OpenWrt Forum Archive

Topic: WDR-4300 Multi-SSID VLAN

The content of this topic has been archived on 14 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
MaxXXX
6 Mar 2013, 14:44

Hello, I'm an italian IT manager.
That's a sample schema of my company network:

Network

As you cas see, I have a unique server that provide Internet, and some services like DHCP, Firewall, DNS etc...
It's connected to the main switch by a Trunk port (that allow the transfer of multiple VLAN packets), because for each VLAN tag of a package, the server dhcp assign route them to a different vlan:

Case VLAN TAG = 0 (not tagged) --> than route to 10.0.0.0 net
Case VLAN TAG = 50 --> than route to 192.168.50.0 net
Case VLAN TAG = 51 --> than route to 192.168.51.0 net
Case VLAN TAG = 52 --> than route to 192.168.52.0 net

The P1 port of the main switch is always set as tagged port (id=50), so, my has get a 192.168.50.XXX address.

Actually I have some access point, one of them (a D-Link DAP-1353),  provide 3 WLAN SSID (wlan1, wlan2 and guest).
Each wlan are automatic vlan tagged by the D-Link, so if someone try to connect on wlan1 get a 192.168.50.XXX address, if try to connect on wlan2 get a 192.168.51.XXX address and if try to connect on guest get a 192.168.52.XXX address.

I need to configure a TP-Link WDR-4300 as my D-Link.
The TP-Link have a OpenWrt Attitude Adjustment 12.09-rc1
Kernel 3.3.8

How can I tag a wlan in OpenWRT?
It's 3 days that i try to find the solution sad

Really thanks!

Post #2
maurer
7 Mar 2013, 11:18

you can try the following as your  /etc/config/network after you properly replace x,y,z,w,g with corresponding ip's out of your dhcp range and tplink wan interface plugged into a trunk switchport

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option ifname 'eth0.1 '
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '10.0.0.x'
        option gateway 10.0.0.203
        option dns 8.8.8.8

config interface 'lan'
        option ifname 'eth0.50 '
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.50.y'
        option gateway 192.168.50.g
        option dns 8.8.8.8

config interface 'lan'
        option ifname 'eth0.51 '
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.51.z'
        option gateway 192.168.51.g
        option dns 8.8.8.8

config interface 'lan'
        option ifname 'eth0.52 '
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.52.w'
        option gateway 192.168.52.g
        option dns 8.8.8.8

config switch
        option name 'eth0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'eth0'
        option vlan '1'
        option ports '0t 1 2 3 4 5'

config switch_vlan
        option device 'eth0'
        option vlan '50'
        option ports '0t 2t'

config switch_vlan
        option device 'eth0'
        option vlan '51'
        option ports '0t 2t'

config switch_vlan
        option device 'eth0'
        option vlan '52'
        option ports '0t 2t'

then issue 

/etc/init.d/network restart

Make sure you know how to recover your router in case anything goes wrong and you can't access it !!!

refferance:
http://wiki.openwrt.org/doc/networking/ … on.one.nic

(Last edited by maurer on 7 Mar 2013, 11:22)

Post #4
MaxXXX
8 Mar 2013, 09:50

Ok, inspired by your solutions (that, sorry but don't worked for me) I found the solution for using MultiSSID VLAN Tagged with TP-Link WDR4300:

Once installed OpenWRT (OpenWrt Attitude Adjustment 12.09-rc1 / LuCI 0.11 Branch (0.11+svn9425)), firstly I created my WiFi Howtspot (by going on "Network" --> "WiFi" --> "Add") in LuCI web interface (default address 192.168.1.1).
1

Then i connected with telenet to the router ( telnet 192.168.1.1 ).
I upgrade opkg list

opkg update

And I installed the nano application (a shell text editor)

opkg install nano

Now, if you do "nano /etc/config/network" you should see something like this:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option ifname 'eth0.1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'

config switch
        option name 'eth0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'eth0'
        option vlan '1'
        option ports '0t 2 3 4 5'

config switch_vlan
        option device 'eth0'
        option vlan '2'
        option ports '0t 1'

("ctrl + x" for exit nano editor)

Doing the same for wireless ( nano /etc/config/wireless ), you should see:

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option macaddr '64:70:02:e2:91:87'
        option hwmode '11ng'
        option htmode 'HT20'
        list ht_capab 'LDPC'
        list ht_capab 'SHORT-GI-20'
        list ht_capab 'SHORT-GI-40'
        list ht_capab 'TX-STBC'
        list ht_capab 'RX-STBC1'
        list ht_capab 'DSSS_CCK-40'
        option disabled '1'
        option txpower '27'
        option country 'US'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option encryption 'none'
        option network 'lan'
        option ssid 'OpenWrt'

config wifi-device 'radio1'
        option type 'mac80211'
        option channel '36'
        option macaddr '64:70:02:e2:91:88'
        option hwmode '11na'
        option htmode 'HT20'
        list ht_capab 'LDPC'
        list ht_capab 'SHORT-GI-20'
        list ht_capab 'SHORT-GI-40'
        list ht_capab 'TX-STBC'
        list ht_capab 'RX-STBC1'
        list ht_capab 'DSSS_CCK-40'
        option disabled '1'

config wifi-iface
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option encryption 'none'
        option ssid 'OpenWrt2'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option encryption 'none'
        option ssid 'OpenWrt3'

Now, let's create the VLAN and setting up the router configuration:
In MY case, I use a Debian server with isc-dhcp service, that provide dhcp in based on vLAN tag of each packet that receive.
So, firstly we have to set the correct network information!

## /etc/config/network

## That's the loopback interface...don't touch it!
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

## That's the lan virtual interface. you can modify the ipaddr, but pay attention...
## If you set it wrong, or if you forget it, you'll not able to enter on the router system!
config interface 'lan'
        option ifname 'eth0.1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

## That's the external interface, that you have to connect with your switch or directly with your server!
## !IMPORTANT! If you have a managed switch that is between your DHCP server and your router,
## you have to set twice the managed switch port as Trunk (or better, Hybrid) port!...
## If you don't do this, normally managed switch change all VLAN tag of any packet setting the default vLANID (0). 
config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'


config switch
        option name 'eth0'
        option reset '1'
        option enable_vlan '1' #Here we enable  vLAN on the switch router interface

config switch_vlan
        option device 'eth0'
        option vlan '1'
        option vid '1'             # Here we set the TAG '1'
        option ports '0t 1t 2 3 4 5'  # Here we set witch port we tag
                                                  # We tag the 2nd 3rd 4th and 5th port...
                                                  # We set as trunk the 0 and 1st port


#Now we create the vLAN virtual interface

config interface 'vLAN50'
        option type 'bridge'
        option proto 'dhcp'
        option ifname 'eth0.2 eth0.50'   # Here we set witch interface we have to bridge.
                                                         # In this case we bridge the packet between eth eth0.2 interface (the WAN int.)
                                                         # and the virtual interface eth0.50 (a virtual interface where .50 is the vLAN ID)! 

config interface 'vLAN51'
        option type 'bridge'
        option proto 'dhcp'
        option ifname 'eth0.2 eth0.51'

config interface 'vLAN52'
        option type 'bridge'
        option proto 'dhcp'
        option ifname 'eth0.2 eth0.52'

## Now we assign the bridge for any WiFi SSID created before:

## /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option macaddr 'XX:XX:XX:XX:XX:XX'    # removed for privacy
        option hwmode '11ng'
        option htmode 'HT20'
        list ht_capab 'LDPC'
        list ht_capab 'SHORT-GI-20'
        list ht_capab 'SHORT-GI-40'
        list ht_capab 'TX-STBC'
        list ht_capab 'RX-STBC1'
        list ht_capab 'DSSS_CCK-40'
        option txpower '27'
        option country 'US'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'
        option network 'vLAN50'  # Assign to bridge vLAN50

config wifi-device 'radio1'
        option type 'mac80211'
        option channel '36'
        option macaddr 'XX:XX:XX:XX:XX:XX'    # removed for privacy
        option hwmode '11na'
        option htmode 'HT20'
        list ht_capab 'LDPC'
        list ht_capab 'SHORT-GI-20'
        list ht_capab 'SHORT-GI-40'
        list ht_capab 'TX-STBC'
        list ht_capab 'RX-STBC1'
        list ht_capab 'DSSS_CCK-40'
        option disabled '1'

config wifi-iface
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option encryption 'none'
        option ssid 'OpenWrt2'
        option network 'vLAN51'  # Assign to bridge vLAN51

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option encryption 'none'
        option ssid 'OpenWrt3'
        option network 'vLAN52' # Assign to bridge vLAN52

Ok, now we are going to test the configuration!
Remember, in this configuration you can NOT enter the wifi config by the network or wifi!
You must connect your PC in one of the four LAN interfaces of the route! 

reboot

(if don't reboot at the first time, do it another one!)

Ok, now reconnect your PC to Router (use a LAN port, now the WAN one!).
And go to LuCI web interface (192.168.1.1).

Go to "Network" --> "Switch" and set up as photo the vLAN:
2

Then, go to "Network" --> "Firewall" --> "General Settings" --> "Add"
and create a new Firewall Zone:
3

Apply configuration, and then all should works fine! big_smile
For any question or suggestions please post! XD


Thanks a lot!

Post #5
banglang.huang
12 Sep 2013, 07:12

HI,
   There is a only-one-port AP at my home, and I also want to use multi-SSID VLAN, of course no 'Network->Switch' page on LuCI web. Telnet to the device and you can see loopback, br-lan, eth0, wlan0 interfaces.

   I want to configure different VLANs with different SSID, such SSID-0 in VLAN0, SSID-1 in VLAN1....

   How can I make it ? Please help me. Thanks.

(Last edited by banglang.huang on 12 Sep 2013, 08:41)

Post #6
vilpalu
26 Mar 2015, 12:40

some update on CC in network config you need create switch_vlan for every vlan

config switch_vlan
        option device 'switch0'
        option vlan '6' # vlan id
        option ports '0t 1t ' # t means tag (0 port is cpu and 1 port is wan) other ports are disabled for this vlan

next create bridge:

config interface 'vlan6' #your name for bridge
        option type 'bridge'
        option ifname 'eth0.6' #cpu port tag number

in wireless config create interface

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'
        option network 'vlan6'  # Assign to vlan's bridge

The discussion might have continued from here.