How to set openwrt to work with Vlan created on OPNsense?

Guys, I'm having difficulty to pull this out .

this is my bridge setup:
the LAN 2 is where my openwrt is getting the LAN (UPLINK) from OPNsense pc, it was working as expected without vlan, but i want to add a vlan to it to separate my iot devices in a separated wireless (phy0-ap0) (vlan 20 is just for that phy0-ap0)

one of my doubts is if i set vlan ID 1 correctly, because i dont have vlan 1, but if i dont create it , my regular devices would stay without internet

so after setting the bridge and created a interface VLAN20 in openwrt , i was able to connect a wireless device to it , it receives the lease dhcp from OPNsense BUT somehow it dosnt receive internet and neither it or openwrt can ping 192.168.20.1 (my gateway on vlan 20 interface )

Here is my configs:

Network:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd1b:403f:14f5::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'phy0-ap0'
	list ports 'phy1-ap0'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.1.2'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.1.1'
	list dns '192.168.1.1'

config device
	option name 'phy1-ap0'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'phy1-ap0'

config bridge-vlan
	option device 'br-lan'
	option vlan '20'
	list ports 'lan2:t'
	list ports 'phy0-ap0'

config interface 'VLAN20'
	option proto 'static'
	option device 'br-lan.20'
	option ipaddr '192.168.20.2'
	option netmask '255.255.255.0'
	option gateway '192.168.20.1'
	list dns '192.168.20.1'

Firewall:

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'VLAN20'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'VLAN20'

would like to know if from openwrt point of view is everything correct , for then look to opnsense forum to see if i made a mistake in the opnsense configs

Remove the last 2 entries... the radios should not be referenced in the network config file:

delete this:

If VLAN 1 is untagged on all ports, make that explicit by adding :u* behind each port (for example: list ports 'lan1:u*'). Remove the phy1 line:

Remove the phy0 line:

Make VLAN20 unmanaged -- edit it like this:

config interface 'VLAN20'
	option proto 'none'
	option device 'br-lan.20'

Delete this:

Reboot and try again.

1 Like

Thanks, it solves. I though i would need to bridge the radio to untag it, but somehow openwrt auto untag the radio when connect it on the tagged interface

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.