:a2:c6:fa'

config device
        option name 'lan4'
        option macaddr 'e8:9f:80:a2:c6:fa'

config device
        option name 'wan'
        option macaddr 'e8:9f:80:a2:c6:f9'

config device
        option type 'bridge'
        option vlan_filtering '1'
        option name 'br-lan'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan1:u*'
        list ports 'lan3:u*'
        list ports 'lan4:u*'
		
config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan4:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'lan2:u'

config bridge-vlan
        option device 'br-lan'
        option vlan '30'
        list ports 'lan4:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '40'
        list ports 'lan4:t'

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ipaddr '192.168.5.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'vlan10'
        option device 'br-lan.10'
        option proto 'static'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'

config interface 'vlan20'
        option device 'br-lan.20'
        option proto 'static'
        option ipaddr '192.168.20.1'
        option netmask '255.255.255.0'

config interface 'vlan30'
        option device 'br-lan.30'
        option proto 'static'
        option ipaddr '192.168.30.1'
        option netmask '255.255.255.0'
		
config interface 'vlan40'
        option device 'br-lan.40'
        option proto 'static'
        option ipaddr '192.168.40.1'
        option netmask '255.255.255.0'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

wireless config:

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'soc/40000000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '136'
        option band '5g'
        option htmode 'VHT40'
        option country 'AW'
        option cell_density '0'
        option txpower '20'

config wifi-iface 'wifinet0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'TEST 51'
        option encryption 'psk2'
        option key '12345678'
        option disassoc_low_ack '0'
        option max_inactivity '120'
        option isolate '0'
        option disabled '0'
        option ifname 'wlan0'
        option multicast_to_unicast_all '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/a000000.wifi'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option country 'AW'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'TEST 24'
        option encryption 'psk2'
        option key '12345678'
        option wmm '1'
        option short_preamble '1'
        option disassoc_low_ack '0'
        option max_inactivity '120'
        option isolate '0'
        option ifname 'wlan1'
        option multicast_to_unicast_all '1'

config wifi-device 'radio2'
        option type 'mac80211'
        option path 'platform/soc/a800000.wifi'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option country 'AW'
        option cell_density '0'

config wifi-iface 'wifinet1'
        option device 'radio2'
        option network 'lan'
        option mode 'ap'
        option ssid 'TEST 52'
        option encryption 'psk2'
        option key '12345678'
        option wmm '1'
        option short_preamble '1'
        option disassoc_low_ack '0'
        option max_inactivity '120'
        option isolate '0'
        option disabled '0'
        option ifname 'wlan2'
        option multicast_to_unicast_all '1'

config wifi-vlan
        option name 'vl10'
        option network 'vlan10'
        option vid '10'

config wifi-station
        option key 'Vlan10Pass'
        option vid '10'

config wifi-vlan
        option name 'vl20'
        option network 'vlan20'
        option vid '20'

config wifi-station
        option key 'Vlan20Pass'
        option vid '20'
config wifi-vlan
        option name 'vl30'
        option network 'vlan30'
        option vid '30'

config wifi-station
        option key 'Vlan30Pass'
        option vid '30'

config wifi-vlan
        option name 'vl40'
        option network 'vlan40'
        option vid '40'

config wifi-station
        option key 'Vlan40Pass'
        option vid '40'

firewall config:

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
		
config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'Vlan20'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'vlan20'

config rule
        option name 'Vlan20-DHCP'
        list proto 'udp'
        option src 'Vlan20'
        option dest_port '67'
        option target 'ACCEPT'

config rule
        option name 'Vlan20-DNS'
        option src 'Vlan20'
        option dest_port '53'
        option target 'ACCEPT'

config forwarding
        option src 'Vlan20'
        option dest 'wan'

did you tried with
lan2:u* ???

u -> untagged
asterisk/star/* -> primary (pvid)

yes , even though I didn't know the meaning of the added *, I did try it but same result, doesn't get an ip from the dhcp server

ok, to be sure your vlan20 is working as you expected ...

when you connect with wifi vlan20, do you get 192.168.20.x address on client ?

please look at the
/etc/config/dhcp

you need to have something similar like

config dhcp 'vlan20'
        option interface 'vlan20'
        option start '100'
        option limit '100'
        option ra 'server'
        option dhcpv6 'server'
        option ra_default '2'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list dhcp_option '42,192.168.20.1'
        option leasetime '12h'

ok, it will be certainly different, but it has to include 'vlan20' block in this file

I'm looking into that, because I just tested it and it doesn't work anymore, so I might have changed something that broke that :man_facepalming:

best practice for rough / quick test is

  1. disable all firewall entry which points to vlan20
  2. examine vlan20 dhcp config

it is hard to debug at once
vlans, dhcp server and firewall, so best is to disable FW

oke, I've found the issue, (caused by myself :joy:) now vlan20 works via wifi and via lan port 2.

the issue was that I started to adopt changes from my main router and one of these changes broke the vlans.

on my main router I have listen interfaces set to: LAN and exclude interfaces set to: Loopback, I'm not sure what they are for but now that I put them back to : unspecified everything works

1 Like

long journey ahead of you :slight_smile:
have a nice googling on openwrt forum

1 Like