VLAN and DHCP

Marten Lucas

unread,

Jul 10, 2025, 9:49:16 AMJul 10

to OpenWISP

Hi,

first of all great project. I am new to openwrt but still managed to get openwisp running with several devices. But now I am struggeling with a VLAN setup for a ZyXEL GS1900-8

v2 (with DSA).

The switch is connected via a trunked port to the mainrouter which is the dhcp server.
The target config is this 4 VLANs with different ports that get the IPs from the mainrouter.

This is the template I created:

{
"interfaces": [
{
"type": "bridge",
"bridge_members": [
"lan1",
"lan2",
"lan3",
"lan4",
"lan5",
"lan6",
"lan7"
],
"name": "br-lan",
"vlan_filtering": [
{
"vlan": 178,
"ports": [
{
"ifname": "lan1",
"tagging": "t"
},
{
"ifname": "lan2",
"tagging": "t"
},
{
"ifname": "lan3",
"tagging": "t"
},
{
"ifname": "lan4",
"tagging": "t"
}
]
},
{
"vlan": 70,
"ports": [
{
"ifname": "lan1",
"tagging": "t"
},
{
"ifname": "lan4",
"tagging": "t"
},
{
"ifname": "lan6",
"tagging": "u"
}
]
},
{
"vlan": 80,
"ports": [
{
"ifname": "lan1",
"tagging": "t"
},
{
"ifname": "lan4",
"tagging": "t"
},
{
"ifname": "lan7",
"tagging": "u"
}
]
},
{
"vlan": 100,
"ports": [
{
"ifname": "lan1",
"tagging": "u"
},
{
"ifname": "lan2",
"tagging": "u"
},
{
"ifname": "lan3",
"tagging": "u"
},
{
"ifname": "lan4",
"tagging": "u"
},
{
"ifname": "lan5",
"tagging": "u"
}
]
}
]
},
{
"type": "other",
"name": "infra",
"device": "br-lan.100",
"proto": "dhcp",
"ifname": "infra"
},
{
"type": "other",
"name": "user",
"device": "br-lan.178",
"proto": "dhcp",
"ifname": "user"
},
{
"type": "other",
"name": "server",
"device": "br-lan.70",
"proto": "dhcp",
"ifname": "server"
},
{
"type": "other",
"name": "jail",
"device": "br-lan.80",
"proto": "dhcp",
"ifname": "jail"
}
]
}

After I applied it to the switch without error, the /etc/config/network on the device is:
config interface 'infra'
option proto 'dhcp'
option device 'br-lan.100'
option ifname 'infra'

config interface 'br_lan'
option device 'br-lan'
option proto 'none'

config interface 'vlan_br_lan_70'
option device 'br-lan.70'
option proto 'none'

config interface 'vlan_br_lan_178'
option device 'br-lan.178'
option proto 'none'

config interface 'jail'
option device 'br-lan.80'
option ifname 'jail'
option proto 'dhcp'

config interface 'debug'
option device 'lan8'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option proto 'static'

config interface 'vlan_br_lan_100'
option device 'br-lan.100'
option proto 'none'

config interface 'user'
option device 'br-lan.178'
option ifname 'user'
option proto 'dhcp'

config device 'device_br_lan'
option name 'br-lan'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
option type 'bridge'

config interface 'vlan_br_lan_80'
option device 'br-lan.80'
option proto 'none'

config interface 'server'
option device 'br-lan.70'
option ifname 'server'
option proto 'dhcp'

config bridge-vlan
option device 'br-lan'
option vlan '100'
list ports 'lan1'

You see the port tagging is not applied.

When I manually setup the config with VLANs in luci it works and I get the following config:

config interface 'infra'
option proto 'dhcp'
option device 'br-lan.100'
option ifname 'infra'

config interface 'br_lan'
option device 'br-lan'
option proto 'none'

config interface 'vlan_br_lan_70'
option device 'br-lan.70'
option proto 'none'

config interface 'vlan_br_lan_178'
option device 'br-lan.178'
option proto 'none'

config interface 'jail'
option device 'br-lan.80'
option ifname 'jail'
option proto 'dhcp'

config interface 'debug'
option device 'lan8'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option proto 'static'

config interface 'vlan_br_lan_100'
option device 'br-lan.100'
option proto 'none'

config interface 'user'
option device 'br-lan.178'
option ifname 'user'
option proto 'dhcp'

config device 'device_br_lan'
option name 'br-lan'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
option type 'bridge'

config interface 'vlan_br_lan_80'
option device 'br-lan.80'
option proto 'none'

config interface 'server'
option device 'br-lan.70'
option ifname 'server'
option proto 'dhcp'

config bridge-vlan
option device 'br-lan'
option vlan '100'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'

config bridge-vlan
option device 'br-lan'
option vlan '178'
list ports 'lan1:t'
list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:t'
list ports 'lan5'

config bridge-vlan
option device 'br-lan'
option vlan '80'
list ports 'lan1:t'
list ports 'lan4:t'
list ports 'lan6'

config bridge-vlan
option device 'br-lan'
option vlan '70'
list ports 'lan1:t'
list ports 'lan4:t'
list ports 'lan7'

I also tried the programmable switch but it not deploy without error. The template was:
{
"interfaces": [
{
"type": "bridge",
"name": "br-lan",
"bridge_members": [ "lan1","lan2","lan3","lan4","lan5","lan6","lan7" ]
},
{ "type":"other", "name":"infra", "device":"br-lan.100", "proto":"dhcp", "ifname":"infra" },
{ "type":"other", "name":"user", "device":"br-lan.178", "proto":"dhcp", "ifname":"user" },
{ "type":"other", "name":"server", "device":"br-lan.70", "proto":"dhcp", "ifname":"server" },
{ "type":"other", "name":"jail", "device":"br-lan.80", "proto":"dhcp", "ifname":"jail" }
],
"switch": [
{
"name": "br-lan",
"reset": true,
"enable_vlan":true,
"vlan": [
{ "device":"br-lan", "vlan":178, "ports":"lan1t lan2t lan3t lan4t" },
{ "device":"br-lan", "vlan":70, "ports":"lan1t lan4t lan6u" },
{ "device":"br-lan", "vlan":80, "ports":"lan1t lan4t lan7u" },
{ "device":"br-lan", "vlan":100, "ports":"lan1u lan2u lan3u lan4u lan5u" }
]
}
]
}

I also saw the https://github.com/openwisp/netjsonconfig/pull/261 and assumed it is now merged.

Can you please help me to either correct the template which correctly sets up the VLAN tagging or help me refine my requirements for a easier implementation.

Thank you so much.

DISCLAIMER: The Templates were generated with the help of AI

Federico Capoano

unread,

Jul 10, 2025, 10:44:29 AMJul 10

to open...@googlegroups.com

I tried parsing the configuration file generated via UCI that you have provided, but the library can't parse it, which is not a good sign.

Can you share the UCI configuration in /etc/config/network?

The Bridge VLAN fitlering implementation needs to be improved, I opened an issue for this:

https://github.com/openwisp/netjsonconfig/issues/356

If you can share the UCI code I'll add it to the issue (or you can add it yourself there).

In the meantime as a workaround, could you define the configuration you need by supplying files?

It's a bit uncomfortable but it will help you get around this issue, you can also use variables freely in files which is nice.

Best regards

Federico Capoano

OpenWISP OÜ

Kotkapoja tn 2a-10, 10615, Harju maakond, Tallinn, Estonia

VAT: EE101989729

+372 59361689

openwisp.io

--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/openwisp/7d00ca6c-b098-4cbb-ad52-682a366e6465n%40googlegroups.com.

Marten Lucas

unread,

Jul 15, 2025, 8:47:14 AMJul 15

to OpenWISP

Do you mean the UCI of the working config? That would be the following:

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd48:e132:af34::/48'
option packet_steering '1'

config device 'switch'
option name 'switch'
option type 'bridge'
option macaddr '4c:9e:ff:f2:b7:81'

list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'

config bridge-vlan 'lan_vlan'
option device 'switch'

option vlan '100'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'

list ports 'lan5'
list ports 'lan6'
list ports 'lan7'

config interface 'infra'
option proto 'dhcp'

option device 'switch.100'

config interface 'debug'
option device 'lan8'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option proto 'static'

config bridge-vlan
option device 'switch'

option vlan '178'
list ports 'lan1:t'
list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:t'
list ports 'lan5'

config bridge-vlan

option device 'switch'

option vlan '70'
list ports 'lan1:t'
list ports 'lan4:t'

list ports 'lan6'

config bridge-vlan

option device 'switch'

option vlan '80'
list ports 'lan1:t'

list ports 'lan7'

config interface 'user'
option proto 'dhcp'
option device 'switch.178'

config interface 'server'
option proto 'dhcp'
option device 'switch.70'

config interface 'jail'
option proto 'dhcp'
option device 'switch.80'

In the mean time I found one error on my side. I had a timezone-template assigned to the device which broke the vlan template (globals).
Now I can render the following device config preview:

package system

config system 'system'
option hostname 'switch-eg'
option timezone 'CET-1CEST,M3.5.0,M10.5.0/3'
option zonename 'Europe/Berlin'

config timeserver 'ntp'
option enable_server '0'
option enabled '1'
list server '0.openwrt.pool.ntp.org'
list server '1.openwrt.pool.ntp.org'
list server '2.openwrt.pool.ntp.org'
list server '3.openwrt.pool.ntp.org'

package network

config device 'device_br_lan'
option name 'br-lan'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
option type 'bridge'

option vlan_filtering '1'

config bridge-vlan 'vlan_br_lan_178'
option device 'br-lan'
list ports 'lan1:t*'

list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:t'

option vlan '178'

config bridge-vlan 'vlan_br_lan_70'
option device 'br-lan'

list ports 'lan1:t'
list ports 'lan4:t'

list ports 'lan6:u*'
option vlan '70'

config bridge-vlan 'vlan_br_lan_80'
option device 'br-lan'

list ports 'lan1:t'
list ports 'lan4:t'

list ports 'lan7:u*'
option vlan '80'

config bridge-vlan 'vlan_br_lan_100'
option device 'br-lan'
list ports 'lan2:u*'
list ports 'lan3:u'
list ports 'lan4:u'
list ports 'lan5:u'
option vlan '100'

config interface 'vlan_br_lan_178'
option device 'br-lan.178'
option proto 'none'

config interface 'vlan_br_lan_70'
option device 'br-lan.70'
option proto 'none'

config interface 'vlan_br_lan_80'
option device 'br-lan.80'
option proto 'none'

config interface 'vlan_br_lan_100'
option device 'br-lan.100'
option proto 'none'

config interface 'br_lan'
option device 'br-lan'
option proto 'none'

config interface 'infra'

option device 'br-lan.100'
option ifname 'infra'

option proto 'dhcp'

config interface 'user'
option device 'br-lan.178'
option ifname 'user'
option proto 'dhcp'

config interface 'server'
option device 'br-lan.70'
option ifname 'server'
option proto 'dhcp'

config interface 'jail'
option device 'br-lan.80'
option ifname 'jail'
option proto 'dhcp'

config interface 'debug'
option device 'lan8'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option proto 'static'

package dhcp

config dnsmasq 'dnsmasq_1'
option authoritative '1'
option cachesize '1000'
option domain 'lan'
option domainneeded '1'
option ednspacket_max '1232'
option expandhosts '1'
option leasefile '/tmp/dhcp.leases'
option local '/lan/'
option localise_queries '1'
option localservice '1'
option readethers '1'
option rebind_localhost '1'
option rebind_protection '1'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'

config dhcp 'debug'
option dhcpv4 'server'
option interface 'debug'
option leasetime '12h'
option limit '100'
option start '10'

# ---------- files ---------- #

# path: /etc/dropbear/authorized_keys
# mode: 0644

ssh-ed25519 AAA....

from this template for the vlans & dhcp:

{
"interfaces": [
{
"type": "bridge",
"bridge_members": [
"lan1",
"lan2",
"lan3",
"lan4",
"lan5",
"lan6",
"lan7"
],
"name": "br-lan",
"vlan_filtering": [
{
"vlan": 178,
"ports": [
{
"ifname": "lan1",
"tagging": "t",

"primary_vid": true

},
{
"ifname": "lan2",
"tagging": "t"
},
{
"ifname": "lan3",
"tagging": "t"
},
{
"ifname": "lan4",
"tagging": "t"
}
]
},
{
"vlan": 70,
"ports": [
{
"ifname": "lan1",
"tagging": "t"
},
{
"ifname": "lan4",
"tagging": "t"
},
{
"ifname": "lan6",
"tagging": "u",

"primary_vid": true

}
]
},
{
"vlan": 80,
"ports": [
{
"ifname": "lan1",
"tagging": "t"
},
{
"ifname": "lan4",
"tagging": "t"
},
{
"ifname": "lan7",
"tagging": "u",

"primary_vid": true
}
]
},
{
"vlan": 100,
"ports": [
{

"ifname": "lan2",
"tagging": "u",

"primary_vid": true

BEfore the error was that the Port Tagging did not apply.
Now the new error is that the config does not deploy and gets roled back:

Error reported from the device:
Fri Jul 11 22:13:52 2025 daemon.info openwisp: The following uci configs have been renamed: network.bridge_vlan1, network.bridge_vlan2, network.bridge_vlan3
Fri Jul 11 22:13:53 2025 daemon.crit openwisp: Could not apply configuration, openwisp-update-config exit code was 2
Fri Jul 11 22:13:53 2025 daemon.crit openwisp: ERROR: invalid UCI configuration file: network
Fri Jul 11 22:13:59 2025 daemon.info openwisp: The most recent configuration backup was restored

Marten Lucas

unread,

Jul 15, 2025, 8:47:18 AMJul 15

to OpenWISP

I just tried deploying via files. This works.

But do I loose the modularity?
If I assign multiple templates with /etc/config/network files to the device will they merge or override?
Can I combine file and netjsonconfig - e.g. I have a untagged debug port that was well deployed with the template. Can I keep this template and deploy the vlans with file? Will it merge?

thxs for the help

f.capoano schrieb am Donnerstag, 10. Juli 2025 um 16:44:29 UTC+2:

Federico Capoano

unread,

Jul 15, 2025, 8:54:15 AMJul 15

to open...@googlegroups.com

Merging won't work, but you could try using the custom syntax:

https://netjsonconfig.openwisp.org/en/stable/backends/openwrt.html#all-the-other-settings

That's another possibility. We'll be working to improve this in a couple of weeks, I'll get in touch when we have news.

Best regards

Federico Capoano

OpenWISP OÜ

Kotkapoja tn 2a-10, 10615, Harju maakond, Tallinn, Estonia

VAT: EE101989729

+372 59361689

openwisp.io

To view this discussion, visit https://groups.google.com/d/msgid/openwisp/c0a1a744-8b93-4436-b023-6b20d5301b9fn%40googlegroups.com.

Marten Lucas

unread,

Aug 9, 2025, 11:34:39 AMAug 9

to open...@googlegroups.com

Hi,

Did the latest netjsonconfig Release Address the issue? Or was it about something else.

Cheers

Marten

BlueMail for Android herunterladen

Iván Ledesma Obelar

unread,

Aug 10, 2025, 4:35:20 AMAug 10

to open...@googlegroups.com

Hi everybody,

after much trouble I managed to deploy all the modules necessary to provide a wifi hotspot service, but when trying to test the captive portal features in the demo system I came up with the following notice:

Warning

Unfortunately, at the moment, installing Coova-Chilli from the OpenWrt packages will not work because the default configuration of the Coova-Chilli OpenWrt package does not enable the chilli-redir feature, nor has SSL support enabled, which will not allow the captive portal to redirect the user to the captive page and will not support HTTPs requests.

Consequently I could connect to the Openwisp Wifi Demo SSID, but I wasn´t allocated an IP by the demo system.

Is there right now any workaround to the above issue, so that I can provide wifi hotspot service during Summer?

Regards,

Iván Ledesma Obelar

Federico Capoano

unread,

Aug 11, 2025, 2:22:17 PMAug 11

to open...@googlegroups.com

That section of the docs needs to be updated. You can use chilli without the redir module as long as the "redir" config option is set to zero.

It will still do basic redirects but it won't be able to do stuff like redirects using regular expressions.

I hope this helps.

F.

--

You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.

To view this discussion, visit https://groups.google.com/d/msgid/openwisp/DB9P192MB133976CC302B97B461AA39BDCD29A%40DB9P192MB1339.EURP192.PROD.OUTLOOK.COM.

Iván Ledesma Obelar

unread,

Aug 11, 2025, 5:40:36 PMAug 11

to open...@googlegroups.com

Thanks, I won´t be doing nothing “advanced” since I´m just a newbie.

Nevertheless, I will be providing some suggestions to the documentation when I manage to make things completely work.

Regards,

Iván Ledesma Obelar

To view this discussion, visit https://groups.google.com/d/msgid/openwisp/CAAGgX6%2BrK36dj-UJ7G5SUE4-nifDxQUpMBXTvJ1soz1Nu1OvPw%40mail.gmail.com.

Federico Capoano

unread,

Aug 11, 2025, 6:56:01 PMAug 11

to open...@googlegroups.com

For the record, thanks to the Google Summer of Code we're doing some improvements to uspot so that we can use it in OpenWISP, see:

Enhancing Uspot Captive Portal for OpenWrt

I have already deployed it on a couple of installations and it is going pretty well.

However, coova-chilli is probably easier to configure as you only deal with one configuration file, so for now I'd recommend sticking to it, unless you want to dedicate some time to understanding how uspot works.

Federico

To view this discussion, visit https://groups.google.com/d/msgid/openwisp/DB9P192MB1339668B0490ABDA8E16A74BCD28A%40DB9P192MB1339.EURP192.PROD.OUTLOOK.COM.

Iván Ledesma Obelar

unread,

Aug 13, 2025, 3:19:20 AMAug 13

to open...@googlegroups.com

Thank you Federico, ¿is there any docs about captive portal templates? The template on the demo system is missing and I don´t know how to continue.

Saludos,

To view this discussion, visit https://groups.google.com/d/msgid/openwisp/CAAGgX6LZPpGOyYQfASkN%3DV2BMeBv_48Bbrs9mFZAmyRM%3DrJWxA%40mail.gmail.com.

Iván Ledesma Obelar

unread,

Aug 17, 2025, 7:18:34 AMAug 17

to open...@googlegroups.com

Hi everybody,

Would it be possible to enable once again the Wifi Login Pages template on the demo system? It is missing and it´s the last thing I need to enable service.

Thanks a lot,

Iván Ledesma Obelar

Federico Capoano

unread,

Aug 18, 2025, 10:41:46 AMAug 18

to open...@googlegroups.com

The captive portal demo template is still available and the WiFi Login Pages demo is available at wifi.openwisp.io.

If you have further doubts I recommend asking in our support chat: https://matrix.to/#/#openwisp_general:gitter.im

Regards

Federico

To view this discussion, visit https://groups.google.com/d/msgid/openwisp/DB9P192MB1339FE69811F87087F8A5626CD36A%40DB9P192MB1339.EURP192.PROD.OUTLOOK.COM.

Iván Ledesma Obelar

unread,

Aug 19, 2025, 4:12:07 PMAug 19

to open...@googlegroups.com

Thank you, although the template is not available at generic templates menu, it is indeed available to check up at each device configuration.

To view this discussion, visit https://groups.google.com/d/msgid/openwisp/CAAGgX6%2BS9X5tDL07Y1C9JaU%3DVecp-XndVH57xq7sJbAa0WD%3DRw%40mail.gmail.com.

Reply all

Reply to author

Forward