WAX206 Vlan configuration

Hi,

I hope someone can assist as I have tried every combination via Luci and config files I can think of to get vlans talking to my Pfsense router using a Netgear WAX206 router.

I essentially aim to have a few separate vlans to have a kids wifi network and an IOT network running on the WAX206 with the Pfsense router acting as a gateway. The router is connected to the WAX206 on the first lan port, lan1 which I imagine should be my tagged trunk port. I have tried the suggestions and even copied config details from this post (WAX206 - manual vlan conf in eth0 not working) but I am still losing access to the device once I try to save any vlan configurations.

The curious thing is I have a Tplink Ax23 running LuCI openwrt-23.05 branch (git-23.306.39416-c86c256) OpenWrt 23.05.2 (r23630-842932a63d) and the config I am aiming for works fine. Each of the vlans talk to the Pfsense gateway/router and wifi clients receive DHCP, DNS and internet access when connecting to wifi networks setup using the associated network, eg Kids20 (192.168.20.X) or IOT10 (192.168.10.X).

The WAX206 is running LuCI openwrt-23.05 branch (git-24.073.29889-cd7e519) OpenWrt 23.05.3 (r23809-234f1a2efa).

My setup on the AX23 looks like:

When I try to use the same kind of config on the WAX206 as above, I only end up needing to reset the device to get access to it again via the default settings.

Any ideas would be greatly appreciated!

Thanks

Let’s see the default network config. Please also tell us your desired per-port vlan membership and tagging status on the trunk.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network

Hi psherman,

The output on the WAX206, which is essentially the default is:

root@OpenWrt-WAX206:~# ubus call system board
{
	"kernel": "5.15.150",
	"hostname": "OpenWrt-WAX206",
	"system": "ARMv8 Processor rev 4",
	"model": "Netgear WAX206",
	"board_name": "netgear,wax206",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.3",
		"revision": "r23809-234f1a2efa",
		"target": "mediatek/mt7622",
		"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
	}
}
root@OpenWrt-WAX206:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd68:76e0:838c::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.6'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.1.1'
	list dns '192.168.1.1'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

On the AX23 which is working how I would like to get the WAX206 working, is:

root@OpenWrt-AX23:~# ubus call system board
{
	"kernel": "5.15.137",
	"hostname": "OpenWrt-AX23",
	"system": "MediaTek MT7621 ver:1 eco:3",
	"model": "TP-Link Archer AX23 v1",
	"board_name": "tplink,archer-ax23-v1",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.2",
		"revision": "r23630-842932a63d",
		"target": "ramips/mt7621",
		"description": "OpenWrt 23.05.2 r23630-842932a63d"
	}
}
root@OpenWrt-AX23:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd03:d160:1bbf::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.1.3'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.1.1'
	list dns '192.168.1.1'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1:u*'
	list ports 'lan2:u*'
	list ports 'lan3:u*'
	list ports 'lan4:u*'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'lan1:t'

config interface 'IOT'
	option proto 'static'
	option device 'br-lan.10'
	option ipaddr '192.168.10.3'
	option netmask '255.255.255.0'
	option gateway '192.168.10.1'
	list dns '192.168.10.1'

config bridge-vlan
	option device 'br-lan'
	option vlan '20'
	list ports 'lan1:t'

config interface 'Kids20'
	option proto 'static'
	option device 'br-lan.20'
	option ipaddr '192.168.20.3'
	option netmask '255.255.255.0'
	option gateway '192.168.20.1'
	list dns '192.168.20.1'

Even though I try to replicate the same config via Luci or even copying the same kind of structure of the config files, I can't seem to get it to work.

My desire is to have lan1 as the main trunk to the gateway which provides DNS, DHCP etc on 192.168.1.1, and then all the local lan ports on the WAX206 to just be on the same lan, 192.168.1.1. I wanted to create the vlans which would only be associated with wifi networks so I can segregate the IOT devices (192.168.10.X), and then muck around with content filtering and safe search on the kids wifi network (192.168.20.X).

Thanks for your help.

(edit to add info requested)

Note how your functional AX23 config uses br-lan.1 (since your LAN VLAN has VID 1) whereas the WAX202 is still on the default br-lan.

Once you start defining VLANs, you need to set your LAN interface to br-lan.1 explicitly, if you set the LAN VLAN to 1 (which is the default). That's probably why you are losing connectivity.

Hi Borromini,

Thanks for your suggestion. It took me ages to figure that out to get the AX23 working with vlans enabled, so I have been careful to ensure the correct device is allocated to the lan interface when setting up the WAX206. I may still be doing something wrong, but I was conscious to try and avoid that mistake. I have tried ensuring the br-lan.1 device is set for lan both via LUCI and via config files, but I still end up with the same loss of connectivity.

Thanks

If lan0 is your trunk, add this stanza:

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1:u*'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

For any ports to be used in the other VLANs as well, make sure to suffix them with a :u* as well. Then your LAN interface pointing to br-lan.1 should work.

1 Like

Thanks, Borromini

I'll give it a try, expecting the whole network config file to look like the below:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd68:76e0:838c::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.1.6'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.1.1'
	list dns '192.168.1.1'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1:u*'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

Well, Borromini, you are a scholar and a gentleperson.

I have no idea what I was doing differently, but adding that section allowed me to keep connectivity. I can now create the additional vlans as I wanted. The config file (for now) looks like the below, and the new wifi network can use the IOT10 interface successfully:

root@OpenWrt-WAX206:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd68:76e0:838c::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	option bridge_empty '1'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.1.6'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.1.1'
	list dns '192.168.1.1'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1:u*'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'lan1:t'

config interface 'IOT10'
	option proto 'static'
	option device 'br-lan.10'
	option ipaddr '192.168.10.6'
	option netmask '255.255.255.0'
	option gateway '192.168.10.1'
	list dns '192.168.10.1'

Many thanks for yours and psherman's assistance!

1 Like

I wrote this a while ago, takes care of the basics. Going through it might help you understand how it works.

1 Like