Help with vlans setup

I have troubles setting up additional vlans.

root@AC6:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config device
	option name 'eth0'
	option ipv6 '0'

config device
	option name 'wlan0'
	option ipv6 '0'
	option mtu '1500'
	option macaddr '50:D4:F7:0F:03:8F'
	option txqueuelen '1000'

config device
	option name 'wlan1'
	option ipv6 '0'
	option mtu '1500'
	option macaddr '50:D4:F7:0F:03:8E'
	option txqueuelen '1000'

config globals 'globals'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '11'
	option description 'LAN'
	option ports '0t 2 3 4t 5'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '22'
	option ports '0t 1'
	option description 'WAN'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '33'
	option description 'DMZ'
	option ports '0t 2t 3t 4 5t'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '44'
	option description 'DMZ2'
	option ports '0t 2t 3t 4t 5t'

config device
	option name 'eth0.11'
	option type '8021q'
	option ifname 'eth0'
	option vid '11'
	option ipv6 '0'
	option mtu '1500'
	option macaddr '50:D4:F7:0F:03:8D'
	option txqueuelen '1000'

config device
	option name 'eth0.22'
	option type '8021q'
	option ifname 'eth0'
	option vid '22'
	option ipv6 '0'

config device
	option name 'eth0.33'
	option type '8021q'
	option ifname 'eth0'
	option vid '33'
	option ipv6 '0'
	option mtu '1500'
	option macaddr '50:D4:F7:0F:03:8E'
	option txqueuelen '1000'

config device
	option name 'eth0.44'
	option type '8021q'
	option ifname 'eth0'
	option vid '44'
	option ipv6 '0'
	option mtu '1500'
	option macaddr '50:D4:F7:0F:03:8B'
	option txqueuelen '1000'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.11'
	option ipv6 '0'
	option mtu '1500'
	option macaddr '50:D4:F7:0F:03:8D'
	option txqueuelen '1000'

config device
	option name 'br-dmz'
	option type 'bridge'
	list ports 'eth0.33'
	list ports 'eth0.44'
	option mtu '1500'
	option macaddr '50:D4:F7:0F:03:8C'
	option txqueuelen '1000'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'

config interface 'wan'
	option device 'eth0.22'
	option proto 'dhcp'

config interface 'dmz'
	option proto 'static'
	option device 'br-dmz'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option type 'bridge'
root@AC6:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    link/ether 50:d4:f7:0f:03:8f brd ff:ff:ff:ff:ff:ff
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 50:d4:f7:0f:03:8d brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
7: eth0.11@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 50:d4:f7:0f:03:8d brd ff:ff:ff:ff:ff:ff
8: eth0.22@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 50:d4:f7:0f:03:8f brd ff:ff:ff:ff:ff:ff
    inet public.ip brd some.brd scope global eth0.22
       valid_lft forever preferred_lft forever
9: br-dmz: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 50:d4:f7:0f:03:8f brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.1/24 brd 192.168.2.255 scope global br-dmz
       valid_lft forever preferred_lft forever
    inet6 fe80::52d4:f7ff:fe0f:38f/64 scope link 
       valid_lft forever preferred_lft forever
10: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 50:d4:f7:0f:03:8e brd ff:ff:ff:ff:ff:ff
    inet6 fe80::52d4:f7ff:fe0f:38e/64 scope link 
       valid_lft forever preferred_lft forever
11: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-dmz state UP qlen 1000
    link/ether 50:d4:f7:0f:03:8f brd ff:ff:ff:ff:ff:ff
    inet6 fe80::52d4:f7ff:fe0f:38f/64 scope link 
       valid_lft forever preferred_lft forever

Any suggestions are welcome

Hi
this device is a "swconfig" device
so, when network start up, eth0.x interfaces will be created according to
config switch_vlan entries

your mistake is this:

you try to create software vlan device on top of existing switch/eth0.xx device

please remove every


config device
	option type '8021q'

config entry

What device and openwrt version are you using?

ubus call system board 
{
	"kernel": "5.10.176",
	"hostname": "AC6",
	"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
	"model": "TP-Link Archer C6 v2 (EU/RU/JP)",
	"board_name": "tplink,archer-c6-v2",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.5",
		"revision": "r20134-5f15225c1e",
		"target": "ath79/generic",
		"description": "OpenWrt 22.03.5 r20134-5f15225c1e"
	}
}

Ok so that is current. But there are lots of errors.

My advice is to reset to defaults and post that config here. Along with that, you can describe your desired vlan configuration and we can advise the appropriate changes.

That dosen't help

I wouldn’t expect that it would help because there are multiple problems. A reset is the best way to move forward.

I need 2 vlans. One for trusted devices and one for dmz(vacuum cleaner, rpi "server", "home lab" experiments). There is an old tplink router with openwrt 17 that will be used for managed switch.

Is this the main router?

config interface 'dmz'
	option proto 'static'
	option device 'br-dmz'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option type 'bridge'                       <---------

Removing that fixes the problem.

I would like to hear about the other errors, if you can spare the time.

AC6?
Yes it is.

I’m on a mobile device, so it is not really practical to go through all the issues. But the radios don’t belong in the network file, bridge statements do not belong in network interface stanzas, etc.

A fresh start is best.

I think the initial config is dragged from openwrt 21 or even might be from 19. If I have time I'll reset it some time in the weekend

Configs from 19.07 are not compatible with 22.03. Best to reset to make sure you start with a proper config for 22.03

The mentioned syntax issues were already invalid in 19.07 (and before, 'always', actually), so it's really best to give it a fresh start,

1 Like