Hi all,
i'm having some issue trying to port the configuration of a dumbAP from a Xiaomi 3g running Openwrt 19.XX to a Xiaomi AC2350 running OpenWrt 22.03.2.
I don't know if it relevant but my luci-switch layout looks like it should be in new DSA architecture, but my luci-bridge vlan filtering it doesn't.
Set up an admin interface with some obscure IP range and a DHCP server. Attach a wifi AP to admin. Log in by wifi so you don't need Ethernet to stay in contact.
Define one bridge (ok to just expand the existing br-lan) containing all 4 ports lan1 lan2 lan3 and wan.
Define three bridge-vlans within br-lan numbered 1, 165, and 195. Declare ports tagged or untagged as needed.
Make unmanaged interfaces for the VLANs that only bridge from ethernet to wifi. Their device is br-lan.165, etc. Note these are interfaces, not bridges. Bridge functionality is inherited from the main bridge.
For the lan interface which does hold an IP, use br-lan.1 as device. Again do not declare an additional bridge.
In the wifi config, use option network is the interface name without any VLAN numbering.
thanks @mk24 and @psherman
I reset the router many times. Installed snapshot, 21.xxx and stable. After two days that's the only working setup I've found.
As @mk24 wrote and as every DSA howto which I read says, I've to start defining a bridge containing lan ports.
Unfortunately, even in a totally fresh install, interfaces and devices pages do not show the ports, but eth0.1 and eth0.2, so I'm in trouble since the first step.
I don't know if it is an issue of the luci web interface or something else,
Is there something I could do/check?
this implies that the device has not been migrated to DSA (at least in 21.02).
Have you installed 22.03.2 (latest as of this writing)? When you do this, make sure you do not keep settings -- this will cause the device to be reset to defaults.
Once that is done, please post your config file here and we'll take a look:
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
Your earlier config files has many things wrong, so don't try to re-use it. For example, in this section of your original config:
The bridge should not be defined here (and will cause it to break). The bridge is defined as its own device stanza. Likewise, ports do not get used in the network interface definition -- you'll use devices (i.e. br-lan) which will be defined elsewhere to include the ports. And finally, the wlan connections should never be made in the network file -- they are the domain of the wireless file where you actually attach the network to the radio (rather than attaching the radio to the network).
There are many other issues with the earlier file -- it's not worth going through every item... I'll point out one other one, though...
I'd avoid using the word trunk as a bridge/interface name because it has a very specific meaning in the context of VLANs (it is a term that refers to carrying more than one network on a single port/cable; the way you have it defined does not represent the same concept). This won't cause a technical issue, but it will make discussions (and readability) harder and more confusing.
Normally, I'd try reverse engineering your original config, but it may be easier if you can explain what your goals are in terms of the following:
For each additional network that you wish to configure, provide the:
name
desired VLAN ID
subnet (i.e .192.168.20.0/24),
wifi/wired/both
and if ethernet is involved, what port(s) will be used
since this is a dumb AP, remove the wan and wan6 networks. They are not needed.
Configure lan with a static IP
Change the VLAN number of lan from 1 to 165 both in the switch and in br-lan (list ports eth0.165 instead of eth0.1)
Change the former VLAN 2 (was used for wan, so not needed for that now) to be 195.
Set the wan physical port (1) in the switch as tagged in 165 and 195. The lan physical ports (2, 3, and 4) remain untagged in 165.
Make a br-guest with eth0.195 as its only port.
Make an interface guest, proto unmanaged, with br-guest as its device.
Make wifi APs for lan and guest. Use option network in the wireless config to attach them to the lan or guest networks. Do not refer to wlan devices anywhere in /etc/config/network.
@mk24 has covered it... assuming that the intent is indeed the same as your earlier config file suggests, the reverse engineering and subsequent instructions from @mk24 should get you running exactly as you want.
I did some minor change, but it worked!!
Many thanks!!!
I'm pretty sure that was my first setup which failed for some reason.
Maybe I messed up something in Vlan
these are my final config files
# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd47:94e1:5c1a::/48'
config device
option name 'br-undelete'
option type 'bridge'
list ports 'eth0.1'
config interface 'undelete'
option device 'br-undelete'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0t 1t'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '165'
option description 'lan'
option ports '0t 1t 2 3 4'
config device
option type 'bridge'
option name 'br-lan'
list ports 'eth0.165'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.165.197'
option netmask '255.255.255.0'
option ip6assign '60'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 1t'
option vid '195'
option description 'guest'
config device
option type 'bridge'
option name 'br-guest'
list ports 'eth0.195'
config interface 'guest'
option proto 'dhcp'
option device 'br-guest'
In most cases, the dumb AP should only have an address on the network that is actually being used to manage the device. The rest should have proto 'none' (unmanaged). I would highly suggest that you change guest to none, as well as one of the other two networks (whichever one is not used to manage the device)... unless you have a specific reason that the OpenWrt dumb AP needs to be managed/directly reachable (for admin purposes or other services on the device) by multiple networks.
Not wrong, no. So VLAN1 is purely a backup network and not really tied to any day-to-day functional ones? In that case, not sure, makes sense.
I'd use a slightly different approach, though.
make VLAN 1 (or any VLAN ID of your choosing) the management VLAN, separate from my normal LAN.
Allow routing (on the main router) from my main LAN > management network (can be the entire network or more granular access, if desired) so that the devices on the main LAN can reach and manage the infrastructure devices.
Have a spare port on one of the infrastructure devices by which you can directly connect if you have issues with your router or other networks.
