Hi, I am new to openwrt. I have been experimenting with the configuration and finally managed to configure 4 vlans. I am using a TP-Link TL-WDR3600 and a TP-Link Archer C7 as dumb AP, no routing.
Port 4 and the WAN port are configured as trunk ports for VLAN 10, 20, 30 and 100. Both AP have the same configuration.
Those two AP are conected in cascade and one of them is connected to the main router which will provide the DHCP service. The main router is connected to the ISP modem for Internet service.
VLAN 100 is 192.168.100.0/24 ( this is the admin network)
VLAN 10 is 192.168.10.0/24
VLAN 20 is 192.168.20.0/24
VLAN 30 is 192.168.30.0/24
The setup is working, clients are receiving IP in the range corresponding to the VLAN were they connect. I configured ports in each AP to VLAN 100, 10 and 20. There are corresponding wifi SSID for each VLAN.
My trouble is that each AP have the LAN interface with IP 192.168.88.2 and 192.168.88.3 . I reserve one port on each AP for the native VLAN 1 so I can connect to LuCi.
I would like to change the LAN interface IP to the VLAN 100 network but I don't know how to make LAN interface work in the same network as VAN100 interface.
Each interface have fixed IP.
Do you mean you want to change the address to something in the 192.168.100.0/24 network?
If so, basically you'll change the lan interface to use the device associated with VLAN 100 and update its address.
Post your configs for the two APs and we can show you how.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
Hi,
Yes, I want to assign an IP address to each AP in the same range as VLAN 100 network range.
What I want to have is the ability to get to LuCi on each AP from any computer connected to the VLAN 100
The configuration of each AP is identical. Except the LAN interface IP is different for each one.
I disabled the firewall process in each IP.
ubus call system board
{
"kernel": "6.6.73",
"hostname": "AP1",
"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
"model": "TP-Link Archer C7 v5",
"board_name": "tplink,archer-c7-v5",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.0",
"revision": "r28427-6df0e3d02a",
"target": "ath79/generic",
"description": "OpenWrt 24.10.0 r28427-6df0e3d02a",
"builddate": "1738624177"
}
}
ubus call system board
{
"kernel": "6.6.73",
"hostname": "AP2",
"system": "Atheros AR9344 rev 2",
"model": "TP-Link TL-WDR3600 v1",
"board_name": "tplink,tl-wdr3600-v1",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.0",
"revision": "r28427-6df0e3d02a",
"target": "ath79/generic",
"description": "OpenWrt 24.10.0 r28427-6df0e3d02a",
"builddate": "1738624177"
}
}
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdc8:5abd:551a::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.88.2'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth0.2'
option macaddr '40:ed:00:6e:86:5f'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2'
option vid '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t'
option vid '2'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 1t 3 5t'
option vid '100'
config device
option type 'bridge'
option name 'br-admin'
list ports 'eth0.100'
option ipv6 '0'
config interface 'admin'
option proto 'dhcp'
option device 'br-admin'
config switch_vlan
option device 'switch0'
option vlan '4'
option ports '0t 1t 4 5t'
option vid '10'
config device
option type 'bridge'
option name 'br-home'
list ports 'eth0.10'
option ipv6 '0'
config interface 'home'
option proto 'dhcp'
option device 'br-home'
config switch_vlan
option device 'switch0'
option vlan '5'
option ports '0t 1t 5t'
option vid '20'
config device
option type 'bridge'
option name 'br-iot'
list ports 'eth0.20'
option ipv6 '0'
config interface 'iot'
option proto 'dhcp'
option device 'br-iot'
config switch_vlan
option device 'switch0'
option vlan '6'
option ports '0t 1t 5t'
option vid '30'
config device
option type 'bridge'
option name 'br-cctv'
list ports 'eth0.30'
config interface 'cctv'
option proto 'dhcp'
option device 'br-cctv'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option band '5g'
option channel '36'
option htmode 'VHT80'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'admin'
option mode 'ap'
option ssid 'Admin'
option encryption 'psk-mixed'
option key 'xxxxxxx'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option band '2g'
option channel 'auto'
option htmode 'HT20'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'iot'
option mode 'ap'
option ssid 'IOT'
option encryption 'psk-mixed'
option key 'xxxxxxx'
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
/etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
This will make logical port 2 appear to be dead because there's no associated network. Additionally, VLAN 1 is technically unnecessary at this point, so you can delete it if you want:
And you will need to also delete br-lan:
You can now use logical port 2 for another VLAN, if you want... for example, if you want to add it to VLAN 100, that looks like this:
