Setup of dumb AP with two VLANs and single physical cable

cervenka · April 30, 2022, 3:31pm

Sorry if a bother you with an argument already discussed in several posts, but I really need some help to fine tune my configuration, after several attempt.
I'm starting the upgrading of my dumb AP to 22.03 and I decided to simplify my network with two VLANs in my Mair Rooter. In doing so I'm inspiring the the previous post https://forum.openwrt.org/t/help-with-openwrt-router-3-dumb-access-points-vlan-setup/122123/2; unfortunately it's not exactly the same configuration (mine would be both Main Rooter and APs with 22.03).
The configuration in Master Rooter is the following:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fd55:ca42:500e::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'eth3'
	list ports 'eth4'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ip6class 'local'

config interface 'wan'
	option device 'eth0'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0'
	option proto 'dhcpv6'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'eth3'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'eth3:t'

config interface 'MOBNET'
	option proto 'static'
	option device 'br-lan.10'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option gateway 'xxxxxxxxxxxxx'

and the configuration in AP it's the following:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fda4:8d37:5874::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.2'
	option gateway '192.168.1.1'
	list dns '192.168.1.1'
	option device 'br-lan.1'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

config interface 'mobnet'
	option proto 'dhcp'
	option device 'br-lan.10'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'lan1:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config device
	option name 'br-lan.10'
	option type '8021q'
	option ifname 'br-lan'
	option vid '10'
	option macaddr 'xxxxxxxxxxxxxxxxx'

config device
	option name 'br-lan.1'
	option type '8021q'
	option ifname 'br-lan'
	option vid '1'
	option macaddr 'xxxxxxxxxxxxxxxxx'

I did assign the proper interface to AP wlans but in any case it's not working (interface mobnet it's not obtaining an IP from Main Rooter).

Can you provide some suggestion?

Thanks in advance

cervenka · May 4, 2022, 8:08pm

After several attempts I finally fixed the setup and now the network it's up and running.
For somebody else future use I'm copying and past my actual configuration, in main rooter and dumb APs.

Master Rooter (Ubiquiti EdgeRouter X), #3 dumb AP's (Netgear R6220); both EdgeRouter X and R6220 running 21.02.3
Master Rooter configuration.
/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fd55:ca42:500e::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'eth3'
	list ports 'eth4'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ip6class 'local'

config interface 'wan'
	option device 'eth0'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0'
	option proto 'dhcpv6'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'eth3'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'eth3:t'

config interface 'mobnet'
	option proto 'static'
	option device 'br-lan.10'
	option ipaddr '192.168.3.1'
	option netmask '255.255.255.0'
	option gateway '192.168.1.*'

/etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	list ipset '/primevideo.com/vpnbypass'
	option confdir '/tmp/dnsmasq.d'
	option noresolv '1'
	option doh_backup_noresolv '-1'
	list doh_backup_server ''
	list server '127.0.0.1#5054'
	list server '127.0.0.1#5053'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option leasetime '24h'
	option ra_default '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '3'

config dhcp 'mobnet'
	option interface 'mobnet'
	option start '100'
	option limit '150'
	option leasetime '1h'
	list ra_flags 'none'

/etc/config/firewall

as clearly explained in the mentioned post, added to additional rules.

<...>

config rule
	option name 'Allow-mob-DNS'
	option dest_port '53'
	option target 'ACCEPT'
	list proto 'tcp'
	list proto 'udp'
	option src 'mobnet'

config rule
	option name 'Allow-mob-DHCP'
	list proto 'udp'
	option dest_port '67-68'
	option target 'ACCEPT'
	option src 'mobnet'

dumb AP configuration

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fdea:0def:9fb8::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option proto 'static'
	option ipaddr '192.168.2.*'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.2.1'
	list dns '192.168.2.1'
	option device 'br-lan.1'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config bridge-vlan
	option device 'br-lan'
	option vlan '20'

config interface 'mobnet'
	option proto 'dhcp'
	option device 'br-lan.10'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'lan1:t'

/etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ignore '1'
	list ra_flags 'none'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'mobnet'
	option interface 'mobnet'
	option ignore '1'
	list ra_flags 'none'

I'm not reporting here the wireless configuration, that it's unchanged respect to 19.07
I've also removed from startup firewall, odhcpd and dnsmasq.

Moving from 19.07 to 21.02 was a bit scaring for, considering the impossibility to maintain the original configuration after upgrading; in addition I had few or nothing knowledge of VLAN setting and switch configuration in general. The exercise was not completely pain-free but I'm pretty satisfied to have reached the result without any help.

system · May 14, 2022, 8:08pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.