I'v been googling and searching for hours but can't seem to find an answer. I have a tp-link wr1043nd router and I would like to subdivide the wireless in a vlan so that it has internet access but it can't see any pc's connected to the ethernet ports. I've seen a lot of configs that allow tagging of different ports but none for the wireless. Any ideas? I had tried dd-wrt but they don't have vlan support for the wr1043 yet.

thanks for any help

Switch configuration and VLAN based on the router WR1043ND swconfig under OpenWrt - by rpc

My polish is  a little rusty but I thought this line from Google translate was really helpful
So if br-lan bridge = eth0 + ath0 sneezes, despite setting a vlan on eth0.1 it still will not move

OpenWrt / How to keep users of guest wlan out of lan ?
OpenWrt / Access Point with a second SSID for Guest Access to Internet only

Nevermind. I went into the interfaces tab of the web ui. I created a new interface. I called it WLan. I made a custom device called ath0.3 and bridged it to the wan's vlan. After a quick reboot I had wifi access to the internet and no access to the machines physically plugged in. I'm sure there's a better method but this works and did exactly what I wanted.

Thanks for the help fyi. Those links would also have done what I wanted.

Without MASQUERADE.

@fyi,

Hi. I was trying to setup the switch on WR1043ND as enterprise switch with port 1 in default vlan, port 2 a member of vlan 10, port 3 & 4 a trunk where default vlan, vlan10 and vlan 20 (not mapped on any port) can pass through. Please note that I would have two manageable switches (with vlan1, vlan10 and vlan20 also) connected at 2 trunk port and they are connected to each other providing the network a redundant and fail safe link.

Trying to understand the configurations at http://translate.google.com/translate?s … od-openwrt and set my own configuration made my unit crashed and bricked. I've reference also this website http://www.hermanvandrie.nl/index.php?o … ;Itemid=15 and this http://blog.philippklaus.de/2011/04/ope … bit-router.

I managed to recover the unit by using the serial port and have OpenWrt backfire 10.03.1 working again.

Now, I don't want the unit crashed and bricked again the second time for it took me so much time recovering, working on soldering and burned serial port but still am working on the setup I want.

Could you please help me and verify or confirm if the following configuration will work as I wanted? Do I have missing configuration like setting STP ?

Thank you in advance.

/etc/config/network

config 'interface' 'loopback'
  option 'ifname' 'lo'
  option 'proto' 'static'
  option 'ipaddr' '127.0.0.1 '
  option 'netmask' '255 .0.0.0 '

config 'interface' 'lan'
  option 'ifname' 'eth0.1'
  option 'type' 'bridge'
  option 'proto' 'static'
  option 'ipaddr' '192.168.1.1 '
  option 'netmask' '255 .255.255.0 '

config 'interface' 'wan'
  option 'ifname' 'eth0.2'
  option 'proto' 'dhcp'

config 'interface' 'vlan10'    #appended
  option 'ifname' 'eth0.10'
  option 'proto' 'static'
  option 'ipaddr' '192.168.3.1'
  option 'netmask' '255.255.255.0'

config 'interface' 'vlan20'    #appended
  option 'ifname' 'eth0.20'
  option 'proto' 'static'
  option 'ipaddr' '192.168.4.1'
  option 'netmask' '255.255.255.0'

config 'switch'
  option 'name' 'rtl8366rb'
  option 'reset' '1'
  option 'enable_vlan' '1'
  option 'enable_vlan4k '1'

config 'switch_port'        #appended
  option 'device' 'rtl8366rb'
  option 'port' '0'
  option 'pvid' '2'

config 'switch_port'        #appended
  option 'device' 'rtl8366rb'
  option 'port' '1'
  option 'pvid' '1'

config 'switch_port'
option 'device' 'rtl8366rb'
option 'port' '2'
option 'pvid' '10'

config 'switch_vlan'
  option 'device' 'rtl8366rb'
  option 'vlan' '1'
  option 'ports' '1 5t'     #moved ports 2, 3 and 4

config 'switch_vlan'
  option 'device' 'rtl8366rb'
  option 'vlan' '2'
  option 'ports' '0 5t'

config 'switch_vlan'         #appended
  option 'device' 'rtl8366rb'
  option 'vlan' '10'
  option 'ports' '2 3t 4t 5t'

config 'switch_vlan'         #appended
  option 'device' 'rtl8366rb'
  option 'vlan' '20'
  option 'ports' '3t 4t 5t'

/etc/config/dhcp

config 'dhcp' 'vlan10'         #appended
  option 'interface' 'vlan10'
  option 'leasetime' '12h'
  option 'start' '6'
  option 'limit' '254'
   
config 'dhcp' 'vlan20'         #appended
  option 'interface 'vlan20'
  option 'leasetime' '12h'
  option 'start' '6'
  option 'limit' '254'
   

/etc/config/firewall

config zone            # appended
  option name        vlan10
  option network    'vlan10'
  option input        ACCEPT
  option output        ACCEPT
  option forward    REJECT

config zone            # appended
  option name        vlan20
  option network    'vlan20'
  option input        ACCEPT
  option output        ACCEPT
  option forward    REJECT

config forwarding
  option src        lan
  option src        vlan10    #appended
  option src        vlan20    #appended
  option src        wan

(Last edited by @ll@n416 on 20 Jan 2013, 18:36)

Hmm, you did not get it back by using failsafe mode? Regularly works well.

Except for the forwarding rule this looks good (can you specify multiple "option src" here, never tried that)?
I specified one for each vlan:

config forwarding
    option src lan
    option dest wan

config forwarding
    option src guestnet
    option dest wan

...

STP: Stability has been a big problem for me, STP is now disabled on the bridges. A redundant setup is not needed for the wlan, so the wlan part (three 1043nd) is connected by one uplink which holds all vlans. The rtl8366rb switch driver seemed to have some bugs in earlier -rc versions (1,5 years ago), and i was not able to specify the vlan ID correcty, so this did never match our vlan config, and i ended up with one untagged port for each vlan, while the 1043nd were connected by tagged ports among them.
That was unstable, networks shortened when a 1043nd was booted ect. Now this is all working great - the 1043nd dont reboot themselves anymore, and when you do it manually, they dont shorten the different vlans, it is now very stable indeed, thank you to the developers who sorted this out...

(Last edited by ninno on 27 Jun 2012, 22:53)

@ ninno,

Thanks for the reply and sorry that only now I read your comment. Actually, I tried to configure again my WR1043ND using the above setup I was asking for advice. Again, my router hang and looks it was bricked but this time I managed to recover it using failsafe mode. My regret, i burned the serial port before learning this way. Hehe..

Anyway, were you suggesting me to do the forwarding rule as you have it? My goodness I overlook my wan forwarding, it should be destination. Ok, I will try it and update you with the result.

Actually was gonna say something about having no dest...

Undoubtedly you know more than me @ll@n416, so figured it was just a mistake.

I did want to ask you something though.  When you are tagging those ports in your vlans and you have them added to multiple vlans, is that what allows different ports to see your separate subnets?

There are other ways of going about seeing the separate ones, but is that what this accomplishes?

Thanks, this is really the only part I'm having trouble understanding about OpenWRT and how vlans work.

are you talking about this?

config 'switch_vlan'         #appended
  option 'device' 'rtl8366rb'
  option 'vlan' '10'
  option 'ports' '2 3t 4t 5t'

config 'switch_vlan'         #appended
  option 'device' 'rtl8366rb'
  option 'vlan' '20'
  option 'ports' '3t 4t 5t'

Yes: In this setup packets on switch ports 3 and 4 are 802.1q tagged, and you can un-tag them on a client, resulting in two virtual Network interfaces which are part of vlan 10 or vlan 20 respectively. The internal Port5 does the same to address the seperate vlans.
Pport 2 will distribute regular untagged packets, so a client can attach to it and will be part of vlan 10 only.
http://en.wikipedia.org/wiki/802.1q