I started my OpenWRT Journey some month ago with building a VPN Travel Router and PBR. Since this moment I have the idea to replace my active home setup with an OpenWRT Router (Mikrotik 750Gr3) and 3 Unifi AC AP Pro as dump Access Points.
I am using the latest OpenWRT V. 23.05.2 on my Lab/Test Devices. My setup contains three VLANs:
I managed to get the VLAN Config Up and Running on the 750Gr3. My Test Unifi AP receives a valid IP Address on VLAN1 and VLAN100 when configuring the two Interfaces with a DHCP Client.
However as soon as set the VLAN100 Interface (IoT) to unmanaged and create a Wireless Network which gets assigned to the IoT Interface, the connecting wireless Clients are not able to obtain an IP Address by DHCP.
What confuses me the most is that the Unifif AP AC Pro OpenWRT Firmware has both possibilities to define VLANs over the Switch Menu and on the VLAN Filtering Menu of each Device as well (even though I don't think this is where I miss something)
After all the reading I did, I think there must be missing something specific to this single port Device as there is a VLAN eth.01 by default. So I don't really use the br-lan and its VLAN in my following config. I would be greatfull if somebody could give me a hint how to make the wireless VLAN config work.
Network Config of my dumb AP
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd33:f7c4:f8a4::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
list ports 'eth0.10'
list ports 'eth0.100'
config interface 'lan'
option device 'eth0.1'
option proto 'dhcp'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3'
option vid '1'
config interface 'IoT'
option proto 'none'
option device 'eth0.100'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '10'
option ports '0t 2t 3t'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 2t 3t'
option vid '100'
config device
option name 'br-lan.100'
option type '8021q'
option ifname 'br-lan'
option vid '100'
option macaddr 'F4:E2:C6:10:05:E4'
config device
option name 'br-lan.10'
option type '8021q'
option ifname 'br-lan'
option vid '10'
option macaddr 'F4:E2:C6:10:05:E5'
so your device is SWCONFIG device
and your config is complete mess
so, please reset router to factory default
then, configure VLANs only in switch menu !!!!!!!!!
you could NOT use eth0 because eth0 is NOT a rj45 port
it is internal port between CPU and SW chip
The singular bridge you have created is the primary problem...
A bridge is a software equivalent of an unamanged switch. What you've done here is effectively merged your three VLANs -- you don't want to do this. Instead, you need to have a bridge for each network.
We can probably clean this up...
Your bridges should look like this:
config device
option name 'br-mgmt'
option type 'bridge'
list ports 'eth0.1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.10'
config device
option name 'br-iot'
option type 'bridge'
list ports 'eth0.100'
And then your network interfaces (required for each network), using the bridge device we created above) should look like this
config interface 'mgmt'
option device 'br-mgmt'
option proto 'dhcp'
config interface 'lan'
option device 'br-lan'
option proto 'none'
config interface 'iot'
option device 'br-iot'
option proto 'none'
Thx a lot for you help. I recreated my config and it looks now pretty similar to the "example" of psherman. DHCP over the Wifi is also working fine when using the bridge.
I am still a little lost about understanding why this Device still has the Switch Config and why it is not possible in this case to create a bridge directly when creating the interface (like on Pre v21 Openwrt). Does this simply mean that this Unifi AC Pro has not been yet or can't be migrated to DSA like all of my other Devices (where the Switch menu has been removed)?
The transition from swconfig to DSA is ongoing, but not yet complete. The process started with 21.02 and has added more targets/devices with each subsequent release, but there are more to go. Your device still uses swconfig. This doesn't present any problems though -- it works just as swconfig always has.
I seem to recall that the bridge inside the network interface config stanza was valid through 18.06, but deprecated for 19.07 and newer.
I don't know the specific reasons, but I would guess that the goal was to make things cleaner. If you start with the premise that each network has one virtual 'port' -- that is to say, one connection from the logical network configuration to hardware somewhere. If you want to be able to connect multiple physical devices[1], you need to use a bridge, which is basically an unmanaged switch implemented in software. By creating a separate bridge device stanza, we can group everyting in the bridge as a single 'device'. And then that single bridge device entity is used by the network interface.
Glad I was able to help get everything working!
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!
with swconfig, the physical ethernet ports are handled by swconfig, but a bridge is necessary if you will be using two or more wifi radios, or ethernet + wifi. For devices that use DSA, the ethernet ports are handled directly by name, so in this environment, a bridge is required if there will be 2 or more total physical interfaces (i.e. individual ethernet ports and/or radios). âŠī¸
