I want to setup a couple of vlans for dynamic PSK on a linksys ea8300 router using 1 SSID and also pass these vlans to 1 Lan port which will feed another ea8300 router which will act as a dumb AP.
Hope anyone can help point me in the right direction, I am not new to openwrt but haven't set up a Dpsk before on openwrt and also haven't set up Vlan using the DSA switch before.
Hi @NPeca75 thanks for replying and sharing your config.
could you share some info on what this config does ?
If I understand it correctly, the way you have it set up means, the vlan changes based on the input password, I see one configured for vlan 100, vlan 200 and vlan 255.
And all vlans are assigned as tagged to lan port 4 except vlan 1 is untagged
Would this configuration be reflected in luci GUI too or will it only be visible via cli ?
yes, at least for network devices/interfaces
to be honest, i would not dare to touch anything in Luci in wireless section after putting this config
yes, untagged, and unused
so either you change this and put static address on vlan1
or ...
you need the way to access your OWRT on vlan255 (tagged)
or from the WIFI with vlan255 password
okay I understand somewhat better now.
Do you use the same vlans for wired network devices too?
I see, so how/where did you configure if any dhcp pools for the vlans ?
Also would I need to configure firewall rules for these ?
Semi confused on this part, this only applies for connections from my 2nd router / dumb AP correct ? because if I connect directly to a lan port on the main router I could still connect to OWRT
Also curious about this, if I understand the config correctly you access management using ipv6 ?
yes
ok, in my example, only lan4 is used as trunk port since i using this device s dumb ap, wifi only, but ... nothing stops you to add lan1,2,3 to some vlan
config bridge-vlan
option device 'switch'
option vlan '200'
list ports 'lan4:t'
list ports 'lan1:u*' <== add this line
list ports 'lan2:u*' <== add this line
so you will have vlan200 on lan1 & 2 as untagged,native
since LuCI will not mess network/interfaces/devices/firewall, you could use LuCI for this. Only place where LuCI is problematic is wireless, because LuCI does not know about dynamic vlans and how to configure
using both, v4 (169.254.x.x) and v6 (fd00:1::xxx)
suppose that you will need to access your OWRT router for management ?
i give you recipe how
thanks alot for all the info @NPeca75 , I'm ready to go try and configure it now.
I have one last question, to configure the internal wifi on the main router would use the same config ? I'm trying to visualize in my head how to do it before I start.
I've adjusted the given config to suit my needs and everything looks fine in luci and the passwords for the vlans work, I only have 1 issue when I try the wifi it doesn't give me an IP address, I left 1 wifi radio without vlan just to be able to access to router while setting up.
Now that I'm thinking about it, is this config tailored for the "dumb AP" router 2 and the vlans should get the ip's from dhcp pools on the main router, is this assumption correct ?
here are my configs:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd39:b6a4:8f77::/48'
config device
option name 'br-lan'
option type 'bridge'
option vlan_filtering '1'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config bridge-vlan
option device 'switch'
option vlan '20'
list ports 'lan4:t'
config bridge-vlan
option device 'switch'
option vlan '30'
list ports 'lan4:t'
config bridge-vlan
option device 'switch'
option vlan '40'
list ports 'lan4:t'
config bridge-vlan
option device 'switch'
option vlan '260'
list ports 'lan4:t'
config interface 'vlan20'
option proto 'none'
option device 'switch.20'
config interface 'vlan30'
option proto 'none'
option device 'switch.30'
config interface 'vlan40'
option proto 'none'
option device 'switch.40'
config interface 'vlan260'
option proto 'none'
option device 'switch.260'
option ipaddr '169.254.1.101/24'
list dns '169.254.1.1'
config device
option name 'lan1'
option macaddr 'e8:9f:80:a2:c6:fa'
config device
option name 'lan2'
option macaddr 'e8:9f:80:a2:c6:fa'
config device
option name 'lan3'
option macaddr 'e8:9f:80:a2:c6:fa'
config device
option name 'lan4'
option macaddr 'e8:9f:80:a2:c6:fa'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.5.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'wan'
option macaddr 'e8:9f:80:a2:c6:f9'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
oke so I've made some changes to the config, I feel like I'm very close to having it done but I am missing some small parts, where do I setup the dhcp pools, would this be in interfaces ?
in your config vlan2 is tagged, wouldn't this mean you have to configure vlan2 on all your devices for it to work ?
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd95:f630:65c6::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan4:u*'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'lan4:t'
config bridge-vlan
option device 'br-lan'
option vlan '30'
list ports 'lan4:t'
config bridge-vlan
option device 'br-lan'
option vlan '40'
list ports 'lan4:t'
config bridge-vlan
option device 'br-lan'
option vlan '260'
list ports 'lan4:t'
config interface 'vlan1'
option proto 'none'
option device 'br-lan.1'
config interface 'vlan20'
option proto 'none'
option device 'br-lan.20'
config interface 'vlan30'
option proto 'none'
option device 'br-lan.30'
config interface 'vlan40'
option proto 'none'
option device 'br-lan.40'
config interface 'vlan260'
option proto 'none'
option device 'br-lan.260'
option ipaddr '169.254.1.101/24'
list dns '169.254.1.1'
config device
option name 'lan1'
option macaddr 'e8:9f:80:a2:c6:fa'
config device
option name 'lan2'
option macaddr 'e8:9f:80:a2:c6:fa'
config device
option name 'lan3'
option macaddr 'e8:9f:80:a2:c6:fa'
config device
option name 'lan4'
option macaddr 'e8:9f:80:a2:c6:fa'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.5.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'wan'
option macaddr 'e8:9f:80:a2:c6:f9'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
did you see in my config something similar ?
to reference a "whole" device without dot ?
i think not
and .. please, could you explain, how interface section will match with this?
for example, how network 'vlan260' will match your "fantasy" name interface 'lan' ??
and now, the main question
you want to setup main router ? or dumb AP ?
could you ask this question in another way? i really don't understand
maybe, after all, you should exactly say what you want
for ex:
i want DumbAP with vlan 10,20,30 for wifi and vlan1 for management
or
i want Main Router with vlan 10,20,30 for wifi and one trunk port for downstream to DumbAP
I thought the br-lan was just a name and had to be the same in all instances
I guess I don't understand it, yes I did see that your config only has "switch" in all instances
I guess I'm further away to getting done than I thought
in my mind I assumed I would have to change to vlan interface protocol to static and set up dhcp
Yes I'm trying to setup main router (afterwards my current active router will get upgraded to new OWRT and become dumb AP)
To my understanding a tagged vlan would require devices to have a vlan number configured on the interface they are using to connect, let say a windows pc, I would have to configure the vlan number to be tagged, but maybe I'm confusing wired connections ?
this is what I'm trying to accomplish;
i want Main Router with vlan 1 untagged ,20,30 tagged for wifi and one trunk port for downstream to DumbAP
I'm sorry to bother you so much will all these questions you've been great help so far, even though I've messed the config up numerous times I am learning a lot by your input
edit:
vlan1 is untagged on all LAN
LAN4 is trunk
since we still using "fantasy name" 'lan', dhcp server on vlan1 will work out of box
for other vlan's, you will need to setup dhcp server from LuCI
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config device
option name 'lan1'
option macaddr 'e8:9f:80:a2:c6:fa'
config device
option name 'lan2'
option macaddr 'e8:9f:80:a2:c6:fa'
config device
option name 'lan3'
option macaddr 'e8:9f:80:a2:c6:fa'
config device
option name 'lan4'
option macaddr 'e8:9f:80:a2:c6:fa'
config device
option name 'wan'
option macaddr 'e8:9f:80:a2:c6:f9'
config device
option type 'bridge'
option vlan_filtering '1'
option name 'br-lan'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'lan4:t'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'lan4:t'
config bridge-vlan
option device 'br-lan'
option vlan '30'
list ports 'lan4:t'
config bridge-vlan
option device 'br-lan'
option vlan '40'
list ports 'lan4:t'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.5.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'vlan10'
option device 'br-lan.10'
option proto 'static'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
config interface 'vlan20'
option device 'br-lan.20'
option proto 'static'
option ipaddr '192.168.20.1'
option netmask '255.255.255.0'
config interface 'vlan30'
option device 'br-lan.30'
option proto 'static'
option ipaddr '192.168.30.1'
option netmask '255.255.255.0'
config interface 'vlan40'
option device 'br-lan.40'
option proto 'static'
option ipaddr '192.168.40.1'
option netmask '255.255.255.0'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
i am against using this practice, because if you look at config, what we have?
device br-lan
interface 'lan'
and phy rj45 called lan1,2,3,4
so, LAN everywhere
and on top of it, there is dots like lan.2
it could be (it IS) confusing
since you using "advanced" mode, dealing with vlans, in my first example i tried to teach you trough config what is what
switch is internal switch
and interface is vlanX
but, since OWRT default (firewall & dhcp) points to fantasy "lan" it was easier for you to adopt default "lan" name at least for vlan1 and be able to access your device
so, everything is okay, at least, from "it is working, yeahhhh" point of view
other point is:
using vlan1 for management is suicide
using config with vlans without fully understand vlans, tagged, untagged, internal switch, etc ... is ...
I see, so how/where did you configure if any dhcp pools for the vlans ?
you've been great help so far, even though I've messed the config up numerous times I am learning a lot by your input