Netgear r7800 VLAN question OpenWrt 21.02.1

Hi, I run my Netgear r7800 in place of the ISP router (fiber optic connection).
The WAN VLAN works fine.. all works fine.
However, now I need to make more VLANS for LAN, Guests and IoT.
And at r7800 level seems to be fine.
However, there is a problem or a fact I cant figure out:
The R7800 keeps having the Switch menu on LUCI.
But I also have the new DEVICES tab under INTERFACES. And I can also configure Bridge VLANs Filtering there.
Confusion now comes from: where do I actually have to configure my VLANS? on Switch or on DEVICES tab?
At the moment is done on Switch.
More confusion:
on the Switch menu, I have my 4 LAN ports and WAN port and I can tag and untag and create VLANS
On the Devices tab, I only have ethx configurable. (Under the preconfigured br-lan.

My Goal is to have other dumb APs around the house and they have to be also configured with same VLANs. However, the other OpenWRT routers (as dumb AP) dont have switch menu anymore. (also running V. 21.02.1).
Any Idea?

you dont have DSA you've got swconfig (switch tab)

so you mean netgear r7800 is not SDA device?
Even if I have the Devices configuration under br-lan on interfaces?

switch tab = swconfig (no dsa)

use the 'old guides' but when you need to use the drop down in 'interface'(new L3 adapter for each vlan) for devices... you now may have to hop over first to the 'devices' tab to set up that config-network-device element there...

ok, thanks,
would you than suggest to not configure my VLANS using the interface, devices tab. and bridge filtering?
Therefore using only the Switch menu?
In other words, shall I manage it as if it was a version 19.x?

1 Like

ok, sorry, I did not read your text completely. it was small and I assumed was a footprint ... not relevant...
I read it now again.
So, I have to do some sort of mix between switch and devices tab...
Kinda confusing a bit... Will try...

1 Like

Maybe I am habving a bad day .... but I cant figure that out....
I read your link and followed other from within...
in r7800, my br-lan dont have lan1-2-3
only eth1 (eth0 is my WAN)
So, I cant or dont know how to add all ports to my br-lan!
I do see them in the Switch menu. All LAN1-2-3-4 are there!
Any suggestion?
(please dont shoot me, maybe I am a bit tired!!) :laughing:

Follow the guides predating DSA (your device doesn't have it yet, perhaps with the next major release, perhaps with the next one afterwards), information about swconfig applies.

Don't feel bad for some reason a lot of us (myself included) keep having issues with VLans and such. The concept is explained well here.

But in practice I just cannot get it to work on a router WRT1900AC

The DSA Mini-Tutorial is NOT helpful for the r7800 (on the contrary), which is currently still using swconfig and has no idea about DSA yet.

I was talking about the router WRT1900AC.

At which point is the WRT1900AC relevant in a thread about the ipq8065 based Netgear r7800?

The DSA tutorial is correct and works, on devices using DSA (like the WRT1900AC) - but the r7800 is not one of those yet. The r7800 is right now still using swconfig (and will continue to do so for 21.02.x) and needs to be configured like any other router on OpenWrt before 21.02.0, without DSA and using swconfig.

sounds good.
but there is one point were I am lost: bridge interfaces when creating a new interface!
That checkbox is gone in version 21.02.
As r7800 does not have LAN1, 2, 3, 4, it seems to be only eth1
Wait for it....
I do have a vlan already, that is VLAN 1 on Switch tab (I think is by default). And therefore I also have a eth1.1
So, my br-lan on devices tab is: bridged ports eth1.1 (and not all lan 1 lan2 lan3 ..)
Now I am confused how to manage to create my GUEST and IoT interface and have them in br-lan but on separate ports.
At 10:41 of this explanation(old system, not DSA): https://www.youtube.com/watch?v=UvniZs8q3eU&t=707s
I am supposed to check the Bridge Interfaces check box.But I dont have it!

Basically I am not able to create the VLANs and attach them to a specific interface.
Of course, good chances are I dont have enough knowledge yet.
In this case, I would appreciate you (anyone) to help me out how to achieve this network separation.
My final goal will be to have all VLAN using port LAN1 (tagged) keeping LAN2 untagged (safety connection for my laptop)
I did already created :laughing:
VLAN 1 : LAN
VLAN 3 : IoT
VLAN 4 : GUEST
all with different subnet.
Any help is welcome
At the moment I dont find the way to assigne a VLAN to a LAN port
thanks

Here's my config on my R7800 running OpenWrt 21.02.1

I can't say for sure the WAN VLAN is necessary or useful, but it doesn't harm anything.
LAN ports 2 and 4 are trunked VLAN links. LAN ports 1 and 3 are untagged on the NEWLAN VLAN.
I've got 5 bridges, one each for VLANs 3 (IOT), 4 (NEWLAN), 5 (GUEST), 6 (IPV6), and 7 (ONLY6).

A picture of LuCI rendering of the switch config for VLAN assignments:

And the interface devices:

and the relevant network definitions from /etc/config/network

config interface 'lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.1.1'
	option stp '1'
	option device 'br-lan'
	option delegate '0'
	
config interface 'wan'
	option proto 'dhcp'
	option device 'eth0'
	option ipv6 '1'

config interface 'guest'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '172.31.66.1'
	option device 'br-guest'
	option delegate '0'
	option ip6assign '64'
	option ip6hint '2'

config interface 'iot'
	option proto 'static'
	option ipaddr '172.29.34.1'
	option netmask '255.255.255.0'
	option device 'br-iot'
	option delegate '0'

config interface 'local6'
	option device 'br-local6'
	option proto 'static'
	option ip6assign '64'
	option ipaddr '192.168.6.1'
	option netmask '255.255.255.0'
	option ip6hint '1'

config interface 'only6'
	option proto 'static'
	option device 'br-only6'
	option ip6assign '64'
	option ip6hint '6'
 
config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option description 'GUEST'
	option vid '5'
	option ports '1t 3t 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'
	option description 'WAN'
	option ports '0 5'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option description 'IOT'
	option ports '1t 3t 6t'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '4'
	option description 'NEWLAN'
	option ports '1t 2 3t 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option vid '1'
	option description 'DONOTUSE'

config switch_vlan
	option device 'switch0'
	option vlan '6'
	option vid '6'
	option description 'IPV6'
	option ports '1t 3t 6t'

config switch_vlan
	option device 'switch0'
	option vlan '7'
	option vid '7'
	option description 'ONLY6'
	option ports '1t 3t 6t'

 config device
	list ports 'eth1.4'
	option type 'bridge'
	option name 'br-lan'
	option macaddr 'xx:xx:xx:xx:xx:xx'

config device
	option type 'bridge'
	option name 'br-guest'
	list ports 'eth1.5'

config device
	list ports 'eth1.3'
	option type 'bridge'
	option name 'br-iot'

config device
	option type 'bridge'
	option name 'br-local6'
	option bridge_empty '1'
	list ports 'eth1.6'

config device
	option type 'bridge'
	option name 'br-only6'
	option bridge_empty '1'
	list ports 'eth1.7'
1 Like

thanks a lot. I will extrapolate only what I need.
appreciate. Really thanks

Hey guys,
I'm glad I found this topic because I have (almost) the same problem.
I can now configure the VLANs on the R7800 and it works perfectly on wired connections
(thanks @atownlede ),
but I still struggle with the integration of Wifi into the VLANs.
I have one SSID for each VLANs (total of 3), but the clients won't get IPs.
Can anyone please share their config with VLANs on LAN AND WIFI?

Thans in advance!

In my example above, look at the items with iot in their names. That's my IOT network. There's a bridge br-iot that includes device eth1.3 which is VLAN 3. The interface iot is associated with this bridge device.

Wireless networks are not directly put into a VLAN, but you assign them to a network (hmm, that's called a network in /etc/config/wireless but an interface in /etc/config/network--confusing!), and then they get bridged to the VLAN when packets are received by the AP.
My IOT wifi network looks like this in /etc/config/wireless:

config wifi-iface 'wifinet2'
        option device 'radio1'
        option mode 'ap'
        option ssid 'IOTSSID'
        option encryption 'psk2+ccmp'
        option key 'REDACTED'
        option network 'iot'
        option ieee80211r '1'
        option ft_over_ds '1'
        option ft_psk_generate_local '1'
        option wpa_disable_eapol_key_retries '1'
        option reassociation_deadline '20000'

I am also glad I found this topic. At the moment I have a vlan setup running also on two R7800 routers. But I still use OpenWRT19, because I didn't managed it on OpenWRT21. So I will try this. Is there a security risk, because I still use OpenWRT19 on the R7800? All packages are updated in the software section.

For ipq806x there is (almost) no config difference between 19.07.x and 21.02.x, as this is still using swconfig (dsa support is pending, for a future major release); on this target you can even retain the config over the sysupgrade. 19.07.x will be EoL in march, so you only have a few weeks left to do the upgrade to 21.02.x.