Since the PC is on a different subnet, you need to check your pfsense router's firewall rules to see if you've allowed inter-vlan routing. The ideal case is to connect a wired computer directly to vlan30 and then test from there.
The other thing you should verify is that the other end of the wire that connects to lan4 is properly configured for vlan30 tagged on that port. Is it connected directly to your router? a managed switch? or an unmanged switch?
just noticed VLAN functionality is not enabled on the switch. I'll turn that on and restart.
No change there, unfortunately.
I don't want inter-vlan routing
The only computer currently on VLAN30 is the pfsense firewall. It is correctly configured for vlan's as it was correctly supplying addresses for vlan's 10, 30 and 41 before hand.
I have a ethernet cable from a usb/ethernet adapter on my PC to port1 of the router and then a cable from port 4 of the router directly to the pfsense server. It is configured to serve addresses 10.10.10.0/24 on untagged requests and addresses 192.168.nn.0/24 where nn = the vlan id which can be 10, 30, 41, 42 or 43. this is the new/test network while I work out how to config openwrt. I also have a second cable from my pc through a wifi hub to an unmanaged switch and then a managed switch without vlans to a separate port of the pfsense firewall - this is the original/production network.
I can ping 192.168.30.2 from the pfsense server
Thanks for all your help. It is 01:00 in the morning here for me so I need to go to bed. I'll study the changes you suggested to try to understand what you were proposing tomorrow after work and see if I can complete it myself. Meanwhile if you have any ideas please post them.
Once again, thanks for your help.
In general, that's fine. But if you try to test connectivity from a device on another subnet, it will not be able to reach a host on another subnet, so your PC > OpenWrt test should not surprise you.
This means traffic is flowing properly over the VLAN.
It should be fairly straightforward from here. You'll be setting up VLANs on tagged on the CPU and port 4 (0t 4t). If you want to connect those VLANs with a wifi network, you'll then create a new bridge for the VLAN, a new network interface (proto none), and then go into your wireless file and create a new SSID. Associate the VLAN network with the SSID and it should work.
Typically, in a multi-VLAN dumb AP config, you should not have an address on any VLANs except for the one used for management.
Do yourself a favour and upgrade (again) to a current master/ snapshot build. 22.03.x and earlier is using a very quirky swconfig based switch driver for ipq40xx, while master has been migrated to a properly working DSA driver at the end of last year, which makes your configuration a lot easier.
Warning:
Hi, so I examined the config you sent and replicated the relevant sections for the other VLANS and it is all working now. Thanks very much for your help.
Thanks for the suggestion. I've had a look but I am a bit nervous about bricking my brand new router at this point especially as it is all working now.
Thanks for your suggestion.
Glad it is working.
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.