Setting up WiFi with VLANs

Installing and Using OpenWrt
1

Hello.

I have an openWRT router (edge router 4) + openWRT AP (archer c7).

I'm trying to set up 2 VLANs (Home and IoT) and corresponding WiFi access points. Here is how VLAN configuration looks on the router:

image
image1483×446 60.4 KB

image
image1332×787 55.7 KB

I.e. one of the lan ports on the main router is a trunk (and connected to the AP), the other one is a simple access port for VLAN 99 (Home).

Here is what the switch configuration on the AP looks like:

image
image1546×906 69.7 KB

I.e. the LAN1 port is a trunk port for both the VLANs and is connected to the main router's trunk port. CPU is also trunked for both the VLANs (for the reasons I don't clearly understand, but it seems like this is a requirement). LAN2 is an access port for VLAN 99 and port LAN3 and LAN4 are access ports for VLAN 40.

The interface for the Home network (VLAN 99) is defined as a DCHP client.

image
image1406×256 28.2 KB

So far, until I start to introduce wireless, everything seems to work fine: When I'm plugged into any of the access ports (either for VLAN 40 or VLAN 99), my PC gets an IP assigned from the corresponding range (i.e. either from 192.168.40.x range or from 192.168.99.x range).

But when I'm creating a wireless network for any of those interfaces and trying to connect to it, I get no IP assigned.

Obviously, I'm doing something wrong. I'd appreciate some help with this set-up.

P.S. on both the devices OpenWrt 23.05.2 is installed.

2

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
3

Router:

root@ER4:~# ubus call system board
{
        "kernel": "5.15.134",
        "hostname": "ER4",
        "system": "UBNT_E300 (CN7030p1.2-1000-AAP)",
        "model": "Ubiquiti EdgeRouter 4",
        "board_name": "ubnt,edgerouter-4",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.0",
                "revision": "r23497-6637af95aa",
                "target": "octeon/generic",
                "description": "OpenWrt 23.05.0 r23497-6637af95aa"
        }
}

root@ER4:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd44:60f2:f9ef::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config interface 'lan'
        option device 'br-lan.99'
        option proto 'static'
        option ipaddr '192.168.99.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'lan0'
        option proto 'dhcp'

config interface 'wan6'
        option device 'lan0'
        option proto 'dhcpv6'

config bridge-vlan
        option device 'br-lan'
        option vlan '99'
        list ports 'lan1:u*'
        list ports 'lan2:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'lan2:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '30'
        list ports 'lan2:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '40'
        list ports 'lan2:t'

config interface 'PoGuest'
        option proto 'static'
        option device 'br-lan.20'
        option ipaddr '192.168.20.1'
        option netmask '255.255.255.0'

config interface 'Guest'
        option proto 'static'
        option device 'br-lan.30'
        option ipaddr '192.168.30.1'
        option netmask '255.255.255.0'

config interface 'IoT'
        option proto 'static'
        option device 'br-lan.40'
        option ipaddr '192.168.40.1'
        option netmask '255.255.255.0'

AP:

root@AP1:~# ubus call system board
{
        "kernel": "5.15.137",
        "hostname": "AP1",
        "system": "Qualcomm Atheros QCA9558 ver 1 rev 0",
        "model": "TP-Link Archer C7 v2",
        "board_name": "tplink,archer-c7-v2",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.2",
                "revision": "r23630-842932a63d",
                "target": "ath79/generic",
                "description": "OpenWrt 23.05.2 r23630-842932a63d"
        }
}

root@AP1:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd24:9a83:b8ec::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1.1'

config interface 'lan'
        option device 'eth1.99'
        option proto 'dhcp'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 2'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '6t 1'
        option vid '2'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '0t 2t 3'
        option vid '99'
        option description 'Home'

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option ports '0t 2t 4 5'
        option vid '40'
        option description 'IoT'

root@AP1:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option disabled '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'wifinet0'
        option device 'radio1'
        option mode 'ap'
        option ssid 'Home'
        option encryption 'psk2'
        option key '<REDACTED>'
        option network 'lan'
4

You need to create bridges and network interfaces for the vlans... then you can create new SSIDs and tie them to the networks.

Add this:

config device
        option name 'br-iot'
        option type 'bridge'
        list ports 'eth1.40'

config interface 'iot'
        option device 'br-iot'
        option proto 'none'

And it looks like you've got the lan interface attempting to use the "home" VLAN (99), so let's fix that...

Below needs to be edited so that the bridge has eth1.99 and the lan interface uses the bridge:

When you're done, it will look like this:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1.99'

config interface 'lan'
        option device 'br-lan'
        option proto 'dhcp'

Reboot your AP and try again.

1 Like
5

Thank you very much again! Fixed it as you said and it all works now. I totally missed this "bridge" dance :slight_smile:

6

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.