U6 Lite help with default configuration

colini · November 14, 2022, 11:00pm

Hello,

I've just flashed an Ubiquiti U6 Lite AP with openwrt OpenWrt 22.03.2 r19803-9a599fee93. I'm confused by the default configuration.

root@OpenWrt:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fd41:819f:c9ac::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

My first question. For br-lan, list ports = 'lan'. Does this refer interface 'lan'? That seems circular to me, since interface 'lan' lists 'br-lan' as its device.

Next, I can't follow all the linux setup here (I removed loopback and wlans, not relevant for now):

root@OpenWrt:~# ip addr

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc fq_codel state UP qlen 1000
    link/ether 24:5a:4c:1c:c5:3c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::265a:4cff:fe1c:c53c/64 scope link 
       valid_lft forever preferred_lft forever
3: lan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 24:5a:4c:1c:c5:3c brd ff:ff:ff:ff:ff:ff
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 24:5a:4c:1c:c5:3c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fd41:819f:c9ac::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::265a:4cff:fe1c:c53c/64 scope link 
       valid_lft forever preferred_lft forever

I'm not familiar with syntax "lan@eth0". It has the same MAC as eth0. Does the kernel create this thing, or does OpenWrt set it up somehow?

I see eth0 has MTU 1504. Are the extra 4 bytes for VLAN tags?

Finally, this is a single port device. Does it have some kind of internal "switch"? Is it DSA-style? I've struggled searching to find similar configurations.

Apologies if these are basic questions, I'm still learning modern OpenWrt config (I haven't run it in a while).

Thanks,
Colin

psherman · November 14, 2022, 11:13pm

The terminology can be a bit confusing.

br-lan is bridge device definition. Inside it is the lan 'port' which refers to the actual physical ethernet port. Sometimes the physical ports are also referred to as interfaces in general language, but in OpenWrt, the interfaces are typically actually the network definition, such as the lan interface. In this device, the lan 'port' = eth0.

It is basically an alias. It makes eth0 addressable as 'lan' from a physical port perspective. This is, broadly, part of the DSA syntax overhaul which generally tries to match the logical port names with the physical labeling of the ports on the hardware. Since the U6 Lite only has a single ethernet port, it's not terribly valuable. But devices that have a built-in switch and 4 ports labeled with lan and one labeled as a wan can benefit from the new syntax.

the lan interface uses br-lan, which in turn uses the physical lan port and, since it is a bridge, will allow the radios to be attached as well.

The U6 series devices have DSA syntax, yes. I cannot speak as an authority here, but I think there is a switch (which may connect the radios and/or have unpopulated ethernet links since it is a single physical port device).

mk24 · November 15, 2022, 12:03am

It's a MT7621 chip, which has an internal 5 port switch but four of the ports are unused. The chip was designed for typical 4+1 port desktop routers. The switch section can't be bypassed for hardware such as this, where only one of the ports is connected to an actual Ethernet connection. So DSA rules are still in effect, even though there is only one port which is named lan. The other ports don't have names because they aren't usable anyway. In DSA, the underlying eth0 port is an internal connection and should not be used in a configuration.

A software bridge named br-lan exists to link the hardware Ethernet to the wifi driver having by default an AP on each band. A software bridge works a lot like an unmanaged Ethernet switch with one cable plugged into the CPU kernel and other cables going to real hardware. The IP address applied to the bridge applies to everything on it. If you connect to wifi you can access the OpenWrt OS (kernel port) at 192.168.1.1 or also if you connect to Ethernet you can access the kernel at that same IP through the same bridge.

colini · November 15, 2022, 2:29am

OK, thank you both for the replies it does clear up a few things. Now I hope you can help w/ wlan

I enabled the 5g wlan and assigned it to (openwrt) interface 'lan':

root@OpenWrt:~# cat /etc/config/wireless 

# snip other radio
config wifi-device 'radio1'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
	option channel '36'
	option band '5g'
	option htmode 'HE80'
	option cell_density '0'
	option country 'US'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'test_lan'
	option encryption 'sae-mixed'
	option key 'xxxxxxxxxxxxxxxx'

Since lan's device is br-lan, the wlan is added to the bridge (I guess that's why?):

root@OpenWrt:~# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc fq_codel state UP qlen 1000
    link/ether 24:5a:4c:1c:c5:3c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::265a:4cff:fe1c:c53c/64 scope link 
       valid_lft forever preferred_lft forever
3: lan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 24:5a:4c:1c:c5:3c brd ff:ff:ff:ff:ff:ff
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 24:5a:4c:1c:c5:3c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fd41:819f:c9ac::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::265a:4cff:fe1c:c53c/64 scope link 
       valid_lft forever preferred_lft forever
9: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 26:5a:4c:1c:c5:3d brd ff:ff:ff:ff:ff:ff
    inet6 fe80::245a:4cff:fe1c:c53d/64 scope link 
       valid_lft forever preferred_lft forever

And as mk24 mentioned, if I connect to wlan1 I can reach the CPU on 192.168.1.1. I'm not going to claim I really understand, but at least now I know what to expect when clicking around in luci.

My next question. The stock firmware lets you associate each SSID with a VLAN. How can I do this in openwrt? With the above config, br-lan "Bridge VLAN filtering" only shows the lan port.

Should I create one 802.1q device for each VLAN, and if so, under which base device: br-lan, eth0, or lan@eth0? Or something else entirely?

thanks again,
Colin

psherman · November 15, 2022, 6:15am

exactly.

You'll use the DSA syntax to do this.

Basically, you can create additional bridge devices, and that will allow you to specify tagged networks on the trunk.

The following would allow you to configure VLAN 20 on the physical lan port as a tagged network.

config bridge-vlan
	option device 'br-lan'
	option vlan '20'
	list ports 'lan:t*'

Then, setup an unmanaged network (proto: none)

config interface 'guest'
	option device 'br-lan.20'
	option proto 'none'

and then associate the guest network (in this example) with a new SSID. That will connect VLAN 20 coming from an upstream router+switch to your SSID (this whole example is assuming you are using this U6-Lite as a dumb AP and that you've already correctly configured your main router and managed switch (if present) properly for your needs).