Need help with VLAN on 24.10

psherman · March 13, 2025, 8:48pm

The config you have shared looks very messed up.

I'd recommend resetting to defaults and then we can get it working as expected.

fow0ryl · March 13, 2025, 9:02pm

OK. This was the result of setting up 6 VLAN's, setting up physical ports to VLANs and defining some wifi via luci.....

But I have a test device, so that I can start from scratch without loosing my internet...

Are these frist steps to do correct?

reset to factory defaults
disable firewall
setting up a 2,4 GHz wifi with clearly SSID
connect WAN to local network
-> Test Wifi

psherman · March 13, 2025, 9:28pm

Is the C7v5 the main router or an AP? It looks like is the AP. And, from your description, it isn't working anyway... so might as well just reset it to defaults and start fresh.

If you do go this route, is the test device also a C7? Or even if not, would this test device remain in service such that the C7 that you showed would be moved to be your test device?

Yes.

No. Not required and not recommended.

Yes.

No. You first need to change the address on the lan interface so that it is on the correct subnet but not conflicting with any other devices or your DHCP pool. Then, disable the DHCP server on this AP. Finally, connect the lan port to the upstream network.

Yes.

fow0ryl · March 13, 2025, 9:44pm

All my AP's are Dumb-APs. And my aim was to bring them all to a new OpenWrt Version.
The main router is still a NanoPi R2S running OpenWrt 22.03 for years now. With VLANs, SMS, LTE-Backup, WireGuard, ...

I would like to bring the Archer C7 v5 test-AP to full functionality (as 5th) AP in my local network. And then bring up the other non functional Archer C7 v5 too.
The 2 other AP's are WDR4900 running OpenWrt 24.10. now.

Prepared my test AP, as described.

reset to factory defaults
disabled firewall
removed wan, wan6 interface
changed lan interface from static to dhcp-client (with static address defined in dhcp server on main router)
disabled dhcp server too
created Wifi "Openwrt"

As expected the Windows client is able to connect to SSID "OpenWrt" and gets an IP from my local network. All fine until now.

Configs without defining any VLAN. defined vlan's are factory default.

/etc/config/

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd2e:361b:ce5b::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'dhcp'

config device
	option name 'eth0.2'
	option macaddr '98:da:c4:bf:c9:7f'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 4 5 0t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1 0t'

/etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option band '5g'
	option channel '36'
	option htmode 'VHT80'
	option disabled '1'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option band '2g'
	option channel '1'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'sae-mixed'
	option key '####'
	option ocv '0'

config wifi-iface 'wifinet2'
	option device 'radio1'
	option mode 'ap'
	option ssid 'NoVLAN'
	option encryption 'sae-mixed'
	option ocv '0'
	option key '####'
	option disabled '1'

psherman · March 13, 2025, 9:54pm

I recommended against this. But shouldn't matter as long as your device is managed by the lan netowrk.

Not necessary, but fine.

Good.

Next, let's get some info before moving on:

Do you want to use the wan port for the uplink? If so, we make that modification.
What are the rest of the VLANs and associated network names (i.e. VLAN 3 - guest, vlan 5 - IoT, etc.).
What should the port-vlan membership look like for the other ports on your device? (i.e. port 1 = lan, port 2 = iot, port 3 = trunk with alll VLANs tagged, etc.)?

fow0ryl · March 13, 2025, 10:06pm

Yes, I would like to use wan as uplink.
Let's start with VLAN 3,4 only.
But is this not just adding the VLANs via luci -> network -> switch ?

ups. all ports tagged at cpu of course ...

psherman · March 13, 2025, 10:15pm

Yes, but there are a few other things to do.

Based on the picture you have of the switch config, all looks good except possibly VLAN 4. If VLAN 4 is ethernet only (effectively passing through from the wan port to port 4), then it's fine. If you need wifi, you need to tag it on the CPU.

So, for VLAN 3 (jail), you'll add bridge and then an unmanaged network:

config device
	option name 'br-jail'
	option type 'bridge'
	list ports 'eth0.3'

config interface 'jail'
	option device 'br-jail'
	option proto 'none'

Once that is done, you can create a new SSID and connect it with the jail network.

Reboot and test.

fow0ryl · March 13, 2025, 10:52pm

Great. WiFi is working now.
You are awesome. Thank you very very much.

In the past I did not define the br-jail device and connected the jail interface directly to eth0.3.....

I pulled a backup and will go to sleep now. Just a few minutes to midnight here.

Will add missing VLAN's, bridges, interfaces, devices, ... tomorrow.

psherman · March 13, 2025, 10:52pm

Awesome. Glad to hear it.

Yup... use the same recipe and you should be good to go.

And when you're ready...

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!