OpenWrt Forum Archive

Topic: VLAN Tagging Help

The content of this topic has been archived on 22 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hey,

I'm relatively inexperienced and I'm trying to setup a UniFi AP with a couple of networks.

To do what I want, I need a couple of vlans as well as the untagged packets to be going to the default vlan so that the AP will be provisioned.

I'm using a WRT1043ND with OpenWRT 14.07

This is my current network config

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd26:0862:11d3::/48'

config interface 'lan'
    option ifname 'eth1.1 eth1.3'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

config interface 'wan'
    option ifname 'eth0'
    option proto 'dhcp'

config interface 'wan6'
    option ifname '@wan'
    option proto 'dhcpv6'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option vid '1'
    option ports '0t 1 3 4'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '5 6'
    option vid '2'

config switch_vlan
    option device 'switch0'
    option vlan '3'
    option vid '3'
    option ports '0t 2t'

config switch_vlan
    option device 'switch0'
    option vlan '4'
    option vid '4'
    option ports '0t 2t'

config interface 'lan2'
    option proto 'static'
    option ifname 'eth1.4'
    option ipaddr '192.168.200.1'
    option netmask '255.255.255.0'

Where I plug the AP into port 2. Currently the untagged port 2 isn't assigned anywhere but I'm having trouble getting it to work when I change VLAN1 to be:

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option vid '1'
    option ports '0t 1 2 3 4'

Is what I'm wanting possible?

You can assign each SSID to one VLAN. For example, you plug your AP to LAN port 2(number on the back of your router), you need tagged packets for port 3(in openwrt) in the config file.

You can double check the port numbering by watching the GUI switch page change status as you plug and unplug cables.  Trying to do tagged and untagged traffic on the same cable often does not work.  The link between the two routers should be all tagged.

Thanks.

I don't have a problem identifying what physical port is what internal port.

I just need to set for say port 2, that there is tagged vlan3 coming in and send untagged to vlan1. Is this not possible with OpenWRT? Do I need to sit a managed switch in front of it?

The CPU should be in every VLAN to my knowledge, if you own a TL-WR1043ND v1 that is port 5. It should also be tagged. I'm surprised you haven't bricked your deivce yet.

One of the networks I set up has three VLANs and a TL-WR1043ND, this is how the TL-WR1043ND is configured:

config switch_vlan
    option vlan '1'
    option ports '0 1t 2 3 5t'
    option device 'switch0'

config switch_vlan
    option vlan '2'
    option ports '1t 4 5t'
    option device 'switch0'

config switch_vlan
    option device 'switch0'
    option vlan '3'
    option ports '1t 5t'

(Last edited by Borromini on 26 Apr 2015, 23:53)

Borromini wrote:

The CPU should be in every VLAN to my knowledge, if you own a TL-WR1043ND v1 that is port 5. It should also be tagged. I'm surprised you haven't bricked your deivce yet.

One of the networks I set up has three VLANs and a TL-WR1043ND, this is how the TL-WR1043ND is configured:

config switch_vlan
    option vlan '1'
    option ports '0 1t 2 3 5t'
    option device 'switch0'

config switch_vlan
    option vlan '2'
    option ports '1t 4 5t'
    option device 'switch0'

config switch_vlan
    option device 'switch0'
    option vlan '3'
    option ports '1t 5t'

I have a V2, CPU is port 0 and 6 wink. Also I don't understand how you would brick anything doing this, you can just go into failsafe and either reset or fix your config.

It is about assigning different SSIDs to different VLANs.
This can be done as long as your software and hardware supports it. If you have a dedicated device for AP, you need to mak sure it and your openwrt router supports vlan tagging.

The discussion might have continued from here.