Vlan help on AP

I am trying to connect this test SSID to a vlan on my network. This AP mode not full router. The client can connect to ssid but fails to get IP address from dhcp. I can see packets from other devices on vlan 100 in a tcpdump but I see no dhcp packets from the wifi client.

This is a packet on vlan 100 from a wired ruku device so I know the vlan is tagged correctly on the switch port facing openwrt ap

root@OpenWrt:~# tcpdump -i lan -e  vlan
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lan, link-type EN10MB (Ethernet), capture size 262144 bytes
18:09:39.797947 88:de:a9:19:2d:1c (oui Unknown) > 01:00:5e:00:00:fb (oui Unknown), ethertype 802.1Q (0x8100), length 98: vlan 100, p 0, ethertype IPv4, 10.100.0.50.5353 > 224.0.0.251.5353: 0 SRV (QU)? Roku Premiere ._airplay._tcp.local. (52)

network config

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fde6:a3e2:84f3::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan'

config interface 'lan'
        option device 'br-lan'
        option proto 'dhcp'

config device
        option name 'eth0'

config device
        option name 'lan'

config interface 'intvl50'
        option proto 'none'
        option device 'vlan-br.50'

config device
        option type 'bridge'
        option name 'vlan-br'
        list ports 'lan'

config bridge-vlan
        option device 'vlan-br'
        option vlan '50'
        list ports 'lan:t'

config bridge-vlan
        option device 'vlan-br'
        option vlan '101'
        list ports 'lan:t'

config bridge-vlan
        option device 'vlan-br'
        option vlan '100'
        list ports 'lan:t'

config interface 'intvl100'
        option proto 'none'
        option device 'vlan-br.100'

config interface 'intvl101'
        option proto 'none'
        option device 'vlan-br.101'

wifi config

config wifi-iface 'default_radio1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'zap-test'
        option encryption 'psk2'
        option key 'xxxxxxxxx'
        option network 'intvl100'


hardware = ZyXEL NWA50AX
version = OpenWrt 22.03.3 r20028-43d71ad93e / LuCI openwrt-22.03 branch git-22.361.69894-438c598

Did you configure a DHCP server for this VLAN on your router? If not your client won't be able to obtain an IP.

Yes I do. I am not seeing the DHCP request from the wifi client in the packet capture. The wifi SSID is not correctly connected to the vlan.

There are several errors in this network file... I think it would be easiest to start from a fresh config. Are you able to reset to defaults and then post the default config file? (feel free to take a backup first.)

Here is the default config. Only thing changes from default config is ip set to dhcp.

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fdff:587b:97d3::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan'

config interface 'lan'
        option device 'br-lan'
        option proto 'dhcp'

root@OpenWrt:~#

Thanks for the near-default file. This makes thins much easier.
What is interesting about this device is that has only a single ethernet port (no built-in switch), but then it shows the port as 'lan' and not 'eth0' -- while many of the devices in this target plafrom are DSA, it is not entirely clear to me if this should be treated as DSA or traditional dotted notation on lan...

I see that you have 3 other VLANs -- 50, 100, an 101. What I suggest is that we only add one right now and test its functionality. That will make it easy to modify if it's wrong.

so try adding this:

config device
        option name 'br-vlan50'
        option type 'bridge'
        list ports 'lan.50'

config interface 'vlan50'
        option device 'br-vlan50'
        option proto 'none'

Then create a new SSID and connect this network with that SSID. Test and see if it works.

1 Like

Thanks that worked.

Great! Glad to hear it. Repeat for your other VLANs and you should be good to go!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.