Offering vlans after connecting over WiFi

Hi all :wink:

am trying to do this setup:
(Works)
openwrt1 offers 2 vlans over wifi (vlan 2 and 51) each via a wifi attached to the vlan.

openwrt2 connects to each of these wifis, and is able to get an IP on both vlans.

(Doesn't work)
I want openwrt2 to offer: vlan 2 on ethernet 1,2 and vlan51 on wifi (named TestNetwork) and ethernets 3,4. This is the current config, which is not exactly working. When I join the wifi offered by openwrt2 (TestNetwork), or any ethernet port, I do not get an IP on either vlans (presumably not being tagged)

any help is extremely appreciated :blush:

Pasting /etc/config/network ; /etc/config/firewall ; /etc/config/wireless:

root@openwrtMA:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdc3:9b9b:45e4::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.151.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wwan'
        option proto 'dhcp'

config interface 'repeater_bridge'
        option proto 'relay'
        option ipaddr '192.168.51.15'
        list network 'lan'
        list network 'wwan'
        list network 'wwanvlan2'

config interface 'wwanvlan2'
        option proto 'dhcp'

config device
        option name 'lan4'

config device
        option type '8021q'
        option ifname 'phy1-sta0'
        option vid '51'
        option name 'wwan.51'

config device
        option type 'bridge'
        option name 'br_51'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wwan.51'

config device
        option type '8021q'
        option ifname 'phy1-sta1'
        option vid '2'
        option name 'wwan2.2'

config device
        option type 'bridge'
        option name 'br_vlan2'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'wwan2.2'

config interface 'iface_vlan2'
        option proto 'none'
        option device 'br_vlan2'

config interface 'iface_vlan51'
        option proto 'none'
        option device 'br_51'

root@openwrtMA:/etc/config# cat firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'wwan'
        list network 'wwanvlan2'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'fw_2'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'iface_vlan2'

config zone
        option name 'fw51'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'iface_vlan51'

root@openwrtMA:/etc/config# cat wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option channel '36'
        option band '5g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'wifinet0'
        option device 'radio1'
        option mode 'sta'
        option network 'wwan'
        option ssid 'MPBridge'
        option encryption 'sae'
        option key '######'

config wifi-iface 'wifinet1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'TestNetwork'
        option encryption 'psk2'
        option isolate '1'
        option key '####'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option network 'wwanvlan2'

config wifi-iface 'wifinet2'
        option device 'radio1'
        option mode 'sta'
        option network 'wwanvlan2'
        option ssid 'VLAN2Bridge'
        option encryption 'sae'
        option key '#######'

Wifi does not encode vlans.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board

cat /etc/config/dhcp

1 Like

At the same time? You have two STAs defined on the same "radio1", that is not supposed to work simultaneously...

1 Like
root@openwrtMA:~# ubus call system board
{
        "kernel": "5.15.162",
        "hostname": "openwrtMA",
        "system": "MediaTek MT7621 ver:1 eco:4",
        "model": "Cudy WR1300 v3",
        "board_name": "cudy,wr1300-v3",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.4",
                "revision": "r24012-d8dd03c46f",
                "target": "ramips/mt7621",
                "description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
        }
}
root@openwrtMA:~#
root@openwrtMA:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@openwrtMA:~#

this is my network diagram, in case my description was not clear enough what I'd like to achieve

Not sure if this helps. I tried to do some further configurations, but now lost the connection between OpenWrt2 to OpenWrt1 via the VLAN2Bridge Wifi:

root@openwrtMA:~# route -e
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         192.168.51.1    0.0.0.0         UG        0 0          0 phy1-sta0
192.168.51.0    *               255.255.255.0   U         0 0          0 phy1-sta0
192.168.151.0   *               255.255.255.0   U         0 0          0 wan
root@openwrtMA:~# nslookup google.com
Server:         127.0.0.1
Address:        127.0.0.1:53

Non-authoritative answer:
Name:   google.com
Address: 142.250.203.238

Non-authoritative answer:
Name:   google.com
Address: 2a00:1450:4006:800::200e

root@openwrtMA:~# ping google.com
PING google.com (142.250.203.238): 56 data bytes
^C
--- google.com ping statistics ---
9 packets transmitted, 0 packets received, 100% packet loss
root@openwrtMA:~# ifconfig
br_51     Link encap:Ethernet  HWaddr 86:AF:ZZ:ZZ:ZZ:ZZ
          inet6 addr: fe80::82af:caff:fe1f:65c8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7737 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2599632 (2.4 MiB)  TX bytes:746 (746.0 B)

br_vlan2  Link encap:Ethernet  HWaddr 86:AF:ZZ:ZZ:ZZ:ZZ
          inet6 addr: fe80::82af:caff:fe1f:65c8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:746 (746.0 B)

eth0      Link encap:Ethernet  HWaddr 86:AF:ZZ:ZZ:ZZ:ZZ
          inet6 addr: fe80::82af:caff:fe1f:65c8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1504  Metric:1
          RX packets:7737 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2738898 (2.6 MiB)  TX bytes:2504 (2.4 KiB)
          Interrupt:21

lan1      Link encap:Ethernet  HWaddr 86:AF:ZZ:ZZ:ZZ:ZZ
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lan2      Link encap:Ethernet  HWaddr 86:AF:ZZ:ZZ:ZZ:ZZ
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lan3      Link encap:Ethernet  HWaddr 86:AF:ZZ:ZZ:ZZ:ZZ
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7737 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2599632 (2.4 MiB)  TX bytes:746 (746.0 B)

lan4      Link encap:Ethernet  HWaddr 86:AF:ZZ:ZZ:ZZ:ZZ
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:104 errors:0 dropped:0 overruns:0 frame:0
          TX packets:104 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:9499 (9.2 KiB)  TX bytes:9499 (9.2 KiB)

phy1-ap0  Link encap:Ethernet  HWaddr 86:AF:ZZ:ZZ:ZZ:ZZ
          inet6 addr: fe80::82af:caff:fe1f:65ca/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:1208 (1.1 KiB)

phy1-sta0 Link encap:Ethernet  HWaddr 86:AF:ZZ:ZZ:ZZ:ZZ
          inet addr:192.168.51.15  Bcast:192.168.51.255  Mask:255.255.255.0
          inet6 addr: fe80::80af:caff:fe1f:65ca/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1865 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8290 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:325080 (317.4 KiB)  TX bytes:3022816 (2.8 MiB)

phy1-sta1 Link encap:Ethernet  HWaddr 86:AF:ZZ:ZZ:ZZ:ZZ
          inet6 addr: fe80::84af:caff:fe1f:65ca/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9980 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3595387 (3.4 MiB)  TX bytes:2094 (2.0 KiB)

wan       Link encap:Ethernet  HWaddr 86:AF:ZZ:ZZ:ZZ:ZZ
          inet addr:192.168.151.1  Bcast:192.168.151.255  Mask:255.255.255.0
          inet6 addr: fdc3:9b9b:45e4::1/60 Scope:Global
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:21

wwan.51   Link encap:Ethernet  HWaddr 86:AF:ZZ:ZZ:ZZ:ZZ
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7729 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:2705150 (2.5 MiB)

wwan2.2   Link encap:Ethernet  HWaddr 86:AF:ZZ:ZZ:ZZ:ZZ
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:746 (746.0 B)

root@openwrtMA:/etc/config# cat network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdc3:9b9b:45e4::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config interface 'lan'
        option device 'wan'
        option proto 'static'
        option ipaddr '192.168.151.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wwan'
        option proto 'dhcp'

config interface 'repeater_bridge'
        option proto 'relay'
        option ipaddr '192.168.51.15'
        list network 'iface_vlan2'
        list network 'iface_vlan51'
        list network 'wwan'
        list network 'wwanvlan2'

config interface 'wwanvlan2'
        option proto 'dhcp'

config device
        option name 'lan4'

config device
        option type '8021q'
        option ifname 'phy1-sta0'
        option vid '51'
        option name 'wwan.51'

config device
        option type 'bridge'
        option name 'br_51'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wwan.51'

config device
        option type '8021q'
        option ifname 'phy1-sta1'
        option vid '2'
        option name 'wwan2.2'

config device
        option type 'bridge'
        option name 'br_vlan2'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'wwan2.2'

config interface 'iface_vlan2'
        option proto 'none'
        option device 'br_vlan2'

config interface 'iface_vlan51'
        option proto 'none'
        option device 'br_51'

root@openwrtMA:/etc/config# cat wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option channel '36'
        option band '5g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'wifinet0'
        option device 'radio1'
        option mode 'sta'
        option network 'wwan'
        option ssid 'MPBridge'
        option encryption 'sae'
        option key 'xxxxxxxxxxxxxxx'

config wifi-iface 'wifinet1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'TestNetwork'
        option encryption 'psk2'
        option isolate '1'
        option key 'xxxxxxxxx'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option network 'wwanvlan2'

config wifi-iface 'wifinet2'
        option device 'radio1'
        option mode 'sta'
        option network 'wwanvlan2'
        option ssid 'VLAN2Bridge'
        option encryption 'sae'
        option key 'xxxxxxxx'