Is it even possible to assign VLAN to each SSID on OpenWrt?

Let me give everyone an idea of what I am trying to accomplish with OpenWRT on the WD MyNet N750.

I have an old Netgear WNAP210 dedicated WAP. Which is configured with 2 SSIDs each is VLAN tagged and routed through a single port back to the rack. 1st SSID is tagged 'vlan1' and the 2nd SSID is tagged 'vlan3' as seen as in this screenshot:

WNAP210

I have been looking at the gui menus in OpenWRT and I haven't seen a direct way to actually assign a vlan tag to the SSID. So is there a "workaround" or OpenWRT just isn't design to do that?

I want to ask because I don't want to waste any more time if it is not possible. Especially since I can't even change the IP address on the router.

Yes

(Generic instructions follow)

  • Create a bridge interface for each VLAN you want to associate with one or more SSIDs, call it "vlan100" for clarity (this does not set it to be a VLAN, it's just a name)
  • "Bridge over" the sub-interface of the physical interface connected to the bridge, eth0.100 for example
  • Configure the wireless interface to attach to the bridge you just created
  • Adjust your switch, as needed. Note that many switches have a limit of 16 or 128 table entries, so larget VLAN tags will require use of the vid and pvid options in the config.

(If that's not obvious on how to accomplish, please let us know if you prefer to configure with files, or with LuCI)



As an example of file-based config of the bridge interface:

config interface 'vlan100'
	option type 'bridge'
	option stp '1'
	option ifname 'eth0.100'
	option proto 'none'
	option auto '1'
	option delegate '0'

It is option ifname 'eth0.100' that sets the VLAN tag, not the interface name.

Okay, that makes much more sense by creating a bridge so the SSID can sit on. So according to what you wrote each bridge can be assigned a vlan tag

1 Like

It's actually the enslaved Ethernet interface that does the tagging/untagging on its "wire", but yes, it sounds like you've got it understood.

Edit:

You'll probably want firewall rules to prevent VLAN-to-VLAN forwarding, as well as either or both controlling the "listeners" on the OpenWrt box itself, either or both with config of the service and "input" rules.