VLANs issues on OpenWRT v24.x.x

I tried to configure main router and WiFi access points using VLANs as I have 3 different networks.
This appeared to work fine with OpenWRT v23.05.5 with main router GL-MT6000 and AP TP-Link AX23. Once I tried to connect Cudy WR3000S with v24.10.1 (minimum available for the model) as 2nd AP, I met problems:

  1. Applying changes starts to hang device once I added ports to VLAN bridge (more specific - all ports were Ok, exept eth0). After Save&Apply click it was necessary to disconnect power and reload device.
  2. Wiless networks can't be saved if assotiated with VLAN indexed networks (like vlan.10).

All mentined above work good on v23.
I tried to upgrade TP-Link AX23 to v24 (clean system set up) - VLAN didn't to work there as well.

1 Like

Same things happened to me...
LuCI wireless editor Save button only works if one chooses a bridge based interface as the attached network. If interface is based on a VLAN dot device, the Save button doesn't work.

So, it seems to be common problem of v24 as I tested it on 2 different devices and one of them clearly works well with the same setup on v23

not sure i got the problem, is this what should not work?

this is on 24.10.1

No, it is not a problem to configure VLANs themselves on v24 and to assign interfaces.
For example, I created interfaces lab, nic, sun and linked them to VLAN.10, 20 and 30
This works on v23 and v24

But WiFi networks can't be saved if I select interface linked to VLAN (sun linked to vlan.30):

Save button just doesn't work at all.

Save button doesnt work for me in a slightly different scenario

https://forum.openwrt.org/t/cant-specify-network-for-new-ssid/232865/26

This is often an issue of sequencing. My preferred method is to edit the config files directly so everything gets applied at the same time. But it is possible to do with LuCI if you're careful.

There was one other similar report of this (linked by @pluffmud), but I don't think this is a universal issue, so not exactly sure what to make of it.

But let's start by reviewing the complete config on both devices.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

ok thanks, much clearer now
i've always linked wifi to interfaces, so not my use case

Hi, this is configuration of my Cudy WR300S access point.
As I mentioned, I was able to configure WiFi only for non-VLAN interfaces.
For VLAN interfaces "Save" button doesn't work.

root@OpenWrt:~# ubus call system board
 /etc/config/fir{
        "kernel": "6.6.86",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "Cudy WR3000S v1",
        "board_name": "cudy,wr3000s-v1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.1",
                "revision": "r28597-0425664679",
                "target": "mediatek/filogic",
                "description": "OpenWrt 24.10.1 r28597-0425664679",
                "builddate": "1744562312"
        }
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd27:831f:8cc2::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.115.50'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.115.1'
        list dns '192.168.115.1'

config interface 'wan'
        option device 'wan'
        option proto 'static'
        option ipaddr '192.168.1.2'
        option netmask '255.255.255.0'
        option gateway '192.168.1.1'

config interface 'lab'
        option proto 'static'
        option ipaddr '192.168.115.70'
        option netmask '255.255.255.0'
        option gateway '192.168.115.1'
        list dns '192.168.115.1'
        option device 'VLANS.10'

config interface 'guest'
        option proto 'static'
        option ipaddr '192.168.120.70'
        option netmask '255.255.255.0'
        option gateway '192.168.120.1'
        list dns '192.168.120.1'
        option device 'VLANS.20'

config interface 'sun'
        option proto 'static'
        option ipaddr '192.168.125.70'
        option netmask '255.255.255.0'
        option gateway '192.168.125.1'
        list dns '192.168.125.1'
        option device 'VLANS.30'

config device
        option type 'bridge'
        option name 'VLANS'
        list ports 'eth0'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        option bridge_empty '1'

config bridge-vlan
        option device 'VLANS'
        option vlan '10'
        list ports 'eth0:t'
        list ports 'lan2'
        list ports 'lan4:t'

config bridge-vlan
        option device 'VLANS'
        option vlan '20'
        list ports 'eth0:t'
        list ports 'lan3'
        list ports 'lan4:t'

config bridge-vlan
        option device 'VLANS'
        option vlan '30'
        list ports 'eth0:t'
        list ports 'lan4:t'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi'
        option band '2g'
        option channel '11'
        option htmode 'HE20'
        option cell_density '0'
        option country 'NL'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'XEN-2FAC-F24B'
        option encryption 'psk2'
        option key 'XXXXXXXX'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi+1'
        option band '5g'
        option channel '132'
        option htmode 'HE80'
        option cell_density '0'
        option country 'NL'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'XEN-2FAC-F50B'
        option encryption 'psk2'
        option key 'XXXXXXXX'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'
        option start '100'
        option limit '150'
        option leasetime '12h'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'lab'
        option interface 'lab'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ignore '1'

config dhcp 'guest'
        option interface 'guest'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ignore '1'

config dhcp 'sun'
        option interface 'sun'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ignore '1'

You need a bridge device in the interface in order for the wireless to work.

It's the way Linux wireless networking works, it's not really a Openwrt bug/thing, it's the way it's designed to work.

So you need to make a bridge on top of the bottom bridge to mimic how things used to work. So as an example...

  • make a bridge device called "sunbr"
  • then add 'VLANS.30' as a bridge port for sunbr
  • then for the 'sun' interface set the device to 'sunbr'

Off topic:
I'm not sure if there is a way to configure things where only one bridge is still getting used. There's a sneaky way i've found.
Big Bridge with wireless interfaces added to the filtering:


Unmanaged Interface set with the big bridge as the device:

Wireless set to use the unmanaged interface

  • find out the name of the wireless ap device
  • manually add it to the one big bridge
  • untag it into any network you like in the filtering
  • for any other interfaces like 'lan' make sure to use the big bridge.x device
  • make an unmanaged interface with the big bridge as the device
  • for any wireless network set the interface to the unmanaged interface you've created

I've tested the 1st (main) solution:

  1. created "vlans" - as a bridge device where lan1 - lan4 ports are added and mapped to vlan 10,20,30
  2. then separate bridge devises "br-lan", "br-lab", "br-guest" that use vlan.10, vlan.20, vlan.30 as ports
  3. creted interfaces that are linked to "br-lan", "br-lab", "br-guest"
  4. created WiFi that are linked to interfaces (2,4 and 5Ghz for each)

This solution works fine - vlans functionality itself and 6 WiFi networks.
So, thank you very much for detailed advice!

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile: