Posted: Wed Feb 24, 2021 20:03 Post subject: Bridged VAP to VLAN not able to connect
Hi,
I have a Dlink DIR868L Rev A with DDWRT r45767 installed.
I read a lot of posts and spent many hours to fix the VLAN issue. I hope someone would be able to help.
I use a start up script to setup the VLAN and not using the NVRAM method. I will explain why it is not working for me.
I would like to have the following:
LAN port 1 VLAN20
LAN port 2 VLAN20
LAN port 3 VLAN1
LAN port 4 VLAN1(trunk)
VAP VLAN30
The startup script as follow:
# Clear VLAN 0
echo "" > /proc/switch/eth0/vlan/0/ports
# Configure VLAN 1 with LAN port 2, 3 and CPU port
echo "2 3 5*" > /proc/switch/eth0/vlan/1/ports
echo "4 5u" > /proc/switch/eth0/vlan/2/ports
# Configure VLAN 20 Cam with LAN port 0, 1 and CPU port
echo "0 1 3t 5" > /proc/switch/eth0/vlan/20/ports
# Configure VLAN 30 Cam with LAN port 3 and CPU port
echo "3t 5" > /proc/switch/eth0/vlan/30/ports
# Setting up VLAN interfaces ...
# We don't need the vlan0 interface now ...
/sbin/ifconfig vlan0 down
/sbin/vconfig rem vlan0
I was able to get the LAN port 1 & 2(VLAN20) working fine.
I went to Setup >Networking >Assign to Bridge to create a connection for Wl0.1(VAP) to VLAN30.
But the client was not able to connect to the VAP.
After a reboot of the DDWRT device, the VLAN30 is disappeared from the "current bridging table". (see attached pic.
I have tried to change VLAN30 port be "3t 5t" and it did not make any difference.
If the Wl0.1(VAP) stay on the default bridge br0, there is no problem to get connected.The client receives an IP address from the default VLAN DHCP.
The current NVRAM value as follow:
vlan1ports= 0 1 2 3 5*
vlan2ports= 4 5u
Then I discovered a problem on the webGUI of the switch config.For some unknown reason, the order of the LAN port reversed.
Originally
Port W 1 2 3 4
R R R G G
After the NVRAM set vlan.*ports
Port W 1 2 3 4
R G G R R
The original port.*vlans value
port0vlans=1
port1vlans=1
port2vlans=1
port3vlans=1
port4vlans=2
port5vlans=1 2 16
I tried both sets of values and I were not able to get the LAN port working, let alone with VAP. That is why I stay with the startup script method.
Set 1
port0vlans=20
port1vlans=20
port2vlans=1
port3vlans=1 2 20 30 16
port4vlans=2
port5vlans=1 2 20 30 16
Frustratingly, this guide https://netosec.com/dd-wrt-wifi-vlans/ makes it sound fairly straightforward. However, in that scenario DD-WRT was acting as a router rather than a gateway and DNS was provided by a separate machine. I wonder if that's relevant.
I probably should have said that that bridge / VAP connectivity seems to be an ongoing issue. There seem to be two symptoms and, based on my limited understanding, it's possible that these have distinct causes.
1) Cannot connect to VAP after reboot (hence the workaround in the start-up scripts)
2) Cannot connect to VAP if bridged and wireless security is enabled.
I've found that I have the second issue: either removing the bridge assignment (sending it back to br0) or removing security (WPA, WEP, anything) allows it to work.
The reason for it is Broadcom's closed source wireless driver and encryption daemon have bugs with unbridged wireless interfaces. On some hardware it doesn't even work with no encryption, some hardware it only affects VAP's but not the main interface... we're stuck dealing with it by using bridges.
Are you able to connect if you either remove the bridge or disable security?
The VAP was able to connect with the default VLAN with no issue. The DHCP is on the primary router. I wonder if this could be an issue for VAP.
The reason to have a VAP is to put it into a difference VLAN to separate the 2 traffic. Default VLAN for main network. VAP for IoT and guest network.
I just do not understand why it does not work with the new bridge.
I can create VAP1 and VAP2, both will work with default VLAN. but not VAP1 for VLAN-A and VAP2 for VLAN-B, for example, with new bridge BrA and BrB.
is it because of the hardware? on some model of router would work, but some don't.
someone have a difference model of router got this working? a VAP bridge with a non default VLAN and connected?
Hi,
I have a pfsence as a primary router. When I connect a laptop to the Dlink 868 AP via the LAN port (VLAN 1, 20 and 30) or the Main wifi (both 2.4G and 5G on br0 VLAN1).
The Laptop was able to obtain IP address from each of the respective DHCP, ie VLAN1, 20 and 30 from LAN port, VLAN1 from wifi
It should be fairly straight forward to do the bridging and i just do not understand why it is not working.
I tested again. The VAP (Wl0.1)works fine if it is on VLAN1.
FYI
WAN is Disable
Assign WAN to switch is Disable
DHCP is disable
I tried also
Vlan2=4 5t with vlan30=3t 5u, 3t 5, 3t 5*, 3t 5t
vlan2=4 5* wuth vlan30=3t 5u, 3t 5, 3t 5*, 3t 5t
vlan2=4 5 with vlan30=5 5 , 3t 5u, 3t 5t, 3t 5*
Not working.
I noticed if i put both eth1 and Wl0.1(VAP) both into VLAN30. The client is able to get connected with IP correspond to VLAN30 from eth1 or wl0.1 (VAP)
I am guessing the authentication is working, but the bridging is not working for VAP.
Joined: 08 May 2018 Posts: 8051 Location: Texas, USA
Posted: Mon Mar 01, 2021 22:13 Post subject:
The only other thing I can think of is adding 4 to the list of vlan ports for 20, 30, etc. (Don't you have to have the WAN port assigned for it to pass through?!?!?)
Code:
vlan20ports=0 1 3t 4 5u
vlan30ports=3t 4 5u
If that doesn't work, then the * and t, but I'm pretty sure you don't have to tag port 5 (or port 4/0).
In my previous response, I noticed eth1 and VAP on the same VLAN30 works,
Instead of vlan1 on 2.4G AP(dd-wrt) and vlan30 on VAP (dd-wrt-vap). I put dd-wrt-vap on VLAN1 and dd-wrt on VLAN30. They are now working well as it should be.
with dd-wrt-vap connection, the client receives ip from VLAN1 DHCP.
whereas with dd-wrt connection, the client receives ip from VLAN30 DHCP.
In other word, the VAP can only be used on the default VLAN1.
This is the only way to go around it if anyone want to use VAP and the DDWRT unit setup as a Access Point. It is not possible to have multiples VAP of the same frequency.
For you information:
Router: Dlink DIR868L RevA
Mode: Access Point, WAN Disable, DHCP disable, WAN port as switch NOT used
VLAN1 LAN Port 3 and 4(trunk to primary router)
VLAN20 LAN Port 1 and 2 (for camera)
VLAN30 DDWRT 2.4G for IoT and guest
VLAN1 DDWRT-AP 2.4GHz
VLAN1 DDWRT-5G 5GHz
The ideal setup up would be DDWRT(Main VLAN1), DDWRT-VAP1(IoT & Guest VLAN30) and DDWRT-VAP2(wireless Camera VLAN20) all on the 2.4GHZ, but it is not possible at this stage.
Thank you for the inputs and the suggestions from everyone.