Mixing Untagging (native) and Tagged VLAN on Trunk

Hello, new to OpenWRT.

I have a network with opnsense -> managed router -> WAPs, and replacing WAPs (mix of dd-wrt, tomato, voxel) with Linksys MX4300 running OpenWRT. All routing/DHCP is done on OPNsense,

I have several VLANs, and, for historical reasons, use native (untagged) VLAN for management subnet. I know it might not be the best approach, but I could configure it with dd-wrt and tomato, and at the moment don't want to make major changes.

I was able to configure OpenWRT as AP, enabled VLANs and configured:

Device:

br-lan:
1 U*
20 T

Interfaces

lan
static IP
device: br-lan.1

home
static IP (diff subnet)
device: br-lan.20

WiFi
several WiFis using either "lan" or "home"

After reboot (!) it works. But:

  • sometimes I would not get IP on device connecting to WiFi. I see DHCP advertised on OPNSense side, but device is not connecting. Sometimes it's not even doing self-IP, just disconnects from the network - other time it does self-IP
    Clarification: this is only on untagged / VLAN1. Everything works on VLAN20.

I'll be watching/troubleshooting this more, just wonder if config above is what is supposed to work in general.

Thanks!

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

[info deleted]

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

  1. Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
  2. Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
  3. Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

Thanks. I understand this is not a main branch, was hoping somebody to confirm that configuration is correct (there are other threads about mixing untagged and tagged VLANs on trunk)

The main reason we cannot support forks like this is that we don’t know what they have changed and how it should work. Sometimes their modifications make the operation materially different, meaning that applying advice based on official openwrt constructs will break things badly.

That said, on a basic bridged AP, usually only one interface (the one used to manage the device) will have an address and the other(s) will be unmanaged.

Further, in official openwrt, the bridge must always be declared outside the network interface config stanza. If the bridge is defined within it, things break.

1 Like

Redundant defaults signify that whomever made a fork did change supposed defaults, like 200 of them for simple wifi. Cannot guess the remaining 199.

Thanks all - let me revisit it when I have HW which can run official OpenWrt.

1 Like

To close the topic - at the point the thinking is that not being able to connect had nothing to do with network configuration.

Also, after further searching I found a thread with links to excellent videos, which confirmed my config.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.