VLAN separated IoT wifi on an Edimax RA21S

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi all,

I configured my Edimax RA21S (OpenWRT version 21.02.3) as a simple AP with one SSID:

network config 
config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	option igmp_snooping '1'

config device
	option name 'lan1'
	option macaddr '74:da:38:xx:xx:xx'

config device
	option name 'lan2'
	option macaddr '74:da:38:xx:xx:xx'

config device
	option name 'lan3'
	option macaddr '74:da:38:xx:xx:xx'

config device
	option name 'lan4'
	option macaddr '74:da:38:xx:xx:xx'

config interface 'lan'
	option device 'br-lan'
	option proto 'dhcp'
	option delegate '0'
wireless config 
config wifi-device 'radio0'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
	option band '2g'
	option htmode 'HT40'
	option cell_density '0'
	option country 'DE'
	option channel '8'
	option noscan '1'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'MySSID'
	option encryption 'sae-mixed'
	option key 'mypassphrase'
	option disassoc_low_ack '0'
	option wds '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
	option band '5g'
	option cell_density '0'
	option country 'DE'
	option htmode 'VHT160'
	option channel 'auto'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'MySSID'
	option encryption 'sae-mixed'
	option key 'mypassphrase'
	option disassoc_low_ack '0'
	option wds '1'

dnsmasq, firewall and odhcpd are disabled.
This setup works pretty fine.
Now I wanted to add an extra iot-wifi that is vlan-separated from the MySSID wifi.
As I do not have a network/switch option in luci, I tried it that way:

network config 
config device
	option type '8021q'
	option ifname 'lan1'
	option vid '10'
	option name 'lan1.10'
	option ipv6 '0'

config device
	option type '8021q'
	option ifname 'lan2'
	option vid '10'
	option name 'lan2.10'
	option ipv6 '0'

config device
	option type '8021q'
	option ifname 'lan3'
	option vid '10'
	option name 'lan3.10'
	option ipv6 '0'

config device
	option type '8021q'
	option ifname 'lan4'
	option vid '10'
	option name 'lan4.10'
	option ipv6 '0'

config interface 'iot'
	option proto 'none'
	option defaultroute '0'
	option peerdns '0'
	option delegate '0'
	option type 'bridge'
	option device 'br-iot'

config device
	option type 'bridge'
	option name 'br-iot'
	list ports 'lan1.10'
	list ports 'lan2.10'
	list ports 'lan3.10'
	list ports 'lan4.10'
	option igmp_snooping '1'
	option bridge_empty '1'
wireless config 
config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'MyIOTSSID'
	option encryption 'sae-mixed'
	option key 'supersecret'
	option network 'iot'

But OpenWRT doesn't seem to care to add the vlan interfaces or the bridge (regardless the bridge_empty option):

ip link 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc fq_codel state UP qlen 1000
    link/ether 74:da:38:xx:xx:xx brd ff:ff:ff:ff:ff:ff
3: wan@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 74:da:38:xx:xx:xx brd ff:ff:ff:ff:ff:ff
4: lan4@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
    link/ether 74:da:38:xx:xx:xx brd ff:ff:ff:ff:ff:ff
5: lan3@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
    link/ether 74:da:38:xx:xx:xx brd ff:ff:ff:ff:ff:ff
6: lan2@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
    link/ether 74:da:38:xx:xx:xx brd ff:ff:ff:ff:ff:ff
7: lan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 74:da:38:xx:xx:xx brd ff:ff:ff:ff:ff:ff
27: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 74:da:38:xx:xx:xx brd ff:ff:ff:ff:ff:ff
46: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 74:da:38:b8:6e:2a brd ff:ff:ff:ff:ff:ff
64: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 74:da:38:xx:xx:xx brd ff:ff:ff:ff:ff:ff
65: wlan0-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-iot state UP qlen 1000
    link/ether 76:da:38:xx:xx:xx brd ff:ff:ff:ff:ff:ff
66: wlan0.sta1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
    link/ether 74:da:38:xx:xx:xx brd ff:ff:ff:ff:ff:ff
74: br-iot: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 76:da:38:xx:xx:xx brd ff:ff:ff:ff:ff:ff

What is my mistake, what am I missing?
Thanks!

2

Soemthing like this.

config interface 'iot'
	option device 'br-lan.10'
	option proto 'none'
	option delegate '0'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'lan1:t'
	list ports 'lan2:t'
	list ports 'lan3:t'
	list ports 'lan4:t'
1 Like
3

Thanks! Look like it's working :slight_smile:

1 Like
4

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.