I'm perfectly able to create three separated networks on Tomato, which will work as I need. But I need to provide extended wifi signal by AP1 and AP2 which then I need to send to the Router which should assign those to appropriate networks.
So my guess was to use VLAN tags to identify what is what as clients from AP's have to go by LAN
I've tried to make new interface with eth1.4 in openwrt with given wifi, but tomato is not really picking that information on it's side (it looks)
So I've added tagged lan ports into VLAN 4 on tomato, but as well no luck
work in progress:
tomato:
openwrt
Can somebody please give me a help?
I'm kind of lost what is needed and where... And I'm pretty sure it can be done
Once you bridge everything together (in the OpenWrt device), you no longer have any isolation...
What you are trying to do is called "trunking". On all nodes, you have to defined several VLANs, tagged on both the internal and external port, then use separate interfaces and networks on each VLAN.
I have no experience with Tomato, so that would be only guessing.
Better post the output of the OpenWrt routers using preformatted text (Ctrl-Shift-c) uci show network; uci show wireless
The principle however is to bridge the wired vlan interface of the OpenWrt router that connects to the Tomato with the Wifi instance. For example eth0.4 and wlan0
so ... I have been able to get it to work on AP2 which is "dumber" of those two, only wireless AP with one lanport which connects ap to the router
config interface 'guest'
option type 'bridge'
option proto 'static'
option ifname 'eth1.3'
option ipaddr '192.168.1.3'
option netmask '255.255.255.0'
^ This works
Unfortunately the second AP which has got switch in it as it is formely router, I'm not yet able to get it work.
I've disabled same services, removed switch part from network setting and still no luck. ;/
I'm slowly getting there... It does look I need to define VLAN's on Dumb AP as well to pass it thru, It's not yet fully done, but looks like the way is kind-ish right
Trunk port means that it carries different vlans and optionally an untagged native vlan.
So if the uplink on AP1 is eth0, you need to create vlan interfaces eth0.x and bridge them with the appropriate wireless interface
In Tomato you need to create the same vlan interfaces on each downstream port towards the APs.
yeah, I thought that if switch is configured as unmanaged, it will just pass information without need to tag is, as my unmanaged switches across the house do. But unfortunately this one needed vlans to be configured and tagged as disabling switch functionality was not enough
anyway, thanks for your inputs which helped me to see some light at the end of the tunnel
so, after some time I'm back
since dumber AP2 is working flawlessly, dumb AP1 is kind of jelly.
AP2 does not have switch inside, so it's only sending tagged clients from wifi to eth1.x (where x is VLAN ID on tomato)
and it goes like this:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'main'
option type 'bridge'
option proto 'static'
option ipaddr '10.10.1.3'
option netmask '255.255.255.0'
option ifname 'eth1'
option gateway '10.10.1.1'
option dns '10.10.1.1'
config interface 'main6'
option proto 'dhcpv6'
option ifname '@main'
option reqprefix 'no'
config interface 'guest'
option type 'bridge'
option proto 'static'
option ifname 'eth1.3'
option ipaddr '192.168.1.3'
option netmask '255.255.255.0'
obviously different wireless ssid is assigned to gues/main
This is working solution which I'm happy about.
But AP1 which is TL-WR1043ND v2.1 (and so it have switch)
when client is connected to wifi on AP1 it's working, but it's uterly slow, like superabsolute slow with ping to main router over 30s
So I guess there is some issue with that switch still
Configuration goes like this:
It is working like in terms clients gets right IP from right dhcp BUT when connected to this AP, their internet or even local net is unusable.
But honestly I've run out of ideas where to look, how to inspects what is going on when connected to that AP where packets possibly goes and why it is so slow.
I kind of believe it's because that switch and more than anything I've wanted to get rid of it from configuration completely as is at AP2, but without it it's not working as expected....
anything I'm missing in my configuration and somebody can spot... please?
Thanks
I don't see any mistake, other than you don't need an IP on the guest interfaces, unless you want your guests to access the APs. If not, leave them unmanaged.
For the slowness issue, run top or htop and check if something is slowing your CPU down.
what do you mean I dont need IP on guest interface? You suggest to run is as dhcp client mode?
(i kind of prefered it that way, but looks like with dhcp mode it's not working at all, eg. it has got same MAC and router probably can't assign correctly different IP's to one MAC)
or?
edit: ah you mean "unmanaged" mode completely, ok i'll try that
and
yeah there was a kworker process with 99% of CPU when wifis were enabled in this configuration. So I guess it's got a hell of work to route those packets somewhere in some kind of loops or smthing
.
Because before (without those VLANS) it was running just normally for couple of years. So again, I guess it's messing with routing.
I'd better like the idea to have it completely unmanaged dumb AP as AP2, but for some reason that switch seems to need to be managed, otherwise it's dropping vlan tags eg. not working ;/
You already have an IP on the main interface for you to manage the APs, so you don't need another IP on the guest interface. You can use the unmanaged protocol, so that it doesn't get any IP.
Enable STP just in case there is some loop in your network.
i'll be monitoring it closely for day or two. As it might not be actually related to configuration, I've read over the internet that some people have had 99% cpu by some kmod-led module or whatever.
Or I'll simply configure autorestart each day at 4am .... not nicest solution, but sometimes works best
not nicest solution, but sometimes works best