I have a need to setup some VLAN's, but would need a little guidance to do it. My router is a ClearFog Base unit (mvebu) with which I am using it with Dual WAN. So, for the three LAN ports it has ( 2 x Gbe and 1 x SFP), both RJ45 Gbe ports represent WAN and WANB, where the SFP port through a transceiver to RJ45 is my LAN connection. I am currently on the 21.02 branch and am current as of this morning.
I ultimately would like to keep my primary LAN network 192.168.1.1/24 available with DNSMASQ and the backing DHCP server.
At the same time, I would now like to add:
GUESTVLAN - 192.168.2.1/24 (With DNSMASQ as backing DHCP)
IOTVLAN - 192.168.3.1/24 (With DNSMASQ as backing DHCP)
I would like all three to run over the main LAN link I have now. From that point, I can configure my switches and AP's directly to use VLAN tags 10 and 20 to route traffic accordingly, creating layers of separation.
I followed some posts earlier on and think I have a basic setup today running for my bridge switch:
The AP itself has an IP assigned to it from my "LAN" network, which is what my primary network is off of (192.168.1.1/24).
But, I have 3 x SSID's on my AP:
Wi-Fi (192.168.1.1/24)
Wi-Fi (Guest) (192.168.2.1/24) - Should be over VLAN 2
Wi-Fi (IOT) (192.168.3.1/24) - Should be over VLAN 3
I would expect when I assign a device to the VLAN based SSID, dnsmasq on OWRT would assign out an IP from the .2 or .3 pool, am I thinking incorrectly?
My router unit itself only has 3 x NIC ports, 2 x standard RJ45 gigabit and 1 x SFP. Both RJ45's are being used for my WAN and WANB connections (Since I use dual WAN at home). So, the only remaining port that my unit has is the SFP, so I need that to serve everything on the LAN side, which would be Native VLAN1 for LAN and VLAN2 for GUEST with VLAN3 for IOT, all over eth2.
VLAN2 and 3 will be used strictly for the moment as Wi-Fi VLAN's. Meaning the existence of them for the moment will be limited to just wireless clients connecting to a respective SSID (Wi-Fi (Guest) for VLAN2 and Wi-Fi (IOT) for VLAN3.
Didn't work, at least not out of the box. Some strangeness I see and I am not sure if it's related to all the work that @jow is doing with DSA in Luci, but looking at the GUI it's showing as VLAN1 as tagged and primary, while in the network file itself it's untagged and primary. I believe that's red herring, but maybe worth bringing up?
root@OpenWrt:/etc/config# bridge vlan
-ash: bridge: not found
root@OpenWrt:/etc/config# brctl show
bridge name bridge id STP enabled interfaces
switch0 7fff.d263b41a53d6 no eth2
root@OpenWrt:/etc/config#
EDIT: One thing I am doing in the meantime, I am going through my switches once more and changing all ports to "tagged" for VLAN traffic over 2 and 3. They were set to "untagged" prior.
Okay, so I'm a dumbass I think the fact that my switches had the ports set to VLAN 2 and 3 as "untagged" prevented the tagged traffic from flowing. Once I changed them to "tagged" ports for 2 and 3, magic happened.
I am not sure if eth2 on VLAN1 really needs to be called out as untagged and primary :u* but I will leave it for now. Thanks @anomeome
Also @jow , I am not sure if it's expected or not, but I also noticed something strange when it comes to the VLAN's we added by hand. What I mean is that if I go into /etc/config/network and add by hand:
BUT, if I click the "configure" button next to one of the newly created (greyed out) VLAN's and make 0 changes BUT I do click "Save", then 2 pending changes appear:
At that point my greyed out VLAN definition becomes a defined "Device" in the devices list, no longer called out as "VLAN (802.1q)". I am not sure if that is expected behavior or not?
@jow did you see these two items as well? (the replied to post) There is a typo on Bridge VLAN Filtering page as well on the same page LUCI is not properly showing the flags set for a given port.
