Configure VLANs

[nicholasvmoore]

Configuring VLANs on OpenWRT is not the easiest and their documentation kind of sucks. I have however found an article that does describe the missing pieces for getting networking to work

• [x] Configure VLANs
• [x] Configure DHCP for VLANs
• [x] Configure firewall for VLANs
• [ ] Configure VLAN for remote APs. (needed GRE tunnel for L2 encapsulation or an additional CPE710 or wireless uplink)

Referenced Articles

• https://fabianlee.org/2023/01/22/openwrt-bridge-vlan-filtering-for-openwrt-21-x-with-dsa-isolated-guest-wi-fi/

[nicholasvmoore]

To setup VLANs in OpenWRT you need to follow these steps. High level you will enable VLAN filtering -> Create Devices -> Create Interfaces for those Devices.

1. First enable Bridge VLAN filtering on the bridge.
2. Choose your default VLAN and assign it to the interfaces you want. This will be u:* or Egress untagged & Primary VLAN ID checked.
3. For your other VLANs you wish to tag, choose Egress tagged for those t.

Next you will need to create VLAN devices for each VLAN.

1. Add device configuration
2. Existing Devices, choose the br-lan.[vlanID] for the VLAN you are creating a device object for.

Next you will need to create an Interface for the VLAN so you can assign an IP and setup DHCP

[nicholasvmoore]

Setting up DHCP on this router was difficult due to the UDP checksumming being disabled on virtual interfaces. DHCP clients like dhcpcd reject UDP packets with bad or missing checksums. So I installed iptables-mod-checksum and added the following iptables rule to the DHCP host:

Custom Firewall Rule

iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill

Reference:

• https://forum.openwrt.org/t/solved-dhcp-on-vlan-interfaces/61115/5