![Infoitech - [B]logging](https://blog.infoitech.co.uk/content/images/2021/04/youtube-small-cover-1.png)
OpenWRT 21.02 - Wifi Manual VLAN Filtering (Bug)
I recently moved to a new flat and I am redeploying my home network. Before reconnecting all devices, I have noticed that there was a new OpenWRT version and my devices supported it.
The biggest change I have noticed so far is the new switch configuration that has been migrated to DSA.
The management network configuration was quite simple to migrate after reading the OpenWRT wiki. However, the wifi has been a bit more trickier. It seems that I have found a bug in LuCI.
This article is being written as an attempt to reproduce the bug.
I have asked on OpenWRT forum for confirmation if this behaviour was a bug and surprisingly no it is NOT. As pointed out by the user @mk24 an unmanaged interface should be created before the wifi. Check Step 04 for reference and/or read @mk24's response here
1) Creating a new Wifi Network
I have created a network as seen in the pictures below:
The wifi network has no Network selected because it will be part of a L2 domain only and my pfSense will do the firewalling/routing.
2) VLAN Configuration
The new wifi network has been added as wlan1 and I will disable IPv6.
I has not been listed as an available device in the bridge interfaces list. However, it is not a problem because we can tick custom and insert the Wifi interface name and save & apply the changes.
I am not sure why, but it seems that although the webUI sees the interface as part of the bridge and the webUI shows the device in the VLAN Filtering tab.
The command line shows a diffent scenario.
I will use the webUI to set the VLAN as intended.
And, the command line shows the opposite seen on the webUI. Even after a reboot.
wlan0 is not listed anymore because the iproute2 commands are not persistent.
3) VLAN Manual Configuration
It is possible to manually configure the VLAN as shown below.
brctl addif br-lan wlan0
brctl addif br-lan wlan1root@r1:~# brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.xxxxxxxxxxxx no lan1
lan2
lan3
lan4
wlan0
wlan1bridge v sport vlan-id
lan4 4
lan1 20
br-lan 4
wlan1 1 PVID Egress Untagged
wlan0 1 PVID Egress Untaggedbridge vlan del dev wlan0 vid 1
bridge vlan del dev wlan1 vid 1bridge vlan add dev wlan0 vid 20 pvid 20 untagged master
bridge vlan add dev wlan1 vid 20 pvid 20 untagged masterbridge v s
port vlan-id
lan4 4
lan1 20
br-lan 4
wlan1 20 PVID Egress Untagged
wlan0 20 PVID Egress Untagged
The Wifi now works as expected. My network configuration has some complexity. However, DSA came to openWRT and made easier the virtual networking configuration.
It worth mention that the commands above have to be added to System -> Startup -> Local Startup otherwise it will be wiped after a reboot since iproute2 commands are not persistent.
4) Layer 2 WIFI Network with VLAN Filtering
We need to first create an unmanaged interface.
Adjust the VLAN Filtering on the main bridge.
In my case, lan1 is a trunk port that is connected to my switch.
And finally, let's create the wifi network. We need to make sure that we are selecting the newly created network.
The configuration above bridges our wifi network in a Layer 2 broadcast domain allowing our pfSense to control the Layer 3.
Resources
https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial
Rich Brown
h0ppus