[Solved] VLANs on TP-Link EAP613 V1

Installing and Using OpenWrt
1

Hi there,

I am new to openWrt and trying to set up an EAP613 AP with multiple VLANs.
Currently I have an opnsense fire wall running doing DHCP, NAT, etc. and an aruba instant on 1930 switch.

The opnsense has four NICs with the IPs
192.168.20.1 will be main LAN
192.168.21.1 MODEM with DrayTek Vigor
192.168.30.1 WiFi
192.168.178.1 old Fritz LAN

The openWrt AP is connected to the Switch on Port 8 and the WiFi Port from the fire wall is connected to the Port 7. On the firewall, the switch and the AP are the VLANs 40 and 50. At the AP I have set up 2 WiFi networks and a 3rd should follow too.

Main with IP ...30.1 (no VLAN), Guests 40.1 and IoT 50.1. Joining the main wifi will serve the correct IP, connecting to the IoT Wifi should serve from 50 range but also serves 30.

My current config is

network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd65:0a2f:61d5::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'bidge.40'
	list ports 'bidge.50'
	list ports 'lan'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.30.2'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.30.1'

config device
	option type 'bridge'
	option name 'bidge'
	list ports 'eth0'

config bridge-vlan
	option device 'bidge'
	option vlan '40'
	list ports 'eth0:t'

config bridge-vlan
	option device 'bidge'
	option vlan '50'
	list ports 'eth0:t'

config interface '40Guests'
	option proto 'static'
	option device 'bidge.40'
	option ipaddr '192.168.40.2'
	option netmask '255.255.255.0'
	option gateway '192.168.40.1'

config interface '50IoT'
	option proto 'static'
	option device 'bidge.50'
	option ipaddr '192.168.50.2'
	option netmask '255.255.255.0'
	option gateway '192.168.50.1'

wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
	option channel '1'
	option band '2g'
	option htmode 'HE20'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'Normal with 30'
	option encryption 'sae-mixed'
	option key '**********'
	option ieee80211r '1'
	option nasid '0001'
	option ft_over_ds '0'

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
	option channel '36'
	option band '5g'
	option htmode 'HE80'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'Normal with 30'
	option encryption 'sae-mixed'
	option key '******'
	option ieee80211r '1'
	option nasid '0001'
	option ft_over_ds '0'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'IoT with 50 VLAN'
	option encryption 'sae-mixed'
	option key ''
	option network '50IoT'

When I add the tags via luci I lose the connection to the AP and has to rollback.

add tags
add tags939×487 30.7 KB

I think I have to add another interface to keep the 30 IP range maybe?

Maybe anyone can point me to the correct direction for solving my problem?

Thank you in advance!
Julsen

2

This config has many serious errors. Reset to defaults and then post the network config again.

3

Ok, I factory reset and configured the main ip range, the main wifi and deactivated dhcp

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd61:6527:e6c3::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.30.2'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.30.1'
4

Ok... so what I'm going to do assumes the following:

  • VLAN 30 is used as the admin interface for this device
  • The trunk config is:
    • VLAN 30 untagged
    • VLAN 40 tagged
    • VLAN 50 tagged

We'll start by creating a series of bridge VLANs:

config bridge-vlan
	option device 'br-lan'
	option vlan '30'
	list ports 'lan:u*'

config bridge-vlan
	option device 'br-lan'
	option vlan '40'
	list ports 'lan:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '50'
	list ports 'lan:t'

Now, we'll edit the lan interface to use br-lan.30:

config interface 'lan'
	option device 'br-lan.30'
	option proto 'static'
	option ipaddr '192.168.30.2'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.30.1'

And now we'll create two unmanaged interfaces for the other two VLANs:

config interface 'guest'
	option device 'br-lan.40'
	option proto 'none'

config interface 'iot'
	option device 'br-lan.50'
	option proto 'none'

Finally, create 3 SSIDs and link them against lan, guest, and iot networks respectively.

Restart and test.

5

Ok, thank you very much. I will test them and give feedback asap

6

@psherman sorry for the late feedback but had much work to do today.

The given configuration works like a charm, thank you very much! I didnt expected to also add a VLAN for the 30 Network. Now I can assign the devices to the right space :), thanks again

7

You're welcome!

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile:

8

Ok, done :slight_smile:

9

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.