RPi 4 and TP-Link Archer C7 v5 setup

Hi there,

I have doubts about if the following setup is possible:

  • Raspberry Pi v4 as router
  • TP-Link Archer C7 v5 as managed switch + AP
  • PPPoE connection with VLAN tag

I have seen many tutorials using VLANs and managed switchs to make a RPi with a single ethernet port as a router, but I would like to know if it is possible to use the TP-Link as the managed switch and also as acces point.

I understand that it is possible, but I can't see any similar setup anywhere.

The TP-Link is actually my main router, but my ISP has upgraded my connection to 600/600 and would be nice to managed full speed with SQM (my understanding is that the RPi can managed that)

Any thoughts ?

RPI is best option for SQM and pppoe, C7 will not cut it. It will be fine with tag and wifi up to like 400Mbps forwarding capacity. Not the max speed, but comes free as long as it is around.

1 Like

@psherman could, probably, work this out.

This is possible to do. I'm not an expert on SQM related topics, but I can absolutely help with the VLAN stuff.

Since the TP-Link is currently the main router, let's use that to begin the config migration.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Thanks for the support. Here we go:

{
	"kernel": "5.4.215",
	"hostname": "archer-c7-v5",
	"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
	"model": "TP-Link Archer C7 v5",
	"board_name": "tplink,archer-c7-v5",
	"release": {
		"distribution": "OpenWrt",
		"version": "21.02.5",
		"revision": "r16688-fa9a932fdb",
		"target": "ath79/generic",
		"description": "OpenWrt 21.02.5 r16688-fa9a932fdb"
	}
}
config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd80:bd68:4bdf::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option delegate '0'

config device
	option name 'eth0.2'
	option macaddr 'xx:xx:xx:xx:xx:xx'

config interface 'wan'
	option proto 'pppoe'
	option device 'eth0.100'
	option username 'foo'
	option password 'bar'
	option ipv6 'auto'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 2 3 4 5'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 1'
	option vid '2'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '0t 1t'
	option vid '100'

config interface 'vpn'
	option proto 'none'
	option auto '0'
	option device 'tun0'
config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'foo'
	option macfilter 'deny'
	option encryption 'psk2'
	option key 'bar'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'foo'
	option macfilter 'deny'
	list maclist 'xx:xx:xx:xx:xx:xx'
	option encryption 'psk2'
	option key 'bar'
config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option ednspacket_max '1232'
	option noresolv '1'
	list server '127.0.0.1#5453'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	list ra_flags 'none'

config host
	option mac 'xx:xx:xx:xx:xx:xx'
	option name 'foo'
	option dns '1'
	option ip '192.168.1.3'

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'
	option flow_offloading '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled 'false'

config include
	option path '/etc/firewall.user'

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'
	option family 'any'
	option reload '1'

config rule
	option name 'Allow-OpenVPN'
	option src 'wan'
	option dest_port '1194'
	option proto 'tcp udp'
	option target 'ACCEPT'

config zone
	option name 'vpn'
	option input 'ACCEPT'
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'vpn'

config forwarding
	option dest 'lan'
	option src 'vpn'

config forwarding
	option dest 'wan'
	option src 'vpn'

Your current OpenWrt version is sufficiently old that when you upgrade to 23.05, you'll need to reset to defaults. This is fine in general, but it means that we need to sequence things properly so that you can minimize the number of steps required to get back online and thus also reduce your time offline.

Prerequsites:
On the Pi, starting from a default 23.05.4 installation:

  • configure wifi as a first step and then connect to wifi. This will allow you to test the internet connection without the pre-requisite of the main router connection. We'll turn it off later. Use a different SSID so that you know that you are connected to the Pi and not the other C7v5.
  • Add a wan interface like this (this is copied from your C7v5, obviously put in your username and password):
config interface 'wan'
	option proto 'pppoe'
	option device 'eth0.100'
	option username 'foo'
	option password 'bar'
	option ipv6 'auto'
  • Disconnect the cable from your C7 wan port and plug it into your Pi. If all is good, you should be able to connect to the internet via the wifi connection to the Pi (don't worry about performance -- we're just making sure the wan functions).

If this works as expected, let's move on to the main router:

(Don't actually do anything with the main router until the pi works). If you have questions about how to achieve any of these things, let me know so I can further describe the changes.

  • Upgrade your device to 23.05.4, do not keep settings during the upgrade. This will put you at the default configuration on your C7v5
  • Configure your wifi (country code, SSID, encryption type, passphrase, and enable wifi).
  • Change the IP address of the lan interface to 192.168.1.2
  • Turn off the DHCP server on lan (ignore interface) and remove the IPv6 lines from the DHCP server.
  • delete the wan and wan6 interfaces entirely
  • Adjust the switch configuration so that we send VLAN 100 tagged over a trunk to the Pi. I'm not exactly sure what the logical-to-physical port mapping is, but I'm going to guess that logical port 2 is physical port 1 (this could be wrong... it's just a guess).
    • we'll add this stanza to /etc/config/network:
config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '0t 1t 2t'
	option vid '100'
  • Connect a cable between port 1 of the C7v5 (if I got the mapping correct) and the Pi.
  • Connect your internet connection to the wan port of the C7v5.
  • Check connectivity to the internet. If it doesn't work, we might have the wrong physical port -- try the others one at a time.

Once everything is working with the internet connection, you should be able to use your C7v5's wifi and get normal connectivity for your network. At this point you can disable the Pi's wifi and you're done.

Following your steps, it worked the first time. Nevertheless, the C7v5 doesn't have internet connectivity, how can I achieve it if it's possible ?

I own also a Xiaomi Router 4A Gigabit Version, which looks like it has better wifi performance on 5G band than the C7v5 so I'm thinking use it instead of C7v5. I guess that the configuration regarding the VLANs should be pretty similar, right? Having in mind that the Xiaomi doesn't have "switch" as far I see...