How to share the internet from LAN1 port to wan.35 via vlan 35?

I am doing a project. So, I use an openwrt router as an AP, it gets the internet from LAN1, then to WAN via vlan 35. Other ports I think don't support vlan so I choose WAN port for this. I deleted all WAN related interfaces.
This is my /etc/config/network:

root@Zyxel_P-2812:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix ''
	option packet_steering '1'



config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'wan'

config device
	option name 'lan1'
	option macaddr ''

config device
	option name 'lan2'
	option macaddr ''

config device
	option name 'lan3'
	option macaddr ''

config device
	option name 'lan4'
	option macaddr '

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.50'
	option netmask '255.255.255.0'
	option gateway '192.168.1.1'
	option dns '192.168.1.1'


config device
	option type '8021q'
	option ifname 'wan'
	option vid '35'
	option name 'wan.35'

config interface 'test'
	option proto 'none'
	option device 'wan.35'

I was thinking, can I just do this instead:

resim924×767 63.5 KB

If you remove lanX from the bridge br-lan it autonomously supports vlans.

I don't understand, so if I pick lan2 for example, take it out of br-lan? So then I make lan2.35 right? But I can't make it UP. It always stays down. I assumed it doesn't support VLAN's.

I suppose you want to bridge wan.35 to tv or voip phone?
make a nrw bridge and add two ports.

Let me tell you simply, I want just regular AP but lets assume only one client needs it via vlan 35, not the normal way. Which there will be only one client anyway. Internet > Openwrt LAN1 port> to some port with vlan 35 tagged.

Ok, youll need to enable vlans on br-lan
Somebody smarter can tell you how, then do "guest wifi" setup, ie firewall zone, no wifi, then add device brlan.35 which can be tagged or untagged on any port.

Sorry couldn't understand any of what you say This seems extremely hard tho. I'll just do something else then. Thanks.

Nope, it is guest network, by definition isolated from main lan, just that enabling dsa vlans is a bit fragile process.

All ports support VLANs.

Can you describe how things are connected and where each VLAN is coming from?
Also, what do you want each of the other ports to do?

Ok, here is my drawing of this issue. I want to replace the laptop with an openwrt router instead. Normally this setup works on the laptop. Laptop is just so huge, also inconveinient. Thats why i want to change it.

10001206151920×1440 81.8 KB

Where is the internet in this diagram? Usually the upstream most router (i.e. the one connected to the ISP) is the one that will terminate the PPPoE connection.

Also, why do you have 3 routers in the mix? What purpose does each have in your network?

And going back to the PPPoE -- typically that is only terminated on one router. You usually don't need to propagate the VLAN + PPPoE beyond that first terminating router. And, if you do, it also requires that the ISP allows multiple PPPoE connections on the same account/service line.

The router on the lefr provides the internet. Its a "don't care" situation we dont have anything to do with the left router.

Also you can have a pppoe server running inside your lan. Its a double nat i know but in my case it doesnt matter that much.

I need to test some routers. Normally i could do this with dhcp, but with pppoe its significantly faster for me, also it can pull firmware upgrades on its own. They hardcoded these so it is what it is, cant change that fact. They are set up like that.

So the PPPoE connection is not coming from the ISP? Ok, so sure you can do that. But why? PPPoE has quite a bit of overhead and thus degrades performance while increasing complexity. I totally get it if you're doing this as a home-lab/educational experiment, but I'd say it's unusual and generally undesirable under any other normal circumstances.

That said, where is the PPPoE server and the PPPoE client? Looks like the right most router is the PPPoE client. Does that make the middle router the server? Or is the server coming from either the left hand router or the ISP (if one of these, which is it)?

To be clear, I'm trying to figure out where VLAN 35 originates and where it needs to go. Does it originate at the ISP? At the left router? Middle router?

Pppoe server is inside the laptop, client would be the right of that. I want to change the laptop with an openwrt router out of conveinence.

The right router is the pppoe client and asks for vlan 35 from the laptop.

As i said overhead doesnt matter for this case. Its an in house experiment.

So if the vlan will originate on the middle router, you only need a single port to participate in that vlan. As such, it should be as simple as removing that port from the bridge and adding it to the network interface that will service that port (with a PPPoE server enabled). Therefore, that interface would have option device ‘lanx.35’ where x is the lan port you plan to use.

Hmm ok. I will try that tomorrow.

You will need to install package rp-pppoe-server, which is probably the same that you are using on Debian.

Almost done, pppoe server works, but the client on the right, can't get to the internet. Although it gets an IP address from the PPPoE server from the middle router. Totally, ip forwarding issue. How to solve this?

That is a routing issue, most likely.

• Check to make sure the firewall allows forwarding from the PPPoE server/network to the wan.
• Ensure that there are no conflicts/overlaps of the networks and addresses.

That said, I've never setup a PPPoE server, so I don't know if there are other configuration parameters that need to be be setup for it to route properly.

What if I just disable the firewall entirely? This is an inside job anyway. Inside of the intranet. It's simiiliar to a DMZ.