I am running the latest build OpenWrt 23.05.5 r24106 on an archer c7 v2. I have vlans configured in my environment and I wanting to utilize the 4 ports on the back of the C7. I do not have an issue if I mark a port as untagged for a specific vlan, but if I want to use that same port and tag multiple vlans, it does not work.
I understand that I cannot have untagged and tagged on the same port. What is happening is if I tag multiple vlans for that port, I lose connectivity. I am not being given an IP address from the dhcp server. If I change that port back to untagged for any given vlan, it works fine.
root@AP1:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd8f:cd02:5aea::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 5'
option vid '1'
option description 'LAN'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '6t'
option vid '2'
config interface 'Admin'
option proto 'dhcp'
option device 'eth1.10'
option ipaddr '10.0.0.80'
option delegate '0'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 2 4t 1t'
option vid '10'
option description 'Admin'
config zone
option name 'lan'
list network 'lan'
list network 'Admin'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config switch_vlan
option device 'switch0'
option vlan '4'
option vid '20'
option description 'User'
config switch_vlan
option device 'switch0'
option vlan '5'
option vid '30'
option ports '0t 1t'
option description 'User_Wifi'
config switch_vlan
option device 'switch0'
option vlan '7'
option vid '80'
option ports '0t 3 1t'
option description 'IOT'
config switch_vlan
option device 'switch0'
option vlan '8'
option vid '192'
option description 'Guest'
config interface 'GUEST'
option proto 'static'
option device 'br-GUEST'
option auto '0'
config interface 'IOT'
option proto 'static'
option device 'br-IOT'
config interface 'USER'
option proto 'static'
option device 'br-USER'
option auto '0'
config interface 'USER_WIFI'
option proto 'static'
option device 'br-USER_WIFI'
config device
option type 'bridge'
option name 'br-GUEST'
list ports 'eth1.192'
config device
option type 'bridge'
option name 'br-IOT'
list ports 'eth1.80'
config device
option type 'bridge'
option name 'br-USER'
list ports 'eth1.20'
config device
option type 'bridge'
option name 'br-USER_WIFI'
list ports 'eth1.30'
config switch_vlan
option device 'switch0'
option vlan '9'
option ports '0t 4t 1t'
option vid '90'
option description 'LAB'
root@AP1:~#
The C7 has 4 ports in the back that I can use. Just as an example and not based off my current configuration, port 1 plugs into a laptop that for the Admin network on 192.168.1.0/24 which is vlan 1. That port is marked as untagged on vlan 1.
That laptop easily gets an IP address from the dhcp server (pfsense)
Lets say I am implementing an IOT network that will run on vlan 2 (192.168.2.0/24)
If I decide I want port 1 to serve both vlan 1 and 2, I mark that port as being tagged on vlan 1 and vlan 2.
If I again connect the laptop to port 1, I am not longer getting an IP address from the DHCP server. Even though vlan 1 is tagged.
u* (in OpenWrt) or UP (in a network switch) means untagged on the wire.
If you Tag a VLAN on a port in OpenWRT, then cable that port to a switch, you should also Tag the VLAN on the switch port. And vice versa.
Local in OpenWRT means create a virtual device to access the VLAN.
You can create an Interface in OpenWRT on top of this virtual device.
You can select that Interface in wifi_xx -> Network. This will bridge the wifi network with the underlying virtual device for that Interface.
You can assign an IP address and subnet mask on that Interface. OpenWrt will then be able to act as a router in the VLAN.
Devices in the VLAN can (but doesn't have to) use that IP address as their gateway. If they do, you have what many call a "routed" rather than a "dumb ap" or "bridged" setup on the OpenWrt AP.
Once OpenWrt has an IP in the VLAN, you can also configure it to be a DHCP and/or DNS server there.
UP in switch also means making a physical port where you can attach a device which is not configured for VLANs into the VLAN (since frames are untagged on wire), for example a laptop.
Attaching a device such as a laptop into the VLAN can be useful to ping something on the other end / far side of the VLAN.
You can also test DHCP services in the VLAN with this method. Alternatively, you can just set a static IP on the attached device while testing.
Often it's a good idea to be connected to the management interface GUI / CLI via another VLAN than the one you are creating or modifying.
So, the Openwrt device connects to a manged switch via the WAN port. All the VLANs I need to serve are tagged on both ends. It works fine with WIFI and a single device physically connected. But I want multiple VLANs tagged on those physical ports.
Here is what I have done to test further.
I have set vlan 2 as untagged on port 3 and attached a device to it. I am able to get an IP within the appropriate range for this vlan.
Next, I removed the untagging for vlan 2 on port 3 and set vlan 1 as untagged. If I connect a device to it, again, I get an IP address that is appropriate for this vlan.
However, if I set vlan 1 and vlan 2 as tagged on port 3 and plug either of those devices into that port. I do not get any IP addresses.
As mentioned previously, everything works as intended except when I attempt to tag multiple vlans on the physical ports on the back of the Archer c7.
Here is what I have done to test further.
I have set vlan 2 as untagged on port 3 and attached a device to it. I am able to get an IP within the appropriate range for this vlan.
Next, I removed the untagging for vlan 2 on port 3 and set vlan 1 as untagged. If I connect a device to it, again, I get an IP address that is appropriate for this vlan.
However, if I set vlan 1 and vlan 2 as tagged on port 3 and plug either of those devices into that port. I do not get any IP addresses.
Ok. Thanks. You have a switch connected between the router and the ap. On the port that connects to the ap:
what is the status of each vlan? Are they all tagged or is one untagged?
What vlan ids are being used?
what port on the ap is used for the uplink?
Which network is used for managing the ap? And does the ap get a dhcp supplied ip or is do you want it to be static? If static, what address do you want it to use?