Currently I only have one LAN network for both wired and Wi-Fi hosts. Now I would like to separate them, I would like to move the Wi-Fi service to a new second network/VLAN and have 2 LAN ports attached to that new network too. The other 2 ports would remain in my existing first network.
My problem now is with the network configuration, once that is done, I guess I will be able to configure the wifi and firewall configuration files.
I have seen the DSA documentation and some videos, but cannot manage to make it.
As far as I have understood, from version 21 I should see the LAN ports as devices, but that's not my case.
I also find an error every time I want to set the DHCP server:
"Save error An error occurred while saving the form: RPC call to uci/add failed with ubus code 9: Unspecified error at handleCallReply"
All those things happen when configuring through the GUI. Unfortunately I have not found a step-by-step documentation or examples on how to configure through the configuration files.
Please help me... What should I do to make a new network 192.168.100.0/24 accessible through Wi-Fi and LAN ports 1 and 2 ?
unfortunately your router has not yet switched to the DSA version but you still have swconfig, so you will have to create a new vlan and remove the lan1 and lan2 ports from vlan 1 and assign them to the new vlan created.
this is a example:
this is guide:
Unfortunately at the moment I don't have any routers based on swconfig yet (I have them all with DSA) so I can't send you a ready-made configuration file but I can ask you to proceed one step at a time first connect via your PC to the router on port 3 or 4
then go to network, interfaces, switch and add vlan n. 3 or 4 or 5, ecc
I hope that with the graphic examples you can understand how to proceed, however if you post the graphic output of what you see, little by little I can help you.
[quote="azu, post:1, topic:182319"] "Save error An error occurred while saving the form: RPC call to uci/add failed with ubus code 9: Unspecified error at handleCallReply"[/quote]
I'm assuming you edited some file inside /etc/config by hand creating an error
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Thank you. That's done. What would be the next step to set the 192.168.100.1/24 network into that VLAN?
I am trying to add a new interface with the newly created device, but I get the mentioned DHCP problem.
I assume the graphical interface gives you the error?
you can run:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Thanks. Yes, I need some help. I can see two problems in the new network (named "sp").
1 - There is connectivity, but DNS does not work.
2 - Wi-Fi does not work, it does not connect, clients don't manage to get an IP address.
root@myrouter:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fc88:3fdf:2343::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth0.2'
option macaddr '34:33:b2:3c:42:35'
config interface 'wan'
option device 'eth0.20'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.20'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 4 5'
option vid '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 1t'
option vid '20'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 2 3'
option vid '100'
config interface 'sp'
option proto 'static'
option device 'eth0.100'
option ipaddr '192.168.100.1'
option netmask '255.255.255.0'
list dns '8.8.8.8'
list dns '1.1.1.1'
list dns '192.168.1.1'
option type 'bridge'
config device
option name 'eth0.100'
option type '8021q'
option ifname 'eth0'
option vid '100'
root@myrouter:~#
root@myrouter:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config zone
option name 'sp'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'sp'
config forwarding
option src 'lan'
option dest 'sp'
config forwarding
option src 'sp'
option dest 'wan'
config rule
option name 'SP DHCP and DNS'
option src 'sp'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option name 'SP to LAN DNS'
list proto 'udp'
option src 'sp'
option dest 'lan'
list dest_ip '192.168.1.254'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'SP to WAN DNS'
list proto 'udp'
option src 'sp'
option dest 'wan'
option dest_port '53'
option target 'ACCEPT'
root@myrouter:~#
Bridges need to be defined separately, not in the network interface stanza. We can also remove the dns servers here because they don't do anything.
Instead, it should look like this:
config device
option name 'br-sp'
option type 'bridge'
list ports 'eth0.100'
config interface 'sp'
option proto 'static'
option device 'br-sp'
option ipaddr '192.168.100.1'
option netmask '255.255.255.0'
You can also delete this:
These changes will fix the wifi issue. But, if the DNS still doesn't work, please post your /etc/config/dhcp file for review.
EDIT: Adding stuff for the DNS issue:
I see you have 3 rules related to DNS here...
The first rule is not necessary (currently) because your sp firewall zone has input = accept.
The last rule can be deleted because there is nothing that would block DNS requests from the sp network to the wan (since sp > wan forwarding is allowed).
The middle rule points to a host in your lan -- this one could be relevant if you set DHCP option 6 on the sp DHCP server -- did you set it to this address? And if so, is that address correct (i.e. a DNS server is listening at that address)? If you're using a PiHole or other server on the lan, you do need to make sure it will respond to requests from other subnets (this can be a function of that host's firewall and/or DNS server configuration).
Omitting option 6 from the DHCP server will cause the DHCP server to advertise the router itself (192.168.100.1) as the DNS server and DNS lookups should work. Likewise, setting option 6 to a public DNS server (like 1.1.1.1 or 8.8.8.8) should also work.
Since we don't know what you have in the DHCP file, this is just a guess as to why your DNS isn't working -- but I suspect that this should help you solve the issue. If not, please post that file.
Great answer and explanations! Thank you very much. It also required a couple of easy things on LuCI (perhaps setting the DHCP server and assigning networks to WiFI, cannot remember what I did...) and everything is solved now! Thank you again.
