VLANs on Fritzbox 4040 (ipq40xx) with DSA - Wifi not working

Hi everyone,

I'm having a problem with my Fritzbox 4040 running on OpenWrt 21.02.2 r16495-bf0c965af0. I want to set up three Interfaces with corresponding VLAN.

Inspired by the thread "VLANs on ipq40xx alternative config (for Fritzbox 4040)" I set up two VLAN (eth0.10 and eth0.20) for testing on lan-Interface.
Although this thread describes the "old way" (before 21.02), it partially worked for me. I was able to connect through the desired LAN ports, but no longer through the wifi. It seems that the client tries to connect to the wifi (successfully) but does not get an IP address. When I set a static IP (192.168.100.171) on the client, the error message "no internet" appears. It looks to me like the WiFi interface (or device?) is not connected (or bridged) to the Lan interface as it was before the VLAN was set up. I'm sure I made a mistake when setting up these VLANs but I couldn't find where.

My configuration in /etc/config/ looks like this:

network

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.100.1'
        option device 'eth0.10'
        option type 'bridge'
		
config interface 'GUEST'
        option proto 'static'
        option ipaddr '192.168.200.1'
        option netmask '255.255.255.0'

config interface 'IOT'
        option proto 'static'
        option ipaddr '192.168.150.1'
        option netmask '255.255.255.0'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
		
config switch_vlan
        option device 'switch0'
        option vlan '10'
        option vid '10'
        option ports '0t 1 2 3'

config switch_vlan
        option device 'switch0'
        option vlan '20'
        option vid '20'
        option ports '0t 4'

wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/a000000.wifi'
        option band '2g'
        option cell_density '0'
        option htmode 'HT40'
        option channel 'auto'
        option country 'DE'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'Fuchsbau_optout_nomap'
        option encryption 'sae-mixed'
        option key '*************'
        option network 'lan'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/a800000.wifi'
        option band '5g'
        option htmode 'VHT80'
        option channel 'auto'
        option country 'DE'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'Fuchsbau_optout_nomap'
        option encryption 'sae-mixed'
        option key '*************'

dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'GUEST'
        option interface 'GUEST'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list ra_flags 'none'

config dhcp 'IOT'
        option interface 'IOT'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list ra_flags 'none'

I can provide additional information if needed. I have searched the forums but have not found anything on this particular topic. Any help is welcome, thank you :slight_smile:

When creating a separate VLAN you need a separate address (correct in your case: 192.168.100, .150, .200), separate wifi SSIDs (you only have one with "network lan", none pointing to guest or IOT) and matching dhcp (seems ok).

1 Like

Thanks for your fast reply!

Sorry, I forgot to mention that I only created a WiFi to test the connectivity between WLAN and LAN. The other two WiFi for the GUEST and IOT interfaces I will add later, as soon as I have it running on LAN. So the problems described above are related to the WiFi coupled to the LAN interface. I made two screenshots, one of the lan-interface under "Network --> Interfaces" and one of the wifi-settings under "Network --> Wireless"


This may give a better overview of the problem areas.

Oh, ok, then the issue is that your "lan" interface points to "eth0.10" instead of "br-lan": you're explicitly telling openwrt to only care about the wired segment. So: list_ports for "lan" device should have "eth0.10", but device for "lan" interface should be "br-lan".
EDIT: noticed just now that you mentioned DSA: I'm not sure this is available for the 4040 or relevant.

Ok, I changed the br-lan device bridge ports from eth0 to eth0.10 and saved.
grafik

Then changed the lan-interface to br-lan,
grafik

saved and saved & applied.

then I lost the connection to the router. After 90 seconds I was given the option to undo the change, which I did.

Word of advice: having a serial console is very useful in these cases, you can do such changes and tests without locking yourself out of the router.

Snippets of my config:

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '101'
        option vid '101'
        option ports '0t 1 2'

config interface 'lan'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option stp '1'
        option device 'br-lan'

config device                                                 
        list ports 'eth0.101'                                 
        option type 'bridge'                                  
        option name 'br-lan'                                 
        option igmp_snooping '1'  

102 and 103 in my case are the two other VLANs.

1 Like

Thanks for your config snippets, that helped me troubleshoot. Comparing these, I found out that my LAN interface had an "option type bridge" set, which prevented me from selecting a network bridge (which includes eth0.10) as a device.

After that, I still had to deal with connection problems in the guest network, but these were due to a missing static route.
Finally everything works as planned and I can start the next steps.

Thanks a lot for your help!

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.