Using OpenWrt as a wired AP including VLANs

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello community,

I have a good old Dir-825 that was flashed with OpenWrt since 2014. Later used as a WiFi Repeater and recently as an ethernet connected AP only to discover I don't really know how to configure WiFi Vlan after watching countless video and browsing.

Currently running the latest 21.0 Firmware, dnsmasq and firewall are disabled.

  1. Ubiquiti ERX Router
    1.1 ETH0 connects to Modem
    1.2 ETH3 connects to Unmanaged switch (may upgrade later to a managed one) | PVID = 1 | VID =
    6,7
    1.3 ETH4 connects to a Unifi AP. | PVID = 1 | VID =
    6,7,8

HomeNet is on 1, Guest Net is on 6, IOT Net is on 7

  1. A LAN cable from the Switch goes to the DIR-825 Lan port. Interfaces configured below and successfully gets the correct IP subnet. Interface and VLANs config:

openwrt-forum
openwrt-forum1872×1424 125 KB

My goal is simply for the DIR-825 to act as an AP with HomeNet SSID, Guest SSID, IOT SSID. The remaining 3 LAN port to be HomeNet. Also, how can I use the WAN port instead of LAN1 as the bridge? Future plan may include wiring another AP to LAN 4.

Thank you for your help.

2

I did pretty the same thing on a Archer C7.

Since the AP is working as Dump-AP / switch, firewall rules are not needed, so you can disable/stop firewall. Disable/stop dhcp/dns services too.

Just remove the WAN Interfaces, and add eth1 to br-lan.
Set VLAN's to eth1 as needed.

If you like to use LAN4 as uplink, set VLAN in the same way.

Don'f forget to setup wifi to the correspondig VLAN interface.

Thats it ...

1 Like
3

Wifi already up and running on the VLANs.
However, they fail to get an IP address when I try to connect via WiFi.

I also understood how to use the Wan port on ETH1 with the VLANs in case I wish to.

It seems the ERX Router is not able to deliver the address via the OpenWrt AP. Any ideas please?

4

Have you validated that the ER-X is configured properly for VLANs using a wired computer? You can do this with its built-in switch or with the dumb AP switch to create access ports for each of the networks.

Is your ER-X running OpenWrt or EdgeOS? We'll look at that config next, but first...

From the dumb AP, please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
5

ER-X is working properly on EdgeOS given my UAP-AC-PRO AP (running unifi os) is connected to ETH4 and broadcasting 4 SSIDs which can be connected correctly.
image

I have been able to connect to Home Net via the Dumb AP with an IP address. Only the Guest and IOT that doesn't give IP address when connected via WiFi.

Config below:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdea:673f:e258::/48'

config device
        option name 'eth1'
        option macaddr '######'
        option ipv6 '0'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'
        option ipv6 '0'

config device
        option name 'eth0.1'
        option macaddr '####'
        option ipv6 '0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.3.51'
        option gateway '192.168.3.1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
        option enable_vlan4k '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '5t 0 1 2 3t'

config switch_vlan
        option device 'switch0'
        option vlan '6'
        option ports '5t 3t'

config switch_vlan
        option device 'switch0'
        option ports '5t 3t'
        option vlan '7'

config device
        option name 'eth0.6'
        option type '8021q'
        option ifname 'eth0'
        option vid '6'
        option ipv6 '0'

config device
        option name 'eth0.7'
        option type '8021q'
        option ifname 'eth0'
        option vid '7'
        option ipv6 '0'

config interface 'IOTNet'
        option proto 'dhcp'
        option device 'eth0.7'
        option hostname '*'
        option type 'bridge'

config interface 'GuestNet'
        option proto 'dhcp'
        option device 'eth0.6'
        option hostname '*'
        option type 'bridge'

Wireless Config:


config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:11.0'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option encryption 'none'
        option ssid 'OpenWrt-IOT'
        option network 'IOTNet'

config wifi-device 'radio1'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path 'pci0000:00/0000:00:12.0'
        option htmode 'HT20'
        option disabled '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'OpenWrt-Guest'
        option encryption 'none'
        option network 'GuestNet'

config wifi-iface 'wifinet3'
        option device 'radio0'
        option mode 'ap'
        option ssid 'OpenWrt-HomeNet'
        option encryption 'none'
        option network 'lan'
6

Try removing these:

And then change the proto for these to none. Your dumb AP does not need to have addresses on the extra networks, only the one that is used for managing the device (which I am presuming is lan (192.168.3.0/24)

7

Also, it should go without saying that your dumb AP must be connected to eth3 or eth4 on the ER-X.

And finally, double check that the logical port 3 on the dumb AP actually corresponds to the port you are using to connect back to the router. It is not uncommon for the port numbers on the case to be different than the logical port numbers within the configuration. From your image in the first post, it looks like that is fine, but verify that the port with the link established does indeed match the port that you've got your VLANs setup on.

8

Try setting the protocol as unmanaged for those interfaces.
DHCP did not work for me, too.

Looks like this in Openwrt 19.xx
Dump-AP Interfaces

9

Your bridge configuration for the guest and iot network is incorrect. It should look like the one of the lan network.

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdea:673f:e258::/48'

config device
        option name 'eth1'
        option macaddr '######'
        option ipv6 '0'

config device
        option name 'eth0.1'
        option macaddr '####'
        option ipv6 '0'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'
        
config device
        option name 'br-guest'
        option type 'bridge'
        list ports 'eth0.6'
        
config device
        option name 'br-iot'
        option type 'bridge'
        list ports 'eth0.7'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.3.51'
        option gateway '192.168.3.1'

config interface 'GuestNet'
        option proto 'dhcp'
        option device 'br-guest'

config interface 'IOTNet'
        option proto 'dhcp'
        option device 'br-iot'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
        option enable_vlan4k '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '5t 0 1 2 3t'

config switch_vlan
        option device 'switch0'
        option vlan '6'
        option ports '5t 3t'

config switch_vlan
        option device 'switch0'
        option ports '5t 3t'
        option vlan '7'

If you run brctl show, you should see the wired and wireless interfaces as bridge members.

root@OpenWrt:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br-lan          7fff.909a4a96c58a       no              wlan1
                                                        eth0.1
br-guest        7fff.909a4a96c58a       no              eth0.4
                                                        wlan1-1
br-test         7fff.909a4a96c58a       no              wlan1-2
                                                        eth0.3
1 Like
10

Thank you, its now working correctly.
Indeed as I doubted there was no connection between the Guest/IoT and the Bridged Lan.
Thank you a lot :slight_smile: and an opportunity for me to try the command line config also.

1 Like
11

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.