No Internet Connection on VLAN Setup with Archer C7 v5 running OpenWrt 23

Hello everyone,

I've set up my TP-Link Archer C7 v5 as a dumb AP running OpenWrt 23, following the dumb AP guide. My goal is to establish three VLANs to segregate devices in my network. However, I'm encountering an issue where devices connected to the first VLAN (VLAN10) SSID don't have internet access.

Here's what I've done so far:

  1. VLAN Configuration:
    • In Network > Interfaces > Devices, I created a VLAN 802.1q device named vlan10.
    • I added an interface for vlan10 under Network > Interfaces, setting the IPv4 address to 10.0.10.1 with a 255.255.255.0 netmask. I'm using my main router (10.0.0.1) for DNS.
  • I set up DHCP on the vlan10 interface.
  1. Wireless:

    • Under Interfaces > Wireless, I created an SSID named "VLAN 10" and assigned it to the vlan10 interface.
  2. Firewall Configuration:

    • Created a firewall zone for vlan10, setting Input to REJECT, Output to ACCEPT, and Forward to REJECT.
    • Allowed forwarding from vlan10 to the LAN zone.
    • Followed the guest wifi guide to set up traffic rules:
      • vlan10_DHCP and vlan10_DNS to allow DHCP and DNS traffic from VLAN10 to the router.
      • Block_vlan10_from_lan to block all traffic from vlan10 to other devices in the LAN zone.

Despite these settings, any device connected to the VLAN10_Wifi is unable to access the internet. Devices obtain an IP address and can query the DNS, but there seems to be no further connectivity.

Configuration Files:

  • ubus call system board:
{
    "kernel": "5.15.137",
    "hostname": "OpenWrt",
    "system": "Qualcomm Atheros QCA956X ver 1 rev 0",
    "model": "TP-Link Archer C7 v5",
    "board_name": "tplink,archer-c7-v5",
    "rootfs_type": "squashfs",
    "release": {
        "distribution": "OpenWrt",
        "version": "23.05.2",
        "revision": "r23630-842932a63d",
        "target": "ath79/generic",
        "description": "OpenWrt 23.05.2 r23630-842932a63d"
    }
}
  • /etc/config/network:
config interface 'loopback'                                                                                                                                                                                 
        option device 'lo'                                                                                                                                                                                  
        option proto 'static'                                                                                                                                                                               
        option ipaddr '127.0.0.1'                                                                                                                                                                           
        option netmask '255.0.0.0'                                                                                                                                                                          
                                                                                                                                                                                                            
config globals 'globals'                                                                                                                                                                                    
        option ula_prefix 'fd33:cee4:7a21::/48'                                                                                                                                                             
                                                                                                                                                                                                            
config device                                                                                                                                                                                               
        option name 'br-lan'                                                                                                                                                                                
        option type 'bridge'                                                                                                                                                                                
        list ports 'eth0.1'                                                                                                                                                                                 
                                                                                                                                                                                                            
config interface 'lan'                                                                                                                                                                                      
        option device 'br-lan'                                                                                                                                                                              
        option proto 'static'                                                                                                                                                                               
        option ipaddr '10.0.0.2'                                                                                                                                                                            
        option netmask '255.255.255.0'                                                                                                                                                                      
        option ip6assign '60'                                                                                                                                                                               
        list dns '10.0.0.1'                                                                                                                                                                                 
                                                                                                                                                                                                            
config device                                                                                                                                                                                               
        option name 'eth0.2'                                                                                                                                                                                
        option macaddr 'e4:c3:2a:da:4d:29'                                                                                                                                                                  
                                                                                                                                                                                                            
config interface 'wan'                                                                                                                                                                                      
        option device 'eth0.2'                                                                                                                                                                              
        option proto 'dhcp'                                                                                                                                                                                 
                                                                                                                                                                                                            
config interface 'wan6'                                                                                                                                                                                     
        option device 'eth0.2'                                                                                                                                                                              
        option proto 'dhcpv6'                                                                                                                                                                               
                                                                                                                                                                                                            
config switch                                                                                                                                                                                               
        option name 'switch0'                                                                                                                                                                               
        option reset '1'                                                                                                                                                                                    
        option enable_vlan '1'                                                                                                                                                                              
                                                                                                                                                                                                            
config switch_vlan                                                                                                                                                                                          
        option device 'switch0'                                                                                                                                                                             
        option vlan '1'                                                                                                                                                                                     
        option ports '0t 2t 3t 4 5'                                                                                                                                                                         
        option vid '1'                                                                                                                                                                                      
                                                                                                                                                                                                            
config switch_vlan                                                                                                                                                                                          
        option device 'switch0'                                                                                                                                                                             
        option vlan '2'                                                                                                                                                                                     
        option ports '0t 1'                                                                                                                                                                                 
        option vid '2'                                                                                                                                                                                      
                                                                                                                                                                                                            
config device                                                                                                                                                                                               
        option type '8021q'                                                                                                                                                                                 
        option ifname 'eth0'                                                                                                                                                                                
        option vid '10'                                                                                                                                                                                     
        option name 'eth0.10'                                                                                                                                                                               
                                                                                                                                                                                                            
config interface 'vlan10'                                                                                                                                                                                   
        option proto 'static'                                                                                                                                                                               
        option device 'eth0.10'                                                                                                                                                                             
        option ipaddr '10.0.10.1'  
  • /etc/config/wireless:
config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option country 'US'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option country 'US'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-iface 'wifinet2'
        option device 'radio1'
        option mode 'ap'
        option ssid 'VLAN10_Wifi’
        option encryption 'psk2'
        option key ‘password’
        option network 'vlan10'

Can anyone help me identify what might be missing or misconfigured in my setup? I'm wondering if there's a specific rule or setting I've overlooked that's blocking internet access.

Thank you for any assistance or insights you can provide!

Does VLAN 10 exist on the main router, or is this created purely on the dumb AP?

What physical port on the C7 connects to the main router?

Does VLAN 10 need to interact with any ethernet ports (obviously yes if the first question is yes, but what about other ports)?

VLAN10 is purely created on the dumb AP. Since my main router provides access to the internet for everyone in my house, I don't want to mess with any settings on there.

The C7 is connected to the main router through the Internet Ethernet port (blue one).
image

Currently, VLAN 10 is set up primarily for wireless access and does not interact with physical Ethernet ports, except for its link to the router's internal switching system via eth0.10. I don’t have any physical devices that need to connect directly to VLAN 10, so I don’t think I need to assign it to one of the physical Ethernet ports.

So you should actually be following the guest wifi on a dumb AP guide.

Since no ethernet is involved, you don't need any VLANs, just a new subnet (VLANs are technically only a thing for ethernet).

Delete this:

Create a new bridge device for this network:

config device                                                                                                                                                                                               
        option name 'br-vlan10'                                                                                                                                                                                
        option type 'bridge'                                                                                                                                                                                
        option bridge_empty '1'                                                                                                                                                                                

Edit your vlan10 network to use this new bridge. Your vlan10 network is also missing a subnet mask/size, so we'll add that, too:

config interface 'vlan10'                                                                                                                                                                                   
        option proto 'static'                                                                                                                                                                               
        option device 'br-vlan10'                                                                                                                                                                             
        option ipaddr '10.0.10.1'  
        option netmask '255.255.255.0'                                                                                                                                                                      

Then restart your device and try again. If it doesn't work, post the updated complete config:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

I made the changes that you suggested and I am still not having access to the internet, although the error message seems to be different now.

Also, I really want to use VLANs because that is what I interested in learning more about from my courses. Is there a way to do this using VLANs? How do I get ethernet involved?

Here is my configuration:

root@OpenWrt:~# ubus call system board
{
	"kernel": "5.15.137",
	"hostname": "OpenWrt",
	"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
	"model": "TP-Link Archer C7 v5",
	"board_name": "tplink,archer-c7-v5",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.2",
		"revision": "r23630-842932a63d",
		"target": "ath79/generic",
		"description": "OpenWrt 23.05.2 r23630-842932a63d"
	}
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd33:cee4:7a21::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '10.0.0.2'
	option netmask '255.255.255.0'
	option ip6assign '60'
	list dns '10.0.0.1'

config device
	option name 'eth0.2'
	option macaddr 'e4:c3:2a:da:4d:29'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 2t 3t 4 5'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 1'
	option vid '2'

config device
        option name 'br-vlan10'
        option type 'bridge'
        option bridge_empty '1'

config interface 'vlan10'
	option proto 'static'
	option device 'br-vlan10'
	option ipaddr '10.0.10.1'
	option netmask '255.255.255.0'
root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option country 'US'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option country 'US'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

config wifi-iface 'wifinet2'
	option device 'radio1'
	option mode 'ap'
	option ssid 'VLAN10'
	option encryption 'psk2'
	option key 'CANUscu10'
	option network 'vlan10'
root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'vlan10'
	option interface 'vlan10'
	option start '100'
	option limit '150'
	option leasetime '12h'
root@OpenWrt:~# cat /etc/config/firewall

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'vlan10'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'vlan10'

config forwarding
	option src 'vlan10'
	option dest 'lan'

config rule
	option name 'vlan10_DCHP'
	list proto 'udp'
	option src 'vlan10'
	option dest_port '67-68'
	option target 'ACCEPT'

config rule
	option name 'vlan10_DNS'
	option src 'vlan10'
	option dest_port '53'
	option target 'ACCEPT'

config rule
	option name 'Block_vlan10_from_lan'
	list proto 'all'
	option src 'vlan10'
	option dest 'lan'
	list dest_ip '10.0.0.0/24'
	option target 'REJECT'

This is what happens when I try to connect or make a google search:



You didn't add the gateway here:

Fix that, reboot and try again.

Okay we have added the gateway, but still have no internet connection

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd33:cee4:7a21::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '10.0.0.2'
	option netmask '255.255.255.0'
	option ip6assign '60'
	list dns '10.0.0.1'
	option gateway '10.0.0.1'

config device
	option name 'eth0.2'
	option macaddr 'e4:c3:2a:da:4d:29'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 2t 3t 4 5'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 1'
	option vid '2'

config device
	option name 'br-vlan10'
	option type 'bridge'
	option bridge_empty '1'

config interface 'vlan10'
	option proto 'static'
	option device 'br-vlan10'
	option ipaddr '10.0.10.1'
	option netmask '255.255.255.0'

The first two screenshots you have shown are entirely expected... that is related to the firewall, and we're getting the specified and desired result.

From a computer connected to the VLAN10 wifi network, let's verify some things:

  1. What do you see for the IP address information on that computer (IP address, subnet mask, dns, and gateway/router).
  2. What happens when you ping (from the computer) the following:
  1. Can you reach openwrt.org in a web browser?

You dont have switch-wlan to connect vlan10 anywhere.

  1. Here is all my IP address information.
IP Address and Subnet Mask:
	inet 127.0.0.1 netmask 0xff000000
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet6 fe80::9ca9:f1ff:fe65:f591%anpi1 prefixlen 64 scopeid 0x4
	inet6 fe80::9ca9:f1ff:fe65:f590%anpi0 prefixlen 64 scopeid 0x5
	inet6 fe80::3c06:30ff:fe2d:a2f8%ap1 prefixlen 64 scopeid 0xb
	inet6 fe80::100f:d0c9:7bee:6bde%en0 prefixlen 64 secured scopeid 0xc
	inet 10.0.10.117 netmask 0xffffff00 broadcast 10.0.10.255
	inet6 fe80::a49b:8fff:fec1:c698%awdl0 prefixlen 64 scopeid 0xd
	inet6 fe80::a49b:8fff:fec1:c698%llw0 prefixlen 64 scopeid 0xe
	inet6 fe80::a3eb:925d:abe5:219a%utun0 prefixlen 64 scopeid 0xf
	inet6 fe80::ce81:b1c:bd2c:69e%utun1 prefixlen 64 scopeid 0x10
	inet6 fe80::8632:3317:d28e:bc2a%utun2 prefixlen 64 scopeid 0x11
	inet6 fe80::9243:beba:e88:5aee%utun3 prefixlen 64 scopeid 0x12
	inet6 fe80::d12e:17ed:3d94:dd02%utun4 prefixlen 64 scopeid 0x13
DNS Servers:
  nameserver[0] : 10.0.10.1
  nameserver[0] : 10.0.10.1
Default Gateway:
default            10.0.10.1          UGScg             en0
default                                 fe80::%utun0                    UGcIg           utun0
default                                 fe80::%utun1                    UGcIg           utun1
default                                 fe80::%utun2                    UGcIg           utun2
default                                 fe80::%utun3                    UGcIg           utun3
default                                 fe80::%utun4                    UGcIg           utun4
  1. When we try to ping either of those, it says Destination Port Unreachable. It times out and we have 100% packet loss.

  2. No, it says site can't be reached.

What's with all the tun interfaces?

I am aware that I use a VPN to access on-campus resources, although it is not enabled right now. Maybe this explains the presence of at least one of these interfaces. However, I'm not sure why there are multiple utun interfaces, as I only actively use one VPN connection for that purpose.

Have you tried another device (another computer, phone, tablet) on that VLAN?

I just connected on an iPad and the IP address shows 10.0.10.198. The subnet mask is 255.255.255.0 and the router shows 10.0.10.1

When joining from my phone, it says I have no internet connection. My IP address is 10.0.10.187 and the subnet mask/router info is the same as on my tablet.

I still could not get to openwrt.org from the iPad or phone.

This is the information from another computer. The ping commands have the same result, and when I try to access openwrt.org, it says I have no internet.

IP Address and Subnet Mask:	
	inet 127.0.0.1 netmask 0xff000000
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
	inet6 fe80::3c91:80ff:fed9:47bf%ap1 prefixlen 64 scopeid 0xb 
	inet6 fe80::ed:cbd2:48f:aacb%en0 prefixlen 64 secured scopeid 0xc 
	inet 10.0.10.206 netmask 0xffffff00 broadcast 10.0.10.255
	inet6 fe80::841d:25ff:fee1:17fb%awdl0 prefixlen 64 scopeid 0xd 
	inet6 fe80::841d:25ff:fee1:17fb%llw0 prefixlen 64 scopeid 0xe 
	inet6 fe80::a212:6114:4c1d:e7e4%utun0 prefixlen 64 scopeid 0xf 
	inet6 fe80::5517:436:d92d:e86c%utun1 prefixlen 64 scopeid 0x10 
	inet6 fe80::ce81:b1c:bd2c:69e%utun2 prefixlen 64 scopeid 0x11 
	inet6 fe80::9952:2835:5573:e041%utun3 prefixlen 64 scopeid 0x12 
	inet6 fe80::a095:a6af:cbcd:8a0%utun4 prefixlen 64 scopeid 0x13 
	inet6 fe80::a1a2:cc97:7312:7a86%utun5 prefixlen 64 scopeid 0x14 

DNS Servers:
	nameserver[0] : 10.0.10.1
	nameserver[0] : 10.0.10.1

Default Gateway:
	default            10.0.10.1          UGScg                 en0       
	default                                 fe80::%utun0                            UGcIg               utun0       
	default                                 fe80::%utun1                            UGcIg               utun1       
	default                                 fe80::%utun2                            UGcIg               utun2       
	default                                 fe80::%utun3                            UGcIg               utun3       
	default                                 fe80::%utun4                            UGcIg               utun4       
	default                                 fe80::%utun5                            UGcIg               utun5

Just confirming: the upstream router and this one are connected lan-lan, correct? You're not using the wan port on the C7, correct?

I think we are connected to wan port, if that is the blue internet port from the picture we posted earlier. Should we switch the connection to the upstream router to a LAN port?

Yes.... this has been the assumption the whole time. I wish I had asked earlier.

Oh, sorry about that. I thought I told you I am connected to the Internet port.

After switching to LAN port 1 and rebooting, I still do not have internet connection. When I try to ping, nothing happens and I have CTRL C to end it. I cannot access openwrt.org, and it is the same on my phone.

This is the IP address information from a laptop:

IP Address and Subnet Mask:          
	inet 127.0.0.1 netmask 0xff000000
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
	inet6 fe80::3c91:80ff:fed9:47bf%ap1 prefixlen 64 scopeid 0xb 
	inet6 fe80::ed:cbd2:48f:aacb%en0 prefixlen 64 secured scopeid 0xc 
	inet 10.0.10.206 netmask 0xffffff00 broadcast 10.0.10.255
	inet6 fe80::b4c0:6cff:fe66:a710%awdl0 prefixlen 64 scopeid 0xd 
	inet6 fe80::b4c0:6cff:fe66:a710%llw0 prefixlen 64 scopeid 0xe 
	inet6 fe80::a212:6114:4c1d:e7e4%utun0 prefixlen 64 scopeid 0xf 
	inet6 fe80::5517:436:d92d:e86c%utun1 prefixlen 64 scopeid 0x10 
	inet6 fe80::ce81:b1c:bd2c:69e%utun2 prefixlen 64 scopeid 0x11 
	inet6 fe80::9952:2835:5573:e041%utun3 prefixlen 64 scopeid 0x12 
	inet6 fe80::a095:a6af:cbcd:8a0%utun4 prefixlen 64 scopeid 0x13 
	inet6 fe80::a1a2:cc97:7312:7a86%utun5 prefixlen 64 scopeid 0x14 
	inet6 fe80::752a:ec32:1bfe:9388%utun6 prefixlen 64 scopeid 0x15 
	inet6 fe80::97d5:5375:a1d3:d25b%utun7 prefixlen 64 scopeid 0x16 

DNS Servers:
	nameserver[0] : 10.0.10.1
	nameserver[0] : 10.0.10.1

Default Gateway:
	default            10.0.10.1          UGScg                 en0       
	default                                 fe80::%utun0                            UGcIg               utun0       
	default                                 fe80::%utun1                            UGcIg               utun1       
	default                                 fe80::%utun2                            UGcIg               utun2       
	default                                 fe80::%utun3                            UGcIg               utun3       
	default                                 fe80::%utun4                            UGcIg               utun4       
	default                                 fe80::%utun5                            UGcIg               utun5       
	default                                 fe80::%utun6                            UGcIg               utun6       
	default                                 fe80::%utun7                            UGcIg               utun7

Let's take a step back to make sure that we've got everything setup correctly.
Please verify the following:

  • There is a router upstream of the C7v5
  • The router has an address of 10.0.0.1, subnet mask 255.255.255.0 (network 10.0.0.0/24)
  • The router does not have any VLANs, just the single network as described above.
  • When connecting to the main router, you can get a normal internet connection
  • The C7v5 is connected by an ethernet cable that links lan (main router) - lan (C7v5)
  • The C7v5 functions properly as a dumb AP (i.e. if you connect to the non "vlan10" wifi, you scan get normal internet connectivity)
  • The C7v5 has the vlan10 network for use as a guest/iot/whatever network that is isolated from the main lan.

Are all of those correct?

Yes, that's all correct.

Also, just clarifying that my C7v5 is connected to a wifi modem and not the actual router, which is not as easily accessible to me.