Sanity check this vlan setup?

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi. I'm trying to work around a place that does not have any more space for cables in concrete walls... so vlans to the rescue! but not very familiar with openwrt vlans, specially on the two port AP pro...

Can I have a sanity check on this setup before I start?

image
image1062×454 40.4 KB

All wires in the home goes to the place where the Switch lives. There are also a few computers there that should be in the LAN side of things.

Then, from that central switch place, there is only one cable going to the APpro place (where it must be to cover the home)

This is the original switch settings on the APpro
(port 1 wan, port 2 LAN)

vlanID      cpu(eth0)      lan1      lan2
1 lan        tagged         off      untagged
2 vwan       tagged        untagged  off

will change to: port1 trunk-ish, port2 lan.

vlanID      cpu(eth0)      lan1      lan2
130 lan       tagged       tagged    untagged
192 wan       tagged       tagged    off

the switch will be

VlanID      port8     port7   port6-2
192          untag     tag     off   
130          off       tag     untag

So, IPS modem plugs into port8, gets throw in vlan192...
APpro goes to port7 and handles the two vlans.
Everything else in that room goes to port6-2 onto vlan130.

So, this looks good, Right?

Now, Do I need to do anything special on the interfaces besides assigning eth0.192 and eth0.130 to the right nets (wan, br-lan respectively)? I plan to keep everything else as-is from the standard setup.

Am I forgetting anything? Thank you!

2

i can't seem to understand what "interface" wifi is attached to. it shows "lan" on the only option i see on luci. But the network>interfaces>devices>br-lan section still shows both eth0.1 and eth0.130... is that eth0.1 a vlan used by wifi?

3

Is this a proposal or have you already implemented the configs?

4

It was a proposal, but i got a second modem and started to reconfigure it as such.

vlans looks like

image
image907×324 42.6 KB

and device table

image
image708×640 87 KB

is it safe to drop that eth0.1 now?

The br-lan doesn't show wifi devices/interfaces. Only those two vlans (1 and 130)

image
image613×309 52 KB

But the lan interface which only have the br-lan device shows two wifi devices on the icon

image
image220×249 11.9 KB

same on the conf files

config device 
        option name 'br-lan' 
        option type 'bridge' 
        list ports 'eth0.1' <- is this the wifi vlan?
        list ports 'eth0.130'

config interface 'lan'
        option device 'br-lan'

i see that the wifi settings have a different pattern, they assign themselves to a interface instead of creating a device for the interface to "pick"...

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
5

Before you go too far into this, I'd recommend that we start with a few basics...

  • Is the AP Pro going to serve as the router? Also, is this the UAP-AC-PRO, or the older AP-PRO (802.11n)?
  • Is the ISP modem a modem only, or is it also a router?
  • Is your switch running OpenWrt or something a vendor firmware? What is the brand+model of the switch?
6

Eth0.1 is left over from the default configuration before you changed the vlan numbers in the switch. Eth0.1 goes out of the CPU Ethernet port and then gets dropped when it reaches the switch since there is no such vlan configured to the switch hardware. You can just delete it.

Wifi interfaces get pushed into the bridge as additional ports later. This does not show up in the configuration.

1 Like
7

"Ubiquiti UniFi AC Pro"

it's a home router.

it's a managed soho switch. no openwrt. will be either a gs105e or DGS-1100 (netgear/dlink)

8

Awesome. Thanks. the wifi radio icons inside the parenthesis for br-lan really threw me off :slight_smile:

I guess I will live with it, the button to drop that device is disabled :sweat_smile:
edit:ah, probably because it is still listed in br-lan in the networks file
edit: simply removing from the br-lan list got rid of it.

9

Is your config working as you want right now, or are there still things that need to be done?

I'm guessing that the ISP modem/router doesn't support VLANs (at least not on the lan side), so I assume all additional routing is happening on the UAP-AC-PRO, right?

We can review the config on the UAP-AC-PRO if you'd like... please let us know if it is just a sanity check/review, or if there are specific things you're having difficulty getting to work.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like
10

Thanks! i will finish the setup and paste the configs.

I was mostly trying to understand the things the happens automagically, like the wifi inserting themselves in br-lan.

You are correct that the IPS router/modem do not support vlan. That's why i'm using the swith and one untagged port to dump it on VLAN192. Then I plug openWRT on a port that is tagged for both (VLAN192 and VLAN130, wan and lan respectively)

Now I will just need to test if the default firewall/routing settings will do what I think and keep wan/lan separate. I think it will be fine... The first post is still spot on for what i'm following. Only divergence from the plan on 1st post for now is to take a detour and delete the old vlan1.