joaophi
February 4, 2021, 10:59am
#1
Hi guys,
ALL PC's can access ISP
Related topic: Mouting AP with 2 openwrt routers bridged (DumbAP)
Mi Router 4A Gigabit - OpenWrt SNAPSHOT, r15668-d33cd383ed
root@router:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fd86:5e9b:17d1::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ifname 'lan1 lan2 wan.1'
config interface 'wan'
option ifname 'wan.2'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option gateway '192.168.2.254'
list dns '192.168.2.254'
WR841N - OpenWrt 19.07.5, r11257-5090152ae3
root@ap:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdc6:4858:6dc1::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.1.2'
option gateway '192.168.1.1'
list dns '192.168.1.1'
option ifname 'eth0.1 eth1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0t 4 3 2t'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '0t 2t 1'
Stefan1
February 4, 2021, 1:35pm
#2
Short stupid question: Why don't you just switch router and ap and behind the router continue with a lan zone ? Your landscape looks quite unusual...
joaophi
February 4, 2021, 1:58pm
#3
ISP Router isn't in a good spot for wifi coverage and I'll replace the ap with a gigabit switch TL-SG105E soon.
Stefan1
February 4, 2021, 2:21pm
#4
There is no vlan config for your router. How should it now that you want to use the wan port with tagged vlans ? I would expect that you need to configure the switch inside your router like you did with the ap, add 2 vlans, mark the wan port as tagged. Maybe part of that comes out of the box, but the wan port by default is untagged, I would think. So probably in the ap you get wan from an untagged port, route it to a tagged port, from there to a tagged port on your router, and the lan connection from your router goes via the same tagged port back to your ap.
joaophi
February 4, 2021, 2:29pm
#5
The router is running snapshot, so there's no switch config anymore, just DSA. I use wan.1 and wan.2 in the ifname option to define the vlan (the port name is just wan, without the .1 or .2).
Stefan1
February 4, 2021, 4:32pm
#6
So DSA nows that wan is a tagged port just because wa.1 and wan.2 are used ?
I would try out /evaluate 2 things:
There is one cable between router wan and AP port 2, no hub, ... ?
What happens, if you configure your routers lan2 to be the port with vlan (so put lan2.2 in interface wan, and lan2.1 in interface lan ) and change the cable to lan port 2 ?
joaophi
February 4, 2021, 7:52pm
#7
In my understanding yes, with DSA we don't have switchs anymore, each port is a separeted interface (like wan@eth0 lan1@eth0 lan2@eth0).
When you use .1 ou .2 at ending of the interface, you are assigning that interface (as tagged) to the vlan id after the dot.
Yes, there's only one cable.
I'll try when I get home.
joaophi
February 4, 2021, 8:19pm
#8
I changed the VLAN from the wan port to the lan port, but got the same results.
Stefan1
February 4, 2021, 8:32pm
#9
Then I am running out of ideas.
bringing the wan through your ap works
your pc3 can access all clients on the ap, and is visible to all of them
does pc1 see pc3 ?
please post the router wireless config - I assume the wifi-iface uses network lan
joaophi
February 4, 2021, 11:05pm
#10
Hey man, I found out!!!!
All I had to do has enable vlan_filtering:
root@Router1:/# echo "1" > /sys/class/net/br-lan/bridge/vlan_filtering
Thanks anyways
Stefan1
February 5, 2021, 9:46am
#11
Great! Still I do not understand, how with dsa one can distinguish between a tagged and an untagged port. But it looks like luci support for this has been provided:
openwrt:master ← jow-:uci-network-device-support
opened 07:03PM - 28 Jul 20 UTC
joaophi
February 5, 2021, 11:26am
#12
I found it hard to understand too, but openwrt support is a WIP.
Maybe this post can help you undertand.
it seems that UCI is capable of providing only 2 port states:
lanN.VID = VLAN enabled with tag state, or
lanN = VLAN disabled with untag state
but missing (which was possible with swconfig)
VLAN enabled with untag state
Been trying to find an OpenWRT script that translates swconfig reliably for UCI DSA but did not succeed, only came across this
We are still missing a script to convert a swconfig configuration to a bridge configuration for DSA.
system
February 15, 2021, 11:26am
#13
This topic was automatically closed 0 minutes after the last reply. New replies are no longer allowed.
