This is a stupid question, but the following config in br-vlan, should be functionally the same as having no vlans at all, correct?
I'm trying to set up vlans on my network, and after a lot of hours of debugging this is what I'm trying out. Whenever I enable vlan filtering, I stop being able to ping the AP.
If you are using standard openwrt br-lan interface config you probably also have to change the lan interface to br-lan.10 before you save and apply. Otherwise you will lock yourself out.
If you are experimenting with vlans (and only have 2 physical ports) it‘s always handy if you create a dedicated wlan management interface (in a different subnet) so you can always connect to the router via wifi in case you lock yourself out.
I guess I am not the only one having issues with VLAN creating on version 21. Wondering is there is a good HOW TO that someone can share. All the videos online they are just too confusing.
I'm going to try out setting up the management wlan and using that to try out the vlan setup.
you probably also have to change the lan interface to br-lan.10 before you save and apply
A few videos I saw on youtube mentioned that you could do this either way, with a dedicated device or vlan filtering. I don't care either way, as long as it works.
I did read that there's probably a problem with DSA and vlans on my hardware (Xiaomi routers).
I hope it's not that cause I didn't want to run a snapshot version.
Yea you can do it either way but I think when using bridge VLAN filtering you have to reassign your LAN Interface to one of the bridge vlan devices you created. Otherwise, you will lock yourself out. At least I did.
If you only have have 2 physical ports (1 lan + 1 wan) and wifi only for management I think you don’t actually need a bridge (br-lan).
I would suggest changing br-lan to eth0 and then create a separate vlan(s):
Assign Firewall Zone
Optional – activate DHCP
Should look like this:
Multiple bridges won't properly share the hardware switch between bridges, which is necessary if you have a "trunk" Ethernet port operating tagged packets on multiple networks.
The most generic way to set up is to make a bridge containing all the Ethernet ports, then have bridge-vlans within that bridge.
If your use of VLANs is very limited, such as having to tag packets on the WAN port for your ISP modem, it is possible to cheat and just use the notation option device 'wan.100' in the wan network. But this is a special case that doesn't expand to general usage.
Thanks for the input! Will test this out either today or tomorrow. I think that if I can access the router itself via the WLAN I can properly experiment.
Note: I actually have 3 ports: one WAN and two LAN, but I removed one of them from the bridge because I expected it to be on a different vlan.
The use case is actual VLAN support via a trunk to support multiple seggregated WLANs + having one specific port be in the ISP LAN for a TV set-top box. I'm going to experiment with your advice and see if I can make this work.
network file:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'wan'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:t'
list ports 'wan'
config bridge-vlan
option device 'br-lan'
option vlan '100'
list ports 'lan1:t'
list ports 'lan4'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.0.162'
option gateway '192.168.0.1'
option netmask '255.255.255.0'
option delegate '0'
list dns '192.168.0.1'
list dns '8.8.8.8'
list dns '192.168.1.1'
config device
option type 'bridge'
list ports 'br-lan.100'
option name 'TV'
option igmpversion '2'
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.