Multiple VLAN on DSA

Hi all,

You may have seen my previous post asking about Archer C7 vs WRT1900ACS v2. I've now upgraded from v19.07 to v23.05 on my WRT1900ACS v2. This has obviously lost the previous "switch" feature for VLAN tagging which I'm now trying to re-setup through DSA but struggling, so I'm hoping someone is able to assist.

I've attached a screenshot from my Archer C7 which I setup as a mirror of the WRT1900ACS before I upgraded it. It shows the VLAN tagging and to which port they are assigned.

Router Switch setup1006×499 21.5 KB

Each VLAN is then linked to the corresponding network interface and Wireless SSID. Creating effectively fully separate networks.

I haven't done the firewall configuration for them all as yet, but wanted to get the Switch ports setup correctly.

Hope this makes sense!

Please post the network config file for the WRT1900ACS:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network

Just confirming, still post the WRT1900ACS config even though it currently doesn't work as required?

None of my other wireless SSIDs are working as I'd like either as yet.

We'll setup the network file so that it is properly VLAN aware... from there, the rest should be fairly straight forward.

I've attached it below, Each network (except my main LAN) has a 2.4G and 5G separate wireless SSID. I can't seem to get them to speak to the Network Interfaces as yet either to start working.

As you can see, I have been faffing about with it but to no avail.

root@Router:~# ubus call system board
{
        "kernel": "5.15.134",
        "hostname": "Router",
        "system": "ARMv7 Processor rev 1 (v7l)",
        "model": "Linksys WRT1900ACS",
        "board_name": "linksys,wrt1900acs",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.0",
                "revision": "r23497-6637af95aa",
                "target": "mvebu/cortexa9",
                "description": "OpenWrt 23.05.0 r23497-6637af95aa"
        }
}
root@Router:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd00:91f8:eee1::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'wan'
        option macaddr 'REDACTEDWANMAC'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config interface 'GUESTNET'
        option proto 'static'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.240'
        option type 'bridge'
        option device 'GuestNet2.4G'

config interface 'IOTNET'
        option proto 'static'
        option device 'IoTNetBridge'
        option ipaddr '10.10.1.1'
        option netmask '255.255.255.192'
        option type 'bridge'

config interface 'LAURA_NET'
        option proto 'static'
        option ipaddr '192.168.4.1'
        option netmask '255.255.255.0'

config device
        option type 'bridge'
        option name 'IoTNetBridge'

Ok... so we'll reproduce what you have in your first post:

• Port LAN 1: VLAN 10 (IoT), 30 (Guest) and 100 (Home) all tagged.
• Port LAN 2: VLAN 10 untagged
• Port LAN 3 and LAN 4: VLAN 100 untagged

You may want to upgrade to 23.05.3 which was recently released.

On to the VLANs:

Create bridge-VLANs:

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan1:t'
        list ports 'lan2:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '30'
        list ports 'lan1:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '100'
        list ports 'lan1:t'
        list ports 'lan3:u*'
        list ports 'lan4:u*'

Edit the lan interface to use br-lan.100:

config interface 'lan'
        option device 'br-lan.100'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

Simlarly, edit GUESTNET to use br-lan.30. Also, remove bridge line -- that will break things. Side note -- is there a reason this network is a /28? Often, /24 is preferred (just easiest). If you want to keep it as a /28, make sure that your DHCP pool is set properly.

config interface 'GUESTNET'
        option proto 'static'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.240'
        option device 'br-lan.30'

And we'll make similar chagnes to IOTNET with br-lan.10. Same question about subnet size -- why a /26?

config interface 'IOTNET'
        option proto 'static'
        option device 'br-lan.10'
        option ipaddr '10.10.1.1'
        option netmask '255.255.255.192'

I'm not sure what is happening with LAURA_NET, so I'll leave it there for now.

Delete this:

And reboot your router. It should now have working VLANs, assuming the DHCP and firewall files are properly configured.

That is so annoyingly and frustratingly simple when you show it works like that. That's fantastic! Everything now working as expected, thank you a lot for your help!

I'm now going to spend some time working out how to set up an SSL VPN server to run on it.

Glad I could help!

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.