VLAN Tagging help with Turris Omnia router, zyxel switch, and TP-link AP

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello,

I'm trying to understand VLAN tagging and how it works...

I have :

  • Turris Omnia as main router (Turris OS 5.3.4)
  • Zyxel GS1910-24 as network core
  • TP-Link RE450 v3 as access point (OpenWRT 21.02.1)

The Turris Omnia router is plugged on lan0 to Zyxel GS1910-24 switch on port 20.

I successfully created VLANs in Turris OS

br-lan contains lan0.100
br-iot contains lan0.200
br-guest_turris contains lan0.300

On Zyxel switch side :

The following configuration currently works :

If I plug a laptop to Zyxel port 2-8 : It has LAN IP
If I plug a laptop to Zyxel port 9-16 : It has IOT IP
If I plug a laptop to Zyxel port 19 : It has GUEST_TURRIS IP

All with matching firewall rules...

My issue is with a TP-Link RE450 v3 access point flashed with OpenWRT.

I would like to create Wireless SSIDs with tagged VLANs, while TP-Link eth0 plugged on Zyxel

But currently no matter what I try, it fails...

I don't understand how works VLAN tagging on it.

I tried to play with VLAN menu on br-lan bridge :

I created a guest SSID with dedicated guest network :

But I don't know why wlan1-1 (guest) is still part of br-lan bridge :

and Wireless clients optains DHCP lease from lan0.100 turris router.

If I try to mess with TP-Link eth0 vlan like "eth0.100" in network configuration, it mess everything and I can't plug the TP-link on the Zyxel switch anymore or it make whole Turris network crash.
I must unplug the TP-link and reboot the Turris Omnia...

To be honest I don't know how to configure the Zyxel for this particular need too...

Any help would be greatly appreciated.

Thank you.

2

On the AP, the lan interface should have IP address only. The guest interface will be unmanaged.
Other than that, you need to have the same conditions on both ends of the cable. That is, if on the switch the packets to the AP are tagged, then the TP-link should tag them too.

3

I actually found how to make it work.

Don't know why it failed first, I may have an idea but...

The TP-Link is plugged on Zyxel's port 8. I configured VLAN on Zyxel like this :

And I created bridges on TP-link like this :

There are all part of "lan" firewall zone.

I left br-lan with default eth0

But for IOT and GUEST I changed ports to respectivly eth0.200 and eth0.300

As it is currently working like this. I won't try to change default eth0 from br-lan to eth0.100 as each time I tried it made a big mess.

Thanks !

Edit :

Forgot to mention I of course attached SSIDs to matching network :

4

Which means that with minimum effort one can communicate from guest to iot or lan.
Change the protocol of iot and guest to unmanaged. Also remove them from the lan zone in firewall.

1 Like
5

You are right, did it and it still works.

Thank you

6

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.