[SOLVED] Please help me carry two VLANs across a unifi6-lite [SOLVED]

I have done some reading, and have tried many configs.

I keep locking myself out when trying to set the default vlan(1) on the unifi6-lite.
I have successfully gotten the default-vlan wireless to pull a DHCP ip on my client, but it won't connect to the internet (with dns set to the 192.168.1.1 device)

I have tried keeping the br-lan as a management interface, and configuring the VLANs on their own bridges with no success.

I would like to access the AP via luci and ssh.
They are both DSA devices.

DHCP, DNS is handled by the router

unifi6-lite config:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fde9:8d0e:46ea::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

Openwrt router config:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'
        list ports 'eth2'
        list ports 'eth3'
        list ports 'eth4'

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option delegate '0'
        option ipv6 '0'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'eth1'
        list ports 'eth2'
        list ports 'eth3'
        list ports 'eth4'

config interface 'GST'
        option proto 'static'
        option device 'br-lan.10'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'eth1:t'
        list ports 'eth2:t'

Let's try the bridge-vlan method on your U6 Lite:

add bridge vlans for VLANs 1 and 10

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan:t'

Edit the lan to use br-lan.1:

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

And add an unmanaged network interface for VLAN 10:

config interface 'vlan10'
        option device 'br-lan.10'
        option proto 'none'

Then you can create a wifi SSID for VLAN 10. Finally reboot and test.

Try that out. If it doesn't work, there is another method we can use.

Ok, I followed your advice and the default-lan's wireless connects and pulls DHCP, but can't connect to the internet.

The Ipv4 gateway on Lan is not set. If I set it to 192.168.1.1, I get locked out of the AP (interface now set at 192.168.1.3) on Lan interface.

current:

        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd91:4cfb:b589::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan'

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ipaddr '192.168.1.3'
        option netmask '255.255.255.0'
        option ip6assign '60'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan:t'

config interface 'vlan10'
        option device 'br-lan.10'
        option proto 'none'```

Was it working previously?

For the AP, that's not necessary to set unless the AP itself needs routed/internet access. It shouldn't cause a lockout, though.
You have a copy/past error...

the three tick marks ("```") at the end of this are invalid.

Try erasing those and then restart the AP.

The lockout was caused by the Firewall zone.
I uninstalled Firewall4 completely, I have luci access again.

Going to try to fix the config and reboot.

This was a typo, my bad!

It was not working before on Openwrt
It's pulling dhcp just not reaching WAN

This should not be necessary. Just leave the firewall lan zone as accept for all three options.

This is a problem with the main router, then.
Does this affect both networks, or just one of them?

It was working OK with the stock unifi firmware with just one SSID, and no Vlan tags, plugged into the managed switch.

Both networks pull DHCP but no internet

It is not DNS

ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Destination Net Unreachable

Router is not accepting input.

Any ideas?

Before we make any changes to the AP, let's verify that the router is working (at least for the main lan)... connect a computer directly via ethernet to the main router and then repeat the internet access test.

You're going to hate me...

Unplugged the modem for config.
Resolved!

Thank you so much..

You're welcome!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.