I saw the other thread on problems with the "new style" configuration but . My config looks like this:
-
SSIDs for the primary 2.4Ghz network and 5Ghz network. These are both on "default" (on DD-WRT they show up on VLAN 1 if you configure multiples, and you MUST if you want more than one.)
-
Secondary SSID for a GUEST 2.4Ghz network on VLAN 3.
With DD-WRT this too me a good while to figure it out but once I did it was easy (even if it didn't make a lot of sense to me); the default setup had one bridge (br0) and then you set up br1 with the wireless interface (e.g. wl0.1) and the vlan you were using for the guest (vlan3). Br0 would then show up as having eth1 and eth2 in it, plus vlan 1 and 2 -- "2" is the WAN port (which I'm not using as this is just an AP)
Then you set the VLANs to be tagged and both 1 and 3 to the ethernet port you wanted on the switch, and it worked -- but your switch had to be configured to tag ALL packets for both VLANs; you couldn't "split" it (leave the base untagged), which is fine.
Doing as close as I can figure is the same setup on OpenWRT doesn't work at all. I'm going through Luci and the base has br-lan there with no VLAN filtering. I went into network->Interfaces and defined br-lan.3 as a VLAN 802.1q, and configured that, with the base device being br-lan. This is fine and applies without problems.
But -- as soon as I turn on br-lan.3 here (anything in the hyphens fields) I lose access and after a while Luci reverts it (good, as otherwise I'd be locked out.) Plugging into a separate cable on the switch that has both VLANs 1 and 3 tagged on all frames doesn't help so whatever is going on it screws it immediately.
Its ok for the base SSIDs to be on VLAN 1, since the switch its connected to can either tag or untag there (either tag secondaries VLANs or tag all), and "1" is the "base" VLAN. But I need the secondary "guest" SSID on the same LAN port -- not two separate ports.
The "must tag everything" sorcery for DD-WRT took a while to figure out and is apparently a switch limitation but in this case that's not helping -- if I make that change and the switch the network cable to one that has both Vlan 1 and 3 tagged I lose connectivity so I'm obviously missing something important.
This is what is in /etc/config/network and works -- until I turn on Vlan 3 on the port, then its entirely dead.
OpenWrt 22.03.3, r20028-43d71ad93e
-----------------------------------------------------
root@Airgw:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fdf0:de44:bce4::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
option vlan_filtering '0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.10.253'
option gateway '192.168.10.200'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config interface 'Guest'
option device 'br-lan.3'
option type 'bridge'
option proto 'none'
config device
option type '8021q'
option ifname 'br-lan'
option vid '3'
option name 'br-lan.3'
config bridge-vlan
option device 'br-lan'
option vlan '3'
option local '0'
root@Airgw:~#