Vlan config on archer a7

jeroenterheerdt · December 28, 2024, 10:30pm

I am confused with how swconfig is supposed to work for my Archer A7. I want to use my Archer A7 as a dumb AP, which works currently using one of the yellow lan ports.

However, this is what I'd like to do:

Use the WAN port on my Archer A7 to link up to my main router. I have a Dynalink WRX36 that allowed me to do this so I am not sure why this wouldn't be something I could do on the Archer A7.
My network has the following VLANS set up which I'd like to use with my Archer A7 as well:

99 for main lan
3 for iot
4 for guest

the lan ports on my Archer A7 should be VLAN untagged and have 99 as it's default.
I want to add Wifi SSIDs that add clients to the correct VLANS (I'll worry about that later).

My network consists of:

Dynalink WRX36 as main router.
Dynalink WRX36 as a first dumb AP
Archer A7 as a second dumb AP

I have been able to make this work on my first dumb AP, but that uses DSA. Since Archer A7 doesn't use DSA but instead uses swconfig I am unsure how to make this work.

This is the config on the first dump AP:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd95:d6a8:fa11::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan'

config interface 'lan'
        option device 'br-lan.99'
        option proto 'static'
        option ipaddr '192.168.1.2'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '192.168.1.1'
        option gateway '192.168.1.1'
        option metric '1'

config bridge-vlan
        option device 'br-lan'
        option vlan '99'
        list ports 'lan1:u*'
        list ports 'lan2:u*'
        list ports 'lan3:u*'
        list ports 'lan4:u*'
        list ports 'wan:t*'

config bridge-vlan
        option device 'br-lan'
        option vlan '3'
        list ports 'wan:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '4'
        list ports 'wan:t'

config interface 'guest'
        option proto 'static'
        option device 'br-lan.4'
        option ipaddr '192.168.3.2'
        option netmask '255.255.255.0'
        option gateway '192.168.1.1'
        option metric '10'

config interface 'iot'
        option proto 'static'
        option device 'br-lan.3'
        option ipaddr '192.168.2.2'
        option netmask '255.255.255.0'
        option gateway '192.168.2.1'
        option metric '99'

And this is the config on the Archer A7 second dumb ap:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd2b:7052:1d11::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'dhcp'

config device
        option name 'eth0.2'
        option macaddr '00:31:92:da:2e:a8'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 2 3 4 5'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 1'
        option vid '2'

config interface 'wan'
        option proto 'dhcp'
        option device 'br-wan'

config device
        option type 'bridge'
        option name 'br-wan'
        list ports 'eth0.2'
        option bridge_empty '1'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '3'

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option vid '4'

config switch_vlan
        option device 'switch0'
        option vlan '5'
        option vid '99'

Can anyone help me setting up my second dumb ap so it meets my plans listed above? Particularly the presence of vlan1 and 2 on the Archer A7 throw me off.

psherman · December 29, 2024, 12:40am

On the A7, this is what we need to do...

First, it appears that logic port 0 is the CPU and logical port 1 is the wan port. The other ports (2-5) correspond to the lan ports. You said that you are using the wan port as the physical uplink. We'll set that up with all VLANs tagged on the wan, and then VLAN 99 untagged on the lan ports.

Delete this:

and this:

jeroenterheerdt:

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 2 3 4 5'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 1'
        option vid '2'

config interface 'wan'
        option proto 'dhcp'
        option device 'br-wan'

config device
        option type 'bridge'
        option name 'br-wan'
        list ports 'eth0.2'
        option bridge_empty '1'

Edit VLAN 3 so that it looks like this:

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '3'
        option ports '0t 1t'

And likewise vlan 4:

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option vid '4'
        option ports '0t 1t'

Now VLAN 99:

config switch_vlan
        option device 'switch0'
        option vlan '5'
        option vid '99'
        option ports '0t 1t 2 3 4 5'

Edit br-lan:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.99'

And create two new bridges:

config device
        option name 'br-iot'
        option type 'bridge'
        list ports 'eth0.3'

config device
        option name 'br-guest'
        option type 'bridge'
        list ports 'eth0.4'

And now two unmanaged interfaces:

config interface 'iot'
        option device 'br-iot'
        option proto 'none'

config interface 'guest'
        option device 'br-guest'
        option proto 'none'

Now you can setup SSIDs against the lan, iot, and guest networks.

This all assumes that the upstream connection is already tagged for all 3 VLANs. I don't see that currently configured on your first AP, though. Do both APs directly connect to the main router, or are they daisy chained (router > AP 1 > AP 2)?

If they're daisy chained, you need to adjust AP 1 accordingly... for example, if we want to use port lan4, you would make the following edits to the config on AP1:

config bridge-vlan
        option device 'br-lan'
        option vlan '99'
        list ports 'lan1:u*'
        list ports 'lan2:u*'
        list ports 'lan3:u*'
        list ports 'lan4:t'
        list ports 'wan:t*'

config bridge-vlan
        option device 'br-lan'
        option vlan '3'
        list ports 'lan4:t'
        list ports 'wan:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '4'
        list ports 'lan4:t'
        list ports 'wan:t'

Also, I recommend making the guest and iot networks on AP1 unmanaged since the AP does not need an address on these networks.

config interface 'guest'
        option proto 'none'
        option device 'br-lan.4'

config interface 'iot'
        option proto 'none'
        option device 'br-lan.3'

jeroenterheerdt · December 29, 2024, 1:56am

thanks a lot for your fast and perfect response! Following your guide made it work as I wanted!

system · January 8, 2025, 1:57am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.