I currently have a problem with a Netgear EX6400 v1 and OpenWrt 23.05.4.
I would like to create a dumb access point with 2 different SSIDs and 3 VLANs.
The SSIDs should be on VLAN ID 30 and 31. The AP should only be accessible via VLAN 1. The SSIDs should only “pass through” the traffic which is then routed via a pfSense FW.
I had already set this up earlier, but unfortunately the config doesn't seem to work with the device or I'm missing something...
Can you help me?
I also tried it with the proposed config from my last thread but then i cant reach the ap anymore and wifi doesnt work either.
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd3f:c3ef:6c7c::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'dhcp'
config device
option type '8021q'
option ifname 'br-lan'
option vid '31'
option name 'br-lan.31'
option ipv6 '0'
config device
option type '8021q'
option ifname 'br-lan'
option vid '30'
option name 'br-lan.30'
option ipv6 '0'
config interface 'home'
option proto 'none'
option device 'br-lan.30'
config interface 'guest'
option proto 'none'
option device 'br-lan.31'
Ok so i kind of figured it out... i think what i have to do is to create a vlan802q on the eth0 device and then bridge it again. That seems to be working. Is this the correct way?
By the way (and this is no offense... i know how hard it is to keep a good documentation) the wiki guides are extremly unorganized. I found one tutorial under the vlan section after reading it i knew what i had forgotten. But man... did it take long to find what i was looking for.
EDIT
ok... apparently it doesn't mean that if something works for one device, it will work for another. A Zyxel NWA55AXE should act as another AP for outdoor use. I tried the same config on Zyxel: does not work. What is different about it now?
There are two possible approaches, but what you have currently will not work.
Start by deleting the 802.1q stanzas:
Next, create two new bridges like this:
config device
option name 'br-home'
option type 'bridge'
list ports 'eth0.30'
config device
option name 'br-guest'
option type 'bridge'
list ports 'eth0.31'
Finally, edit your interfaces to look like this:
config interface 'home'
option proto 'none'
option device 'br-home'
config interface 'guest'
option proto 'none'
option device 'br-guest'
That should do the trick. This does assume that the upstream router and the trunk path to the AP is all properly configured.
Sadly your proposed config does not work. Thats what i tried at first because this worked with the netgear ex6400. With the Zyxel NWA55AXE one this does not work.
I also tried the dsa config that works at home with my D-Link AP.
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan:u*'
config bridge-vlan
option device 'br-lan'
option vlan '30'
list ports 'lan:t'
config bridge-vlan
option device 'br-lan'
option vlan '31'
list ports 'lan:t'
config interface 'lan'
option device 'br-lan.1'
option proto 'dhcp'
config interface 'home'
option device 'br-lan.30'
option proto 'none'
config interface 'guest'
option device 'br-lan.31'
option proto 'none'
the thing is that the zyxel does have 2 ethernet/lan devices in openwrt but just 1 physical. I am a bit confused. The difference here is that the default interface that gets created when flashing openwrt is bridged over lan and not eth0. But i tried it also with eth0... sadly it changes nothing
EDIT
so... what seems to work (but is certainly not the “way to do it right”) is to bridge the existing bridge from lan (br-lan) again with a vlan... the config looks like this:
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan'
config interface 'lan'
option device 'br-lan'
option proto 'dhcp'
config device
option name 'eth0'
option ipv6 '0'
config device
option type 'bridge'
option name 'brlan30'
list ports 'br-lan.30'
option ipv6 '0'
config interface 'home'
option proto 'none'
option device 'brlan30'
config device
option type 'bridge'
option name 'brlan31'
list ports 'br-lan.31'
config interface 'guest'
option proto 'none'
option device 'brlan31'
EDIT2
Nvm... dont know why it first worked... after a reboot its the same situation as before.
Ok so i reverted everything back to your proposed configuration:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd15:0f93:fafe::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan'
config interface 'lan'
option device 'br-lan'
option proto 'dhcp'
config device
option name 'eth0'
option ipv6 '0'
config device
option type 'bridge'
option name 'br-lan30'
list ports 'lan.30'
option ipv6 '0'
config interface 'lan30'
option proto 'none'
option device 'br-lan30'
config device
option type 'bridge'
option name 'br-lan31'
list ports 'lan.31'
option ipv6 '0'
config interface 'lan31'
option proto 'none'
option device 'br-lan31'
i started to name the devices and interfaces after the vlans... but apart of that i think this is what you proposed am i right? This does not work... maybe it is the upstream, but i think the switch should be configured correctly. VLAN 1 is Untagged and PVID, VLAN 30 and 31 are tagged for the Port which the AP is connected to.
Let's validate the switch and router are working properly...
On the switch, if you have two physical ports available, set them as access ports -- one to VLAN 30 and the other to VLAN 31. That is, they will be unagged + PVID on those respective ports, no tagged networks.
Then plug in a computer into each of those ports and verify that they are able to connect to the correct network. If that doesn't work, the problem may be the switch and/or router.
So i checked that. The Switch is working if connected via lan to both untagged vlans.
I also checked with tcpdump the communication from the ap and ssids on pfsense. I can see the whole dhcp communication etc and pfsense receives and transmits them but as far as i can tell, they are never arriving at the end host (aka my laptop) when connected to the AP. The FW on the AP is disabled, so thats not the issue.
I can also see on the Interface Page that there is only TX Traffic and no RX Traffic on all Ports except the Management Port (aka lan with no vlan).
It may be best to reset the AP to defaults. It’s not hard to redo these configs. But I’m confused because I see a reference to eth0 as well as the lan port. That is a bit unusual, so let’s see what the defaults look like. Then we will build up from there.
that's what I meant before. The AP has a physical Ethernet port. However, when OpenWRT is freshly flashed, two ports (lan and eth0) appear in the device page. By default, lan is bridged and set to the address 192.168.1.1.
All the stuff you guys already gone through is above my head, but just in case it helps, when I worked on getting a similar setup,I followed the instructions by this kind chap... OneMarcFifty
Does anyone know why he's stopped making videos btw, he was brilliant.
Anyways, that video of his isn't wholly relevant because since that an update to openwrt means a change of how vLans are configured in Luci, but I think he has another video that covers the change.
Also, whenever I update my openwrt devices, I always have to remember to turn off firewalls and dnsmasq services in the dumb APs as well because even with saving settings during upgrade, those services become re-enabled. I just wondered if that might be affecting you?