Struggling with VLANS

Installing and Using OpenWrt Network and Wireless Configuration
1

So, im really struggling setting up VLANs and a Trunk between the OpenWRT device and my Cisco Switch.

I have a Ubiquiti AP AC LR with a single Ethernet port I want to configure VLANs on.

The configuration is as follows.

eth0
eth0.1
eth0.2
eth0.3

I then want to assign the certain VLANs to specific SSIDs.

I cannot seem to get this to work. I have tried so many different methods and nothing wants to work. Im actually starting to go a little mad!

How should I do this? Do I use Software VLANs? Do I need to be tagging in a specific way? Do I need to use bridges etc?

Also, any specific config on the cisco side.

I have

switchport mode trunk
switchport trunk allowed vlan 1,2,3
switchport nonegotiate

Any ideas please help me!

2

Which OW device? Which Cisco switch? What is your /etc/config/network on the OW device? Maybe paste a screenshot of the interfaces tab if complex.

You can see a few of the videos I linked on this wiki for more details on VLANs.

3

I would have given you much more information on the OpenWRT setup trust me but i've managed to destroy it trying config changes haha. Ill have to try a factory reset tomorrow.

The Cisco switch is a Catalyst 2960.

1 Like
4

Add a new interface. In the device field scroll to the bottom of the drop down list and type eth0.1 , confirm with Enter. Protocol can be static or dhcp client for the admin interface, the rest better be unmanaged.
Then create an new SSID and add it to the network you created earlier.

1 Like
5

Do not try to use tagged and untagged on the cable. All VLANs should be tagged.

You'll want to create an "admin" network with a wifi AP and a DHCP server so you can always log into the AP over wifi whether the Ethernet is working or not. This network doesn't need a firewall zone since the default firewall accepts input on unassigned interfaces. It also doesn't need to forward to the Internet since it is for local control.

A link from a main router over a VLAN to a dumb AP involves a software bridge from the wifi to wired. First use the Devices tab on Network-Interfaces to create a bridge for each VLAN. Name them something consistent with what they do such as br-vlan2. The only device yet in that bridge will be eth0.2, as @trendy said you need to manually create it at the bottom of the list. Then create a matching network called vlan2 with protocol Unmanaged and br-vlan2 as its device. This network doesn't do anything since it has no IP address, but it has to exist or the bridge won't actually be created. Then create a wifi AP with vlan2 as its network.

3 Likes
6

We can probably help you resolve your issue by taking a look at the config files:

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
7

Thanks for the info guys!

Im going to give this a crack tomorrow. I actually had it working but I thought it was messy, now im starting to think it wasnt messy as I thought I could do away with the bridge interfaces.

I need to tag everything as its a trunk on the other end.

2 of the 3 vlans will have wifi SSIDs.

Do I need to create bridges if im not using wifi and only using ethernet? Because im pretty sure I tried that but could not see any TX/RX interface on 2 of the 3 VLANs, only one. Its like they would not negotiate or were not accepted in the trunk for some reason.

8

No. You can create an interface and directly use an eth port (with or without VLAN) as the network's only physical device. The kernel will place an IP address directly on the port instead of on a bridge.

9

Did you review any of these videos? Very helpful.

10

Yea I did, im just a bit confused still as im sure the setup i was doing was correct.

Basicly, without doing anything wifi related to keep things simple for now,

I created my vlan interfaces,

eth0.1
eth0.2
eth0.3

I then assigned them to a network

eth0.1 - unmanaged
eth0 2 - static 192.168.2.1/24 with DHCP
eth0.3 - static 192.168.3.1/24 with no DHCP

But still, I could only see traffic passing on the eth0.2 interface, the rest would only have TX traffic and very little almost as if it the cisco was dropping it.

Im sure if I can get the VLANs passing through correctly, i can work the rest out.

With this setup i was not using any bridge devices.

Should this be able to pass traffic on the correct VLAN with this confuguration or am I missing something at this step already.

11

There are 3 parts to the equation:

  1. Your router configuration and trunk port
  2. The switch configuration, including the trunk ports
  3. The OpenWrt AP configuration

Have you verified that your router and switch are configured such that you can reliably connect to each network? (If not, I recommend setting one port per network on the switch as an access port and then connecting a regular computer to each port in turn to verify the network functionality.)

Earlier, I suggested that you share your OpenWrt configuration so that we understand what you've done so far and find any misconfigured bits. Would you be able to post it?

12

Leave only one interface with IP, the one you're going to use for management of the dumbAP.

13

Ok, im not sure what im doing wrong now but base config and I cannot create the software vlans for eth0 anymore, says

Device: not present
Conected: no

For eth0.3 for example

14

That will do nothing unless it is in a bridge to a wifi AP or another physical or virtual device.

That makes no sense. DHCP obtains an IP dynamically. A static IP cannot also be set.

1 Like
16

wget error 5 is not a network problem, it is because the root certificates in the router are too old to validate the site. Upgrade to 22.03.2.

17

Where can I find 22.03.2 images for my device?

Also can I just upgrade directly for the GUI

Thanks

18

https://downloads.openwrt.org/releases/22.03.2/targets/ath79/generic/openwrt-22.03.2-ath79-generic-ubnt_unifiac-lr-squashfs-sysupgrade.bin
Yes you can upgrade through the GUI.

As for your config, a lot of it looks unnecessary like option bridge_empty and the MAC overrides.

19

I agree with @mk24 that you should upgrade to 22.03.2 and that the conic contains stuff that should not be here (specifically, bridge empty and the MAC address overrides). I'd go further and suggest that you don't need to define the device, only the bridge...

So, looking at the above, it should all simplify to this (and this should be used as an example for the rest of them):

config device
        option type 'bridge'
        option name 'br-vlan103'
        list ports 'eth0.103'
        option ipv6 '0'

Next, the wlan devices should not be defined here... these are unique to the wireless config file, they do not belong in the network config.

Then, lookin at VLAN 101... if this is not your management network, it should be proto none (just like VLAN 102).

Finally, for VLAN 103 (which you stated is your management VLAN), check to make sure that the address is not used anywhere else on your network, and make sure the netmask is correct (if you are using a /24, this should be 255.255.255.0; what you have corresponds to a /28 with a maximum of 14 hosts). Further, if you want the OpenWrt AP to be able to reach other networks (or the internet, including the OpenWrt repos), it needs a gateway and DNS defined. So verify that your VLAN103 is correct for your upstream network.

It is also worth noting that you did not post your wireless config, so we don't know if you have properly connected your networks to your SSIDs.

2 Likes
20

Netmask is sort of deprecated, it is now valid to specify the IP and subnet size in one line: option ipaddr '172.16.103.1/24' This is also known as CIDR notation.

2 Likes
21

Thanks for that.

From a fresh favtory reset, I was having issues creating the software vlans,

I would create them but they would say absent decive