The content of this topic has been archived on 30 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Is it possible to configure vlan's in openwrt 15.05.1 for use in the pfsense firewall with a single network interface?
for example :
vlan 99 = wan
vlan 10 = lan (bridged for 3 ports)
vlan 20 = private wifi
vlan 30 = guest wifi
trunk port = pfsense firewall
I have managed to create the wifi's vlan 20 and vlan 30 but I need some example for the other interfaces.
(Last edited by norman25 on 31 Oct 2017, 16:22)
Are you talking about running OpenWrt on hardware that has no switch, just a single Ethernet port connected directly to the CPU? In that case, you use 'eth0.x' in your configs, where x is the VLAN number that network will tag the packets on the Ethernet cable.
yes i'm try to setup something like this:
10T |
20T |
30T | ANT
99T 99 10 10 10 |
+=========================+ |
| +---+ +---+ +---+ +---+ +---+ | | +------------+
openwrt | | 1 | | 2 | | 3 | | 4 | | 5 | +-+ <====>|wifi devices|
vlan | +-^-+ +-^-+ +-^-+ +-^-+ +-^-+ | | 20 30 |
| | |ppal guest|
+==|=====|=====|====|=====|===+ +------------+
| | | | |
| | +------+-------+
| | |
| | |
+--------------+ | | +----------------+
| pfSense |-+ | | computers/ |
| firewall | | | wired devices|
+--------------+ | +----------------+
+--------------+ |
| cable |---------+
| modem |
+--------------+
Excuse my ASCII I do not know why it does not look good.
(Last edited by norman25 on 31 Oct 2017, 16:23)
So you do have a switch. First you should check the openwrt wiki page for your device to see if it explains the mapping of switch ports. Because in most cases the logical numbers don't match the physical numbers on the box and LEDs. Also you need to know if your model has two CPU ports, with one connected directly to the modem plug, or if there is one with all 5 ports on the back going through the switch.
well the switch in router:
rt305x-ews
config switch_vlan
option device 'rt305x'
option vlan '1'
option ports '1 2 3 5 6t'
for now i get working the two wifi's and wan (port 3 4), but not the lan's, wen i changed any settings in the switch (port 0 1 2) i'm loose the access to web gui and ssh
thx for your help
First, temporarily set up an "administration" wifi AP, attached to LAN, so you can log in that way even if Ethernet is not working.
Create all 4 vlans in the switch.
All four are tagged to the CPU port, and the trunk cable port. (actually if you're just passing the modem through to the pfSense box, you don't need 99 switched to the router CPU)
VLAN 99 is untagged for one port for the modem. VLAN 10 is untagged for 3 ports for the LAN. VLANs 20 and 30 have no Ethernet outputs.
Then in the network config, make eth0.10 the LAN physical port. Create two other bridge networks for the WLANs. These can have protocol "unmanaged" since they are just bridging through. Attach them to eth0.20 and eth0.30. Attach the APs to those networks. You can't attach an AP directly to an ethernet interface, you have to create a bridge in the kernel.
(Last edited by mk24 on 31 Oct 2017, 14:59)
thanks a lot man.
configuration achieved, although in a different way since I had a working part of this.
in order to not lose access to the ssh and the web gui, the ip and port of LUCI admin needed to be changed and also the port ssh, to not have conflicts with the pFsense. then create a bridge between the LAN and the VLAN_10 and ready is running.
again thank you very much for your help.
NOTE:
vlans config changed to
vlan 99 = wan
vlan 10 = lan
vlan 20 = private wifi
vlan 30 = guest wifi
(Last edited by norman25 on 31 Oct 2017, 16:21)
The discussion might have continued from here.