VLAN-Problems at WLAN

Hallo,

I havbe a Little problem with a "TP-Link TD-W8980":
I have installed the current Version of OpenWRT. Then I have create to WLANs: Intranet and Guest.
To sepperate the WLANs I have create a VLAN and thgen I bridged the VLAN an the Guest-WLAN.

Now my Problem:

• I can ping from the client in WLAN to the IP from the TP-Link-router
• I can ping from the TP-Link-router to the firewall (end of the VLAN)
• I become a dhcp-address from the firewall to the wlan-client

BUT: I cannot reach the firewall from the wlan-client. Ideas?

Thanks
Christian

@christian, welcome to the community!

To what IP???

Is this "firewall" another device, or are you referring to the TP-Link?

???

• Please provide more clarity in order to better assist you.
• You never mention your firewall zone settings for these Interfaces

Also provide tha following outputs:
cat /etc/config/network ; cat /etc/config/firewall ; cat /etc/config/dhcp

Hello,

hier the config-files

root@WLAN-AP01:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd86:d958:02c8::/48'

config atm-bridge 'atm'
        option vpi '1'
        option vci '32'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'

config dsl 'dsl'
        option annex 'a'
        option tone 'av'
        option ds_snr_offset '0'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'dhcp'

config device 'wan_dev'
        option name 'dsl0'
        option macaddr 'e8:de:27:73:f1:75'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '0 2 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '23'
        option ports '0t 2t 4t 5 6t'

config interface 'VLAN_23'
        option proto 'static'
        option ifname 'eth0.23'
        option ipaddr '10.0.23.253'
        option netmask '255.255.255.0'
        option dns '10.0.23.254'
        option type 'bridge'

root@WLAN-AP01:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config include
        option path '/etc/firewall.user'

root@WLAN-AP01:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'pci0000:01/0000:01:00.0/0000:02:00.0'
        option htmode 'HT20'
        option legacy_rates '1'
        option country 'DE'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option encryption 'psk2'
        option ssid 'ZST-Intranet'
        option key 'XXXX'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option ssid 'ZST-Guest'
        option encryption 'psk2'
        option key 'XXXXX'
        option network 'VLAN_23'

DHCP is not enabled.

Switch_View.JPG983×282 28.8 KB

Christian

• Are you going to provide the remaining information needed to assist you?

Also, per the Community Guidelines, please refrain from signing your posts.

Hello,

thank you all.
I found the error: the firewall are misconfigured by the administrator.
I can not understand why this produced so rare results in my openwrt router. According to the manufacturer, the firewall has an "intelligent" packet filter, which is supposed to detect attacks, but in my case, all requests to the network seem to have been blocked by the firewall.

Christian

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).