VLAN configuration

Hi everyone,

we are trying to connect a device with ssid associated network with VLAN ID. Required scenario is explained in last shared snap.

Actually i have a main router (which has a management IP and two vlans: VLAN10 and VLAN20) and an Access Point having two ports eth0(LAN) and eth1(WAN) as show in below snap. In AP there is an SSID .

CASE 1: when we use default openwrt configuration in that case a device connected to ssid associated with network "lan" IP 192.168.1.XX is obtained as shown is below snap 1-

root@OpenWrt:/# cat /etc/config/network 

config interface 'loopback'       
         option device 'lo'        
         option proto 'static'        
         option ipaddr ''        
         option netmask '’
config globals 'globals'        
        option ula_prefix 'fd70:5311:35a9::/48’

config device        
        option name 'br-lan'        
        option type 'bridge'        
         list ports 'eth0’
config interface 'lan'        
        option device 'br-lan'        
        option proto 'static'        
        option ipaddr ''        
        option netmask ''        
        option ip6assign '60’

config interface 'wan'        
        option device 'eth1'        
        option proto 'dhcp’
config interface 'wan6'        
        option device 'eth1'        
        option proto 'dhcpv6’

root@OpenWrt:/# cat /etc/config/wireless 

config wifi-iface 'default_radio1'        
        option device 'radio1'        
        option network 'lan'        
        option mode 'ap'        
        option ssid 'OpenWisp-5g.0309'        
        option encryption 'none'

CASE 2: when we add a bridge configuration as shown below in network file, a device connected to ssid associated with a network interface "wan" a management IP (172.xx.xx.xx) is obtained as shown in below snap 2-

config device
        option name ‘br-wan'        
        option type 'bridge'        
         list ports 'eth1'

config interface 'wan'        
        option device 'br-wan'        
        option proto 'dhcp’

CASE 3: i required a such configuration by which a device connected to that SSID should get the IP of that vlan to which we have connected the SSID (10.10.10.xx or 20.20.20.xx) and scenario is shown in below snap 3-

If you or someone has an idea how to do such configuration... much appreciated
Thanks to the developers.

We can certainly help with the situation, but it's not clear exactly what you're asking. You lay out 3 different scenarios -- which one do you want? Or is it none, but you want to have VLAN 10 and VLAN 20 on your AP?

1 Like

Would this topic be better suited for the Network Configuration subforum?


Hi @psherman,

In layout 1 and layout2 both are clear and working fine getting ip 192.168.1.XX and 172.XX.XX.XX respectively.

In layout 3 in simple words, AP has a SSID "OpenWisp-5g.0309" and when we connect our wireless device (mobile/laptop) to this SSID then IP should be obtained from VLAN (these vlans are already in router), whatever VLAN ID i am using in network configuration. I could not find the exact solution to achieve this.

when we use VLAN ID 10 then connected device should get IP 10.10.10.XX
and when we use VLAN IN 20 then connect device should get IP 20.20.20.XX.

Thanks @psherman for the knowledge exchange.

So normally, the dumb AP configuration will use the lan port (although the ports themselves are easily remapped). You don't want to be using the wan interface, though.

What do you mean by "whatever VLAN I am using"?

It seems that you have 3 VLANs

  • VLAN ? 172.xxx.xxx.xxx (is this untagged?)
  • VLAN 10 (10.10.10.xxx) - tagged
  • VLAN 20 (20.20.20.xxx) - tagged

If I understand your situation, the 172 network is for device management, and VLANs 10 and 20 are for wifi. Is that correct? Does the 172 network also need wifi?

Is the switch configured such that it is trunking all three networks? Are they all tagged or is one untagged? if one is untagged, which one?

P.S. I assume that you've made 'cartoon' subnets for this discussion insofar as 10.10.10.xxx and 20.20.20.xxx. But, just to make sure -- all of your networks should be RFC1918. This means that the 20.20.20.xxx network would not be valid.

Further, you can fully reveal the RFC1918 address range without compromising your network -- these are not considered private or sensitive addresses.

Since this appears to be the management VLAN, we need to know if the AP needs a static IP address on this network, or if it uses DHCP. If static, please provided the specific address you'd like the AP to use, as well as the subnet mask/size for the management network. As I said previously, this should be an RFC1918 address and therefore can be revealed without any security issues.