VLAN configuration on Xiaomi AX3200

KuDDlowski · September 23, 2022, 9:21am

Hello everyone

I recently got myself a Xiaomi AX3200 and flashed OpenWRT 22.03 through UART. When I first logged in it surprised me that there is no "Switch" section under the Network Tab. When I SSH into the router I can't even use the swconfig command...

My use case is rather simple, I need to have a tagged VLAN for my IoT devices so that they connect to a wireless network through VLAN ID 20 to my "backend servers". I don't even care if the VLAN is tagged on a LAN interface or the WAN interface of the Xiaomi router, I just don't want two cables going to my switch from the router.

Before switching the device to the Xiaomi router I used a Netgear EX6150v2 which I needed to configure as described in VLAN configuration on Access Points Netgear EX6100V2 & EX6150V2 - #18 by KuDDlowski in order to get the VLAN communication working.

What do I need to do in order to make it working on the Xiaomi device? I already tried setting up a new network device wan.20 and an unmanaged interface on top of that. When I assigned it to the wireless network my devices were not able to connect to any other infrastructure servers in that same VLAN.

Thanks in advance
Cheers
KuDDlowski

trendy · September 23, 2022, 11:48am

KuDDlowski · September 23, 2022, 12:13pm

Thank you for sharing the DSA Tutorial @trendy - when I do it like that it seems that the router is soft bricked and is no longer available even on it's VLAN 1 default address.

pavelgl · September 23, 2022, 12:58pm

Please post the current network configuration.

uci show network

KuDDlowski · September 23, 2022, 2:59pm

Here's the output of uci show network

root@OWRT_AP_XIAOMI:~# uci show network
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd39:0a00:a52d::/48'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='lan1' 'lan2' 'lan3'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ip6assign='60'
network.lan.ipaddr='10.0.0.122'
network.lan.netmask='255.255.255.128'
network.@device[1]=device
network.@device[1].name='wan'
network.@device[1].macaddr='5c:02:14:31:b5:f0'
network.wan=interface
network.wan.device='wan'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.device='wan'
network.wan6.proto='dhcpv6'
network.wan6.reqaddress='try'
network.wan6.reqprefix='auto'
network.@device[2]=device
network.@device[2].type='8021q'
network.@device[2].ifname='wan'
network.@device[2].vid='20'
network.@device[2].name='wan.20'
network.wanifvlan20=interface
network.wanifvlan20.proto='none'
network.wanifvlan20.device='wan.20'
network.wanifvlan20.type='bridge'`

mk24 · September 23, 2022, 3:08pm

option type bridge within a config interface is deprecated-- declare bridges separately like the default setup of lan and br-lan.

KuDDlowski · September 23, 2022, 3:10pm

This is all auto generated config from luci... Again when I do the VLAN filtering as suggested in the DSA Mini Tutorial the router will no longer be available and needs to be reset by pressing the reset hardware button.

pavelgl · September 23, 2022, 3:17pm

This should add the wan port to the default bridge and make it use tagged frames with vlan IDs 1 and 20.
The lan ports will remain untagged members of vlan 1.

uci delete network.wan
uci delete network.wan6
uci delete network.@device[1]
uci delete network.@device[2]

uci add_list network.@device[0].ports='wan'

uci add network bridge-vlan
uci set network.@bridge-vlan[-1].device='br-lan'
uci add_list network.@bridge-vlan[-1].ports='wan:t'
uci add_list network.@bridge-vlan[-1].ports='lan1'
uci add_list network.@bridge-vlan[-1].ports='lan2'
uci add_list network.@bridge-vlan[-1].ports='lan3'
uci set network.@bridge-vlan[-1].vlan='1'

uci add network bridge-vlan
uci set network.@bridge-vlan[-1].device='br-lan'
uci set network.@bridge-vlan[-1].ports='wan:t'
uci set network.@bridge-vlan[-1].vlan='20'

uci set network.lan.device='br-lan.1'

uci delete network.wanifvlan20.type
uci set network.wanifvlan20.device='br-lan.20'
/etc/init.d/network restart

If everything is fine, save the changes (uci commit network). Otherwise, reboot the device and the previous configuration will be restored.

mk24 · September 23, 2022, 3:29pm

Set up an AP on lan and log in by wifi. Then if the Ethernet is misconfigured you will still have access.

KuDDlowski · September 23, 2022, 3:38pm

EDIT: It seems that this is not a problem, it seems to work just fine

Thanks for the suggestion, when I set it up like that, the VLAN 20 interface shows up as "Interface is marked for deletion"

This is what uci show network now looks like:

root@OWRT_AP_XIAOMI:~# uci show network
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd8d:f0d2:83ac::/48'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='lan1' 'lan2' 'lan3' 'wan'
network.lan=interface
network.lan.proto='static'
network.lan.ip6assign='60'
network.lan.ipaddr='10.0.0.124'
network.lan.netmask='255.255.255.128'
network.lan.gateway='10.0.0.1'
network.lan.device='br-lan.1'
network.@device[1]=device
network.@device[1].name='wan'
network.@device[1].macaddr='5c:02:14:31:b5:f0'
network.wan=interface
network.wan.device='wan'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.device='wan'
network.wan6.proto='dhcpv6'
network.wan6.reqaddress='try'
network.wan6.reqprefix='auto'
network.@bridge-vlan[0]=bridge-vlan
network.@bridge-vlan[0].device='br-lan'
network.@bridge-vlan[0].ports='wan:t' 'lan1' 'lan2' 'lan3'
network.@bridge-vlan[0].vlan='1'
network.@bridge-vlan[1]=bridge-vlan
network.@bridge-vlan[1].device='br-lan'
network.@bridge-vlan[1].ports='wan:t'
network.@bridge-vlan[1].vlan='20'
network.@bridge-vlan[2]=bridge-vlan
network.@bridge-vlan[2].device='br-lan'
network.@bridge-vlan[2].ports='wan:t' 'lan1' 'lan2' 'lan3'
network.@bridge-vlan[2].vlan='1'
network.@bridge-vlan[3]=bridge-vlan
network.@bridge-vlan[3].device='br-lan'
network.@bridge-vlan[3].ports='wan:t'
network.@bridge-vlan[3].vlan='20'
network.wanifvlan20=interface
network.wanifvlan20.proto='none'
network.wanifvlan20.device='br-lan.20'

pavelgl · September 23, 2022, 3:50pm

Parts of the code are executed twice.
Run again

uci delete network.@bridge-vlan[2]
uci delete network.@bridge-vlan[3]
uci delete network.wan
uci delete network.wan6
uci commit network
/etc/init.d/network restart

system · October 3, 2022, 3:50pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.