I recently purchased a GL-MT6000 Flin 2 Ax6000 Wireless router because I wanted to implement VLANS.
Current Setup:
NIC5: IOT with Asus Router in bridge mode
NIC6: Trusted with TP Link router in bridge mode
I want to use NIC6 with the new AX6000 Wireless router and use VLANS to separate three SSIDs: IOT, Trusted, Guest. I have been struggling with understanding how to get the OpenWRT device to use the DHCP servers from PFSENSE.
I flashed the device, so it only had a blank copy of OPENWRT. I then spent probably 10 hours messing with this configuration, always going back to resetting after breaking something. I am hoping someone can explain to me
I am not new to PFSENSE but this is my first experience with Open WRT. I am looking to use NIC Interface to provide 10.x.x.100 IP to WAN port on AX6000. I wanted to then add the VLANS. PFsense is already fully configured to support this. I want to disable the 192 dhcp serveron the lan ports, and make the router configurable through the 10.x.x.100 address pfsense provided with a dhcp reservation, and then build VLANS to connect to each WIFI SSID.
If I understand correctly, you want to use the GL-MT6000 as a wireless AP for the three networks, right?
By default the wan interface protocol is set to dhcp so it should get an IP (unless the management interface requires tagged frames).
What you need to do is log into the router through one of the lan interface (at 192.168.1.1) and move the wan interface to the lan firewall zone (or change the default policies of the wan zone to accept) so that you can manage the device via the wan interface.
When you go ahead with accessing the device through the wan interface at 10.x.x.100, post the contents of /etc/config/network and we will help you with the vlan configuration.
To make this work, you need to bridge the wired (tagged) port and the guest wireless interface.
Some DSA devices do not support more than one bridge, so it is better to go directly to bridge VLAN filtering.
First remove eth1 from the wan interface and add it to the default bridge.
Then create the tagged vlan and network interface like this.
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'eth1'
config bridge-vlan
option device 'br-lan'
option vlan '120'
list ports 'eth1:t'
config interface 'guest'
option proto 'none'
option device 'br-lan.120'
Create the other vlans and interfaces in the same way.
I was able to test this today and almost everything is working on the guest VLAN however I'm having an odd DNS issue. I am assuming this is most likely PFsense related but I wanted to ask here anyways.
When using the default guest network dns that PFsense assigns to the network, it uses 10.3.3.1. I pinged 8.8.8.8 and 1.1.1.1 without issue, so I manually set the DNS on my PC to one of these and everything is working.
Is there any idea why default DNS is not working here? I have never had issues with the default PFSense DNS not working, so maybe it's VLAN related?
UPDATE: I found a forum with the same issue, all I had to do was go to services > dns resolver and hit save and apply it. So it looks like I am ready to set up the rest of my VLANS.
Thank you so much for your support, and I wish you a happy new year and best in 2025.
I was not sure if I should continue this topic here, since it's the same configuration. I have three questions, one about band-steering, the second is why my device is not pulling an IP and finally about getting the physical nics to work with VLANS.
Band-Steering:
I am having some issues connecting a few devices to my IOT network that is reservation only. They connect fine to the mobile network that has open DHCP. I have ruled out DHCP issue by setting the network allow all devices with open DHCP and they still would not connect.
I am using the same SSID for 5 GHz and 2.4 GHz, and most of my IOT equipment is forced to use 2.4 GHz. This includes cameras, smart devices. I cannot however, get any firestick or roku device to connect to this network. I am not sure if maybe it has something to do with the IOT devices are all on 2.4 GHz and these are trying to get onto the 5 GHz.
I'm pretty confused by this, because I would think it would be able to connect to either one. Id assume it just wouldn't see the 5 GHz if it didn't have the ability and would auto connect to 5 GHz if it did see it.
As I am not super familiar with all the wireless technologies, I was hoping someone could help possibly explain what is happening or possibly if someone has seen issues like this before, why I can't connect certain devices, and if band-steering is default within openWRT.
My previous configuration was using separate SSIDs for 5 GHz and 2.4 GHz, and I didn't have any issues. I wanted to step away form that and maybe I am missing some knowledge here.
IP:
The WAN is not pulling an IP, but it was pulling one before I created the bridge device for the VLANS:
and I think maybe that's why it is failling package update list.
LAN port:
The final one is that I selected lan3 port and selected "untagged." When I plug in my printer, it still won't pull an IP. I'm assuming I'm missing something here as well.
Just set the protocol of the "Trusted" interface to dhcp and use it for management.
If you want to create a dedicated management network using the existing logical wan interface, post the current network and firewall configuration and tell us what the vlan requirements are.
advice.