VLANs and external APs: Can't get it to work

Installing and Using OpenWrt Network and Wireless Configuration
1

I'm running OpenWRT 19.07.03 on an Archer C2600 and I have the following setup:

  1. Router with OpenWRT generating two wireless SSIDs (one lan and one guest)
  2. An unmanaged switch plugged into LAN 2 on the router that powers and serves an outdoor AP

What I'd like to do is essentially have the outdoor AP "extend" the two SSIDs from the main router so that outdoors has a similar set up as indoors (lan and guest SSIDs)

I've tried a few different ways, playing around with the switch settings in OpenWRT to tag the port on the router, bridging the existing guest interface with the port that the AP is plugged into, etc. but it doesn't seem to work.

How would I go about doing this?

2

On the router, you need two VLANs:

  • One for the LAN network, tagged on the CPU and LAN2 ports, and untagged on the other LAN ports.
  • One for the GUEST network, tagged on the CPU and LAN2 ports, and off on the other LAN port.

Each SSID on the router should be bridges to the corresponding.interface.

Now, you need to do the same on the AP: create two SSIDs, and bridge each one to a VLAN.

1 Like
3

I have these VLANs as the default one, which CPU do I tag? eth1?

I have a guest interface for the wireless SSID that is managed by OpenWRT. I'd like for the outdoor AP to use the same DHCP pool

image
image1186×321 23.5 KB

4

Yes

Make sure they are connected properly. That means same vlans and SSIDs per vlan.

1 Like
5

Sending VLAN tags through an unmanaged switch is not guaranteed to work.

I suggest one of the following:

  • find out by experiment whether the switch is able to pass through 802.1Q tagged frames
  • replace it with a managed PoE switch which supports 802.1Q VLAN tagging
  • connect the outdoor AP to the router through a passive PoE injector (if the AP allows this)
2 Likes
6

Hmm, now I'm seeing the error

DHCP packet received on wlan1 which has no address

The steps I've taken are detailed in the screenshots:
Switch:

image
image1207×392 27.9 KB

Do I create a new interface for the VLAN or do I simply turn the existing guest interface (currently linked to the guest SSID only) into a bridge and combine eth1.3 and the SSID?

On the AP, it looks like the following:

image
image800×73 4.82 KB

7

This one.

Note that mixing untagged and tagged VLANs on a port (LAN2) is not guaranteed to work.
I suggest to set VLAN1 tagged for both the router's LAN2 port and the AP.

3 Likes
8

Even after setting those elements, I was still unable to connect to the guest VLAN. I found out that it was due to a firewall issue so I configured the firewall for the Guest network to look like the following and it started working:

image
image703×58 4.86 KB

9

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.