Is my VLAN configuration correct?

Hello,
I have a GL-iNet M6000 (Flint 2) with the pre-installed OpenWRT 23.05 branch from GL-iNet.

My setup is the following:

I have a static IP which is configured on my router.
I struggle with the VLAN 13 (named #VoIP#) which is to be used from my VoIP ATA.

Since I don't have a Switch option in the Network menu, I created an interface and a device. The current configuration is the following:

config device
        option type '8021q'
        option ifname 'lan2'
        option vid '13'
        option name 'lan2.13'

config interface 'VoIP'
        option proto 'static'
        option device 'lan2.13'
        option ipaddr '10.1.1.0'
        option netmask '255.255.255.252'
        option gateway 'STATIC IP'
        option broadcast '10.1.1.3'

In the firewall, I also have configured the VoIP VLAN to access WAN and the LAN to access the VoIP VLAN.

config zone
        option name 'VoIP'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'VoIP'

config forwarding
        option src 'VoIP'
        option dest 'wan'

config forwarding
        option src 'lan'
        option dest 'VoIP'

But, it looks like my configuration is wrong because I cannot access the ATA (VoIP VLAN) from my PC (lan).

Most of the documentation and videos are about configuring multiple VLANs on a single port and configure bridges in the process.

However, what I want to achieve is what I think, in Cisco terminology, called "Access Port", or else:

  • I want to have Lan 2 physical port on the router assigned to VLAN 13
  • Isolate traffic on this port
  • Provide a different DHCP subnet on that port
  • Control access to and from this port/subnet.

So, what do I miss?

I hope this is bounced since I am really stuck here.

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

  1. Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
  2. Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
  3. Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

This has nothing to do with the actual question, honestly.
At the end of day I can try to to apply the openWRT concepts in my router and if it's not working then we can discuss about the differences due to vendor's firmware.

In any case, I am sure I don't understand how VLANs are configured on openWRT.

Hi

since you mention LAN2, i suppose it is DSA device

so, you need to untag (access port) this vlan on LAN2
it is unclear from your configuration, do you use bridge vlan filtering or not ... but generaly
LAN2 need to be untagged with vlan 13
LAN2 need to be taken out from vlan 1

wild guess:

config device
        option type 'bridge'
        option vlan_filtering '1'
        option name 'br-lan'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan1:u*'
        list ports 'lan3:u*'
        list ports 'lan4:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '13'
        list ports 'lan2:u*'


config interface 'VoIP'
        option proto 'static'
        option device 'br-lan.13'

The way that VLANs (and many other things) work on official OpenWrt may not apply in vendor forks that are based on OpenWrt.

To be clear, vendor forks are often significantly modified relative to the official version. They have material impacts on the functional aspects and the syntax to the point that they are black boxes unless one has the specific knowledge of what changes were made and how they should operate. I am not exaggerating when I say that the syntax is often incompatible between the gl-inet forks and the real openwrt.

That is why you need to ask the maintainer or specific user community for the firmware you are using, or install official openwrt and we can help you here.

Actually you are right, I didn't have enabled VLAN filtering.
I have no clue how on earth I forgot this.

:slight_smile:
glad that you found it

if your problem is solved, please mark correct answer as solution and rename topic as [SOLVED]

Not yet.
I still haven't manage to get an IP.

ok
let's see /etc/config/network

No need.
I found it. It was the firewall. I had to added the interface in the existing DHCP rule.
Strange that was not taken care from luci

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.