This is where I landed... with ASUS RT-AX53U.... Cant say i didn't try

deepak3s · June 7, 2024, 4:11pm

This is my setup:

Internet<>Opnsens<>ManagedSwitch<>OpenWrt

trying to acheive this:

My Opnsense FW Vlans, all DHCP / Routing / FW handeled on OpnSense F/W
Guest 192.168.40.1/24
HomeWiFi 192.168.10.1/24
IPCam 192.168.20.1/24
IoT 192.168.30.1/24
LAN 192.168.1.1/24 Connects to TP-Link Smart Managed Switch
WAN 192.168.xxx.xxx

Tried a whole bunch of stuff on Luci... but of no success... finally reset again , please find below my default configs..

root@OpenWrt1:~# ubus call system board
{
        "kernel": "5.15.150",
        "hostname": "OpenWrt1",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "ASUS RT-AX53U",
        "board_name": "asus,rt-ax53u",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.3",
                "revision": "r23809-234f1a2efa",
                "target": "ramips/mt7621",
                "description": "OpenWrt 23.05.3 r23809-234f1a2efa"
        }
}

root@OpenWrt1:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd88:c199:d423::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

root@OpenWrt1:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HE20'
        option disabled '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
        option channel '36'
        option band '5g'
        option htmode 'HE80'
        option disabled '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

root@OpenWrt1:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

deepak3s · June 7, 2024, 4:19pm

Trying to get

Wan as the trunk uplink from Tplink Switch
Only require all the vlans on Wifi both 2.4 & 5
Switch Port 1 as emercency port with dhcp incase i get locked out because of some wrong config.

brada4 · June 7, 2024, 8:51pm

If vlans are tagged then it is dumb ap 5x , once per 4 vlans plus one for that management port.

psherman · June 8, 2024, 3:55am

What is the address here? Is it 192.168.1.x or something else? Is this the addrsss that will be used to manage the device?

Is this network present on your main router, or is this just a fallback address? Why is it connected to the switch?

What are the vlan ids for each of these networks? Are any of them untagged? And if so, which one? And of the current wan address is not the desired management address, please specify what vlan/address will be used for that purpose.

deepak3s · June 8, 2024, 4:13am

WAN 192.168.28.xxx is the Wan IP from my ISP on Opnsense

LAN 192.168.1.1/24 Connects to TP-Link Smart Managed Switch
Consider this as Management Vlan So the Dumb AP will have 192.168.1.3 as management IP

Below is the traffic on the trunk port
Guest 192.168.40.1/24 Tagged VLAN40
HomeWiFi 192.168.10.1/24 Tagged VLAN10
IPCam 192.168.20.1/24 Tagged VLAN20
IoT 192.168.30.1/24 Tagged VLAN30
LAN 192.168.1.1/24 Untagged

psherman · June 8, 2024, 4:53am

Sounds good. I'm assuming that this network already exists on the upstream network, too.

Ok... so we'll make this VLAN 1 and we'll carry it on the wan port. The configuration I'll show will have just a single connection to your switch -- don't connect any of the lan ports back to the switch.

Start by moving the wan port into br-lan:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'wan'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

Next, delete the wan interfaces:

Now create bridge-VLANs:

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'wan:u*'
        list ports 'lan1:u*'
        list ports 'lan2:u*'
        list ports 'lan3:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'wan:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'wan:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '30'
        list ports 'wan:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '40'
        list ports 'wan:t'

Edit the lan interface to use br-lan.1 and to use the specified IP (192.168.1.3) for management:

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ipaddr '192.168.1.3'
        option netmask '255.255.255.0'

And create unmanaged interfaces for the other VLANs:

config interface 'homewifi'
        option device 'br-lan.10'
        option proto 'none'

config interface 'ipcam'
        option device 'br-lan.20'
        option proto 'none'

config interface 'iot'
        option device 'br-lan.30'
        option proto 'none'

config interface 'guest'
        option device 'br-lan.40'
        option proto 'none'

Disable the DHCP server on the lan interface (/etc/config/dhcp):

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'

And now you can setup wifi SSIDs and associate them with the networks (homewifi, iot ipcam and guest).

All of the lan ports will still be associated with the lan interface, and the address is as you specified (but there is no dhcp server running on OpenWrt). If the wifi SSIDs don't work, we'll need to do some troubleshooting such as assigning the ports to the VLANs. But we'll get there only if we need it.

Reboot the router and test it out. It should work, but this, of course, assumes that the upstream is configured properly.

deepak3s · June 8, 2024, 5:58am

Yes, the router works, upstream opnsense working fine, laptop connected to lan1 got IP from Opnsense, internet working.
But no Wifi

psherman · June 8, 2024, 6:00am

What do you mean no wifi? Do you mean that ips are not being assigned when you connect?

Have you proven that the upstream is configured correctly?

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

deepak3s · June 8, 2024, 9:10am

All working, including VLANS on the WiFi.. Thanks a lot Psherman

system · June 18, 2024, 9:10am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.