How configure 3rd Wifi-SSID for incoming external VLAN?

Hi together,

currently I use my Turris Omnia with standard LAN and GUEST-LAN in the following configuration:
LAN: ports 0-3 untagged, port 4 untagged, Wireless SSID#1
GUEST_TURRIS: port 4 tagged (eth.0.10), Wireless SSID#2

All this works fine including the outgoing VLAN-10 from the GUEST_TURRIS.

Now I added a 3rd WiFi SSID to be used as additional access point for an external provided VLAN-3. This VLAN-3 is incoming via port 4 as tagged VLAN-3 / eth0.3 (provided by external router/switch).

But this configuration does not work. Wireless Clients connecting to SSID#3 cannot get any IP Adress from the VLAN-3 network. Other Access Points outside the router connected itself to this VLAN-3 are working correctly. So I assume my config in turris is wrong for that scenario.

Perhaps the problem is that Wireless Networks cannot be assigned directly to VLAN-3/eth0.3. An assignment is only available to type “interface”. The VLAN is only incoming as tagged VLAN-3 along with outgoing VLAN-1 and tagged VLAN-10 at same port 4, so I cannot assign this physical interface. Therefore my idea was to create a (virtual) interface for that, with covered networks eth0.3 and Wifi-SSID#3. (I used “unmanaged” interface because for this VLAN-3 is no need für DHCP or firewall services in turris, DHCP and routing in VLAN-3 shall be done by the external router.) But it doesn’t work.

Has anybody an idea what I did wrong here and how to make it better?

Thanks a lot.

Hi, post your network configuration from /etc/config/network, it can help us better understand what’s going on.

My current network config:

config interface ‘loopback’
option ifname ‘lo’
option proto ‘static’
option ipaddr ‘127.0.0.1’
option netmask ‘255.0.0.0’

config globals ‘globals’
option ula_prefix ‘… /48’

config interface ‘lan’
option force_link ‘1’
option type ‘bridge’
option proto ‘static’
option netmask ‘255.255.255.0’
option ipaddr ‘192.168.2.1’
option ip6assign ‘64’
option _orig_ifname ‘eth0 eth2 wlan0 wlan1’
option _orig_bridge ‘true’
option ifname ‘eth0’

config interface ‘wan’
option proto ‘dhcp’
option type ‘bridge’
option _orig_ifname ‘eth1 wlan0-1 wlan1-1’
option _orig_bridge ‘true’
option ifname ‘eth1 eth2’

config interface ‘wan6’
option ifname ‘@wan
option proto ‘dhcpv6’
option reqaddress ‘try’
option reqprefix ‘64’
option noserverunicast ‘1’

config switch
option name ‘switch0’
option reset ‘1’
option enable_vlan ‘1’

config switch_vlan
option device ‘switch0’
option vlan ‘1’
option ports ‘0 1 2 3 4 5’
option vid ‘1’

config switch_vlan
option device ‘switch0’
option vlan ‘2’
option vid ‘2’
option ports ‘6’

config interface ‘guest_turris’
option enabled ‘1’
option type ‘bridge’
option proto ‘static’
option ipaddr ‘192.168.10.1’
option netmask ‘255.255.255.0’
option bridge_empty ‘1’
option _orig_ifname ‘guest_turris_0 guest_turris_1’
option _orig_bridge ‘true’
option delegate ‘0’
option ifname ‘eth0.10’

config switch_vlan
option device ‘switch0’
option vlan ‘3’
option vid ‘10’
option ports ‘4t 5t’

config switch_vlan
option device ‘switch0’
option vlan ‘4’
option ports ‘4t 5t’
option vid ‘3’

config interface ‘VLAN3’
option _orig_ifname ‘wlan0-2’
option _orig_bridge ‘true’
option type ‘bridge’
option ifname ‘eth0.3’
option proto ‘dhcp’
option hostname ‘turris_VLAN-3’
option delegate ‘0’
option defaultroute ‘0’

Today I tried several options and found that I have to configure the interface “VLAN3” as “DHCP-Client” (not type “unmanaged”). This configuration works, nevertheless I do not understand why it’s necessary to use DHCP-Client for that scenario. (Note: Some details might be strange, but I edited config only with luci-interface, not ssh.)

1 Like

Try removing “type bridge” and switch “proto dhcp” to “proto static” on interface VLAN3.

Switching protokoll to “static” works fine, thank you. Removing “bridge” is not possible (in luci) because either the interface eth0.3 or the wireless is missing then. Adding more than one causes “bridge interfaces enabled”.
But “static” (without any address, bridging enabled) works better than “DHCP client”, without wasting a DHCP ip address for the VLAN3 interface and without the risk of unwanted address assignments .
Nevertheless unusual, that a wireless SSID cannot be directly assigned to a existing VLAN-ID like normal access points can handle.

Cool, I’m glad I somewhat helped you.