[SOLVED] Dumb AP with VLan - only WiFi not working

martin.forum · October 11, 2023, 2:53pm

Hello,

thanks to openwrt, it is possible to setup VLan's and dumb AP with many extra features. And this I want to setup:

    isp router - main router (openwrt) - managed switch - dumb AP (openwrt)

Config with three vlan's (lan, iot, guest), dhcp on main router, wifi for each vlan on main router and dump AP

Problem

only one thing is NOT working: connecting with the dump AP via WiFi - the client does not get an IP address?! I can see that the client tries to connect with the dumb AP.

Using the lan on the dump AP you get an IP address. on the main router both is working - lan and wifi.

Details - dumb AP

tp-link archer c6 v2 with openwrt 22.03.5, config:

services: no firewall, no dns, no qdhcp
switch (menu): used for vlan config
ports: 1 vlan 33 untagged,
2 vlan 11 untagged,
3/4 vlan 99 untagged,
wan all vlan tagged (connection to managed switch)
interfaces:
lan vlan 33 with fixed ip,
iot vlan 11 with not managed,
guest vlan 99 with not managed
wifi:
iot on interface iot for vlan 11,
lan on interface lan for vlan 33,
guest on interface guest for vlan 99

Config files - dumb AP

network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'xxxx:xxxx:xxxx::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'eth0.33'
	option proto 'static'
	option ipaddr '192.168.33.7'
	option netmask '255.255.255.0'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'
	option auto '0'
	option reqaddress 'try'
	option reqprefix 'auto'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '11'
	option description 'IoT'
	option ports '0t 3 5 1t'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '33'
	option description 'Lan'
	option ports '0t 2 1t'

wireless


config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'
	option disabled '1'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'wrt5'
	option encryption 'psk-mixed'
	option key 'xxxx'
	option ieee80211r '1'
	option nasid '0007'
	option mobility_domain '1EFF'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option wpa_disable_eapol_key_retries '1'
	option disabled '1'
	
config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'wrt2'
	option encryption 'psk-mixed'
	option key 'xxxx'
	option disabled '1'

config wifi-iface 'wifinet2'
	option device 'radio1'
	option mode 'ap'
	option ssid 'IoT'
	option encryption 'psk-mixed'
	option key 'xxxx'
	option network 'IoT'

config wifi-iface 'wifinet3'
	option device 'radio1'
	option mode 'ap'
	option ssid 'guest'
	option encryption 'psk-mixed'
	option key 'xxxx'
	option network 'guest'
	option disabled '1'

firewall (service not used)
dhcp (service not used)

other details

3) managed switch
tp-link TL-SG108E, config:
- ports: 
            1 vlan 33 untagged, 
            2 vlan 11 untagged, 
            3/4 vlan 99 untagged, 
            5-8 all vlan's tagged

2) main router
linksys wrt1900 acs v2 with openwrt 22.03.2, config:
- vpn: wireguard client configured for all vlan's
- dhcp server - each vlan interface has its own dhcp server
- firewall - configured, guest vlan is fully isolated
- vlan
            vlan 11 iot, 
            vlan 33 lan and 
            vlan 99 guest
- ports
            1 vlan 33 untagged, 
            2 vlan 11 untagged, 
            3 vlan 99 untagged,  
            4 all vlan's tagged, 
            wan connected with ISP router
- wifi 
            iot for vlan 11, 
            lan for vlan 33, 
            guest for vlan 99

1) ISP router, no changes just connected with main router wan port

bluewavenet · October 11, 2023, 6:09pm

"Dump" ? As in dumped into a dumpster?

martin.forum · October 11, 2023, 7:29pm

ok excellent reading thank you!

now - can you help with a solution as well?

andyboeh · October 11, 2023, 7:47pm

You need to create bridges for the VLANs so that WiFi interfaces can be attached to it, even if the bridge VLAN is the only port in the bridge.

See also this thread for a similar issue.

martin.forum · October 11, 2023, 9:28pm

thank you for the solution - yes, it is working. I just created - as you said - one bridge for each VLAN!