VLAN Problem? Ap with no internet connection

Hi,
I have bought a Raspberry Pi 4B Rev 1.4 and I flashed OpenWrt SNAPSHOT r17693-c2222f74c8

This is what im trying to achieve ![IMG_38424759|512x500]
192.168.230 its my actual PC from where I ssh the Pi, the configuration I make it with Luci via GUI typing the ip of the RPI from the browser
-Tp-link sg105E managed switch


Problems, I dont have Internet with PC 192.168.1.230 and something is wrong with WAN the clients of the AP doesnt have internet.
This is the etc/config/network:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdb3:51c0:4d85::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.172'
        option gateway '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '192.168.1.1'
        list dns '8.8.8.8'
        list dns '1.1.1.1'

config interface 'wan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '64'
        option ipaddr '192.168.3.1'
        option device 'eth0.3'
        option type 'bridge'
        list dns '192.168.1.1'
        list dns '8.8.8.8'
        list dns '1.1.1.1'

This is the etc/config/wireless:

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
        option band '5g'
        option htmode 'HT20'
        option cell_density '0'
        option country 'ES'
        option channel '36'

config wifi-iface 'wifinet0'
        option device 'radio0'
        option mode 'ap'
        option encryption 'psk2'
        option key "*******'
        option ssid 'DIGI-RPI'
        option network 'wan'

Can you help me?

Can you redraw your diagram with port numbers for the connections to the switch. Also, include where the internet comes in.

Finally, the main router - what is it (brand/model; stock firmware or openwrt or other)? Does it support VLANs?

1 Like

One more question. What are you trying to achieve? I see vlans for no apparent reason and a raspi in routing mode, for something that could be just bridging.

1 Like

Sure! thanks for reply :slight_smile: , my router
Device Type ZXHN H298A V1.0
Hardware Version V1.0.25
Software Version V1.0.25_DIGI.1T16
Boot Version V1.0.2

So the router probably doesn't support VLANs. This means that VLANs on your switch won't do anything useful, and won't work either.

I try to make a guest Ap separed from Lan, the RPI have to give ip to the devices, but I should be able to change settings from my PC 192.168.1.230 is this possible?

What model do you recommend me? It needs to have 802.1q right? I have seen gateways but they dont have wifi, I'm a bit lost

There are tons of options. If you want to setup VLANs on your main router, you do need 802.1q support (maybe yours does have this, most consumer routers do not when using the stock firmware). Essentially any device that is supported with OpenWrt can be used as a router with VLANs (there are some edge cases where the internal switch chip might cause some limitations, but most routers with OpenWrt work well).

Since you're trying to setup a separated wifi network, you may want to go with the dumb AP with guest network strategy.

Your switch TL-SG105E should be setup as a basic unmanaged switch (i.e. all ports untagged on the same VLAN, no additional VLANs defined) to allow proper connectivity at this point. If you want any wired machines to be on the same network as the separated wifi, you may then want to use the switch as a managed switch, but this is not needed if you are only setting up the separated network for wireless clients only.

2 Likes

Since your main router doesn't support VLANs, it and the switch and all your Ethernet cables will all run only untagged packets on the .1.0 network.

There are a couple of approaches to setting up the Pi for a guest network. The first is to leave the LAN as the upstream network, and NAT guests into it. This requires enabling NAT on the LAN network, and having forwarding from guest to lan. There is no wan network in that case.

The other approach is to make the Pi's wan network the upstream network, as is conventional with a router with multiple Ethernet ports (so the other ports are LAN, routed into WAN). This also works if you move the single port, untagged, over to wan, and set the LAN and guest networks to IP ranges outside the main router's .1.0 network. Set up an administrative AP on lan. Also you would likely want to open ports on the Pi firewall so you can ssh/http/https log into the Pi from wired machines on the .1.0 network.

2 Likes

You can use the rpi as the main switch of the network. See this guide: https://youtu.be/aqvbAQmAbAU

1 Like