Hello, here my actual configuration :
I have buy manageable switches. I want :
LAN 1 (DMZ) connected to a server (I want VLAN 25 (to manage switch) and vlan 100 (to manage server with my computer)
LAN 3 (HOME) connected to a switch (I want VLAN 25, 100, and 1 (for all pc, tv etc)
WLAN0 (IOT) a wifi for my domotics VLAN 66
WLAN0-1 (GUEST) a wifi for guest VLAN 5
What I need to do ? I know to configure my switch but it's not clear with OpenWrt.
Can someone help me to understand ?
Hi
first of all, nobody known which kind of device is this ?
which OWRT version ?
copy & paste output of these commands from SSH
cat /etc/board.json
cat /etc/config/network
Sure, :
root@OPENWRT:~# cat /etc/board.json
{
"model": {
"id": "linksys,e8450-ubi",
"name": "Linksys E8450 (UBI)"
},
"led": {
"wan": {
"name": "WAN",
"sysfs": "inet:blue",
"type": "netdev",
"device": "wan",
"mode": "link tx rx"
}
},
"network": {
"lan": {
"ports": [
"lan1",
"lan2",
"lan3",
"lan4"
],
"protocol": "static"
},
"wan": {
"device": "wan",
"protocol": "dhcp"
}
}
}
and :
root@OPENWRT:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd7d:9daf:db85::/48'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option peerdns '0'
list dns '208.67.222.222'
list dns '208.67.220.220'
config interface 'HOME'
option proto 'static'
option ipaddr '10.0.1.254'
option netmask '255.255.255.0'
option device 'HOME'
config interface 'DMZ'
option proto 'static'
option ipaddr '10.0.0.254'
option netmask '255.255.255.0'
option device 'lan1'
config device
option name 'lan1'
option ipv6 '0'
config device
option name 'wan'
option ipv6 '0'
config device
option name 'lan3'
option ipv6 '0'
config interface 'Guest'
option proto 'static'
option device 'wlan0-1'
option ipaddr '10.0.5.254'
option netmask '255.255.255.240'
config device
option name 'wlan1'
option ipv6 '0'
config device
option name 'wlan0'
option ipv6 '0'
config device
option name 'wlan0-1'
option ipv6 '0'
config interface 'IoT'
option proto 'static'
option device 'wlan0'
option ipaddr '10.0.2.254'
option netmask '255.255.255.0'
config device
option name 'wlan0-2'
option ipv6 '0'
config device
option type 'bridge'
option name 'HOME'
list ports 'lan3'
option ipv6 '0'
Ok
it is DSA device
you could try this config as basic / starting point
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config device
option type 'bridge'
option name 'switch'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config bridge-vlan
option device 'switch'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan3:u*'
config bridge-vlan
option device 'switch'
option vlan '5'
list ports 'lan3:t'
config bridge-vlan
option device 'switch'
option vlan '25'
list ports 'lan1:t'
list ports 'lan3:t'
config bridge-vlan
option device 'switch'
option vlan '66'
list ports 'lan3:t'
config bridge-vlan
option device 'switch'
option vlan '100'
list ports 'lan1:t'
list ports 'lan3:t'
config interface 'vlan1'
option proto 'static'
option device 'switch.1'
option ipaddr '10.0.1.254'
option netmask '255.255.255.0'
config interface 'vlan5'
option proto 'static'
option device 'switch.5'
option ipaddr '10.0.5.254'
option netmask '255.255.255.0'
config interface 'vlan25'
option proto 'static'
option device 'switch.25'
option ipaddr '10.0.25.254'
option netmask '255.255.255.0'
config interface 'vlan66'
option proto 'static'
option device 'switch.66'
option ipaddr '10.0.66.254'
option netmask '255.255.255.0'
config interface 'vlan100'
option proto 'static'
option device 'switch.100'
option ipaddr '10.0.100.254'
option netmask '255.255.255.0'
config interface 'wan'
option proto 'dhcp'
modify IP addresses to your need
untagged (native/access) vlan1 is on both lan1 & lan3
when you get running you OWRT, then you need to adjust wireless & firewall
wireless interfaces are NOT configured in /etc/config/network !!!
you need to bond them from LuCI to some VLANxx interface as you wish
firewall also need to be reworked
only WAN section will be good, others are need to be adjusted, again, according to VLANxx interfaces
yes, port 1 looks good
but still, it will be good thing to detach vlan1 from untagged ports which you will use as access ports (port2, port3, etc)
and, no , port2 is wrong
vlan25 and vlan100 are both access on same port
so make it port2 -> access 25
port3 -> access 100
wifi's are configured in this way
/etc/config/wireless
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option network 'vlan200'
option ssid '2gvlan200'
key is option network 'vlan200'
there you will bond wifi interface with network interface
Port2 is my computer, I need to manage switch (25) and server (100).
I can't detach ports with vlan 1 : "port 6 don't have VLAN specified" maybe I can make a VLAN "bin" like 999
Ok
it is cheap plastic switch, and you could not remove vlan1 
yes, it is "standard" solution to make vlan4094 and put unused access ports in this fake vlan
this way, vlan1 is protected
according to port2
how you want to use 25 & 100 if both are untagged (access) ?
no way
then you need to make it trunk, and make trunk on your Linux
or
you need to solve this on L3 layer, routing
lets's say, your PC is in VLAN100, and you allow in firewall routing from vlan100 to vlan25 (mgmnt)
but i doubt that this switch could handle vlan25 for managing interface
i have feeling that this cheap device will only allow vlan1 for MGMNT IF
I think too, now I will check your message about OpenWrt
so you wil leave vlan1 on port1 (switch) with other vlans, that will be your MGMN vlan1 / trunk (upstream) port
Ok, first problem :
My switch :
I manage VLAN rules with firewall
My bridge, tag it's for only lan3 I think because it's only this port with switch, lan1 is directly connected to the server
My home :
My DMZ :
I have keep the interfaces and I have changed only device (lan1 -> switch.100) and lan3 -> switch.1
Like that, my firewall don't change no ? But I have my PC on port 2 of switch and I can't have accès to DMZ (vlan 100)
no, please, no screenshots
cat /etc/config/network
i told you already !!!
you COULD NOT have two vlan untagged
look at your picture
vlan1 untagged
vlan25 untagged
please, if you want help, follow instructions & read carefully
I don't have acces to SSH, I juste have access to the webpage now.
" you COULD NOT have two vlan untagged" where ? On openwrt or switch ?
I have follow : "you need to solve this on L3 layer, routing
lets's say, your PC is in VLAN100, and you allow in firewall routing from vlan100 to vlan25 (mgmnt)" I have rules on firewall
If you have WWW then almost you should have SSH
on OWRT -> LAN1
you have two U (untagged)
on OWRT -> LAN3
you tagged T vlan1
it wont work . tagged vlan1 -> switch
first solve this errors, then
set your switch MGMN to vlan1 address space
connect switch to LAN3
set your PC to static address from vlan1 space
connect to LAN1 port
then you should have access to OWRT and SWITCH
because your management vlan will be vlan1 at the end
after that, you could start configuring rest of things
It's very difficult for me to understand untag or tag with OpenWrt.
Switch it's OK but Openwrt I don't have results.
Can you say me exactly what I need to change here :
@NPeca75 I have add rules for ssh :
root@OPENWRT:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd7d:9daf:db85::/48'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option peerdns '0'
list dns '208.67.222.222'
list dns '208.67.220.220'
config interface 'HOME'
option proto 'static'
option ipaddr '10.0.1.254'
option netmask '255.255.255.0'
option device 'SWITCH.1'
config interface 'DMZ'
option proto 'static'
option ipaddr '10.0.0.254'
option netmask '255.255.255.0'
option device 'SWITCH.100'
config device
option name 'wan'
option ipv6 '0'
config interface 'Guest'
option proto 'static'
option ipaddr '10.0.5.254'
option netmask '255.255.255.240'
option device 'SWITCH.5'
config device
option name 'wlan1'
option ipv6 '0'
config device
option name 'wlan0'
option ipv6 '0'
config device
option name 'wlan0-1'
option ipv6 '0'
config interface 'IoT'
option proto 'static'
option ipaddr '10.0.2.254'
option netmask '255.255.255.0'
option device 'SWITCH.66'
config device
option name 'wlan0-2'
option ipv6 '0'
config device
option type 'bridge'
option name 'SWITCH'
list ports 'lan1'
list ports 'lan3'
config bridge-vlan
option device 'SWITCH'
option vlan '1'
list ports 'lan1:t*'
list ports 'lan3:t*'
config bridge-vlan
option device 'SWITCH'
option vlan '5'
list ports 'lan1:t'
list ports 'lan3:t'
config bridge-vlan
option device 'SWITCH'
option vlan '25'
list ports 'lan1:t'
list ports 'lan3:t'
config bridge-vlan
option device 'SWITCH'
option vlan '66'
list ports 'lan1:t'
list ports 'lan3:t'
config bridge-vlan
option device 'SWITCH'
option vlan '100'
list ports 'lan1:t'
list ports 'lan3:t'
config device
option name 'SWITCH.1'
option type '8021q'
option ifname 'SWITCH'
option vid '1'
option ipv6 '0'
config device
option name 'SWITCH.100'
option type '8021q'
option ifname 'SWITCH'
option vid '100'
option ipv6 '0'
and wireless :
root@OPENWRT:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/18000000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option cell_density '0'
option country 'FR'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'Awxdn'
option encryption 'psk2'
option key '**'
option network 'IoT'
config wifi-device 'radio1'
option type 'mac80211'
option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option channel '36'
option band '5g'
option htmode 'HE80'
option cell_density '0'
option country 'FR'
config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option ssid 'Guest'
option encryption 'psk2'
option network 'Guest'
option key '*'
config wifi-iface 'wifinet4'
option device 'radio0'
option mode 'ap'
option ssid 'HOME'
option encryption 'psk2'
option key ''
option network 'HOME'
config wifi-iface 'wifinet5'
option device 'radio1'
option mode 'ap'
option ssid 'HOME_5GHz'
option encryption 'psk2'
option key ''
option network 'HOME'
i don't know anymore, how to explain
wireles interfaces are configured in /etc/config/wireless
NOT in /etc/config/network
please remove ALL wlan interface from network
this is WRONG
as i said, you need (U)* Untaged vlan1 on LAN1 and on LAN3
it was NOT in my initial config
you messed/mixed up bridge vlan filtering and software vlan
please, read all my posts again
start with config i send you
and few post below is how to configure WIFI
again, WIFI is NOT configured with other interfaces