VLAN and DHCP

36 views
Skip to first unread message

Marten Lucas

unread,
Jul 10, 2025, 9:49:16 AMJul 10
to OpenWISP
Hi,
first of all great project. I am new to openwrt but still managed to get openwisp running with several devices. But now I am struggeling with a VLAN setup for a ZyXEL GS1900-8
v2 (with DSA).

The switch is connected via a trunked port to the mainrouter which is the dhcp server.
The target config is this 4 VLANs with different ports that get the IPs from the mainrouter.

This is the template I created:

{
  "interfaces": [
    {
      "type": "bridge",
      "bridge_members": [
        "lan1",
        "lan2",
        "lan3",
        "lan4",
        "lan5",
        "lan6",
        "lan7"
      ],
      "name": "br-lan",
      "vlan_filtering": [
        {
          "vlan": 178,
          "ports": [
            {
              "ifname": "lan1",
              "tagging": "t"
            },
            {
              "ifname": "lan2",
              "tagging": "t"
            },
            {
              "ifname": "lan3",
              "tagging": "t"
            },
            {
              "ifname": "lan4",
              "tagging": "t"
            }
          ]
        },
        {
          "vlan": 70,
          "ports": [
            {
              "ifname": "lan1",
              "tagging": "t"
            },
            {
              "ifname": "lan4",
              "tagging": "t"
            },
            {
              "ifname": "lan6",
              "tagging": "u"
            }
          ]
        },
        {
          "vlan": 80,
          "ports": [
            {
              "ifname": "lan1",
              "tagging": "t"
            },
            {
              "ifname": "lan4",
              "tagging": "t"
            },
            {
              "ifname": "lan7",
              "tagging": "u"
            }
          ]
        },
        {
          "vlan": 100,
          "ports": [
            {
              "ifname": "lan1",
              "tagging": "u"
            },
            {
              "ifname": "lan2",
              "tagging": "u"
            },
            {
              "ifname": "lan3",
              "tagging": "u"
            },
            {
              "ifname": "lan4",
              "tagging": "u"
            },
            {
              "ifname": "lan5",
              "tagging": "u"
            }
          ]
        }
      ]
    },
    {
      "type": "other",
      "name": "infra",
      "device": "br-lan.100",
      "proto": "dhcp",
      "ifname": "infra"
    },
    {
      "type": "other",
      "name": "user",
      "device": "br-lan.178",
      "proto": "dhcp",
      "ifname": "user"
    },
    {
      "type": "other",
      "name": "server",
      "device": "br-lan.70",
      "proto": "dhcp",
      "ifname": "server"
    },
    {
      "type": "other",
      "name": "jail",
      "device": "br-lan.80",
      "proto": "dhcp",
      "ifname": "jail"
    }
  ]
}

After I applied it to the switch without error, the /etc/config/network on the device is:
config interface 'infra'
option proto 'dhcp'
option device 'br-lan.100'
option ifname 'infra'

config interface 'br_lan'
option device 'br-lan'
option proto 'none'

config interface 'vlan_br_lan_70'
option device 'br-lan.70'
option proto 'none'

config interface 'vlan_br_lan_178'
option device 'br-lan.178'
option proto 'none'

config interface 'jail'
option device 'br-lan.80'
option ifname 'jail'
option proto 'dhcp'

config interface 'debug'
option device 'lan8'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option proto 'static'

config interface 'vlan_br_lan_100'
option device 'br-lan.100'
option proto 'none'

config interface 'user'
option device 'br-lan.178'
option ifname 'user'
option proto 'dhcp'

config device 'device_br_lan'
option name 'br-lan'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
option type 'bridge'

config interface 'vlan_br_lan_80'
option device 'br-lan.80'
option proto 'none'

config interface 'server'
option device 'br-lan.70'
option ifname 'server'
option proto 'dhcp'

config bridge-vlan
option device 'br-lan'
option vlan '100'
list ports 'lan1'

You see the port tagging is not applied.

When I manually setup the config with VLANs in luci it works and I get the following config:

config interface 'infra'
    option proto 'dhcp'
option device 'br-lan.100'
option ifname 'infra'

config interface 'br_lan'
option device 'br-lan'
option proto 'none'

config interface 'vlan_br_lan_70'
option device 'br-lan.70'
option proto 'none'

config interface 'vlan_br_lan_178'
option device 'br-lan.178'
option proto 'none'

config interface 'jail'
option device 'br-lan.80'
option ifname 'jail'
option proto 'dhcp'

config interface 'debug'
option device 'lan8'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option proto 'static'

config interface 'vlan_br_lan_100'
option device 'br-lan.100'
option proto 'none'

config interface 'user'
option device 'br-lan.178'
option ifname 'user'
option proto 'dhcp'

config device 'device_br_lan'
option name 'br-lan'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
option type 'bridge'

config interface 'vlan_br_lan_80'
option device 'br-lan.80'
option proto 'none'

config interface 'server'
option device 'br-lan.70'
option ifname 'server'
option proto 'dhcp'

config bridge-vlan
option device 'br-lan'
option vlan '100'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'

config bridge-vlan
option device 'br-lan'
option vlan '178'
list ports 'lan1:t'
list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:t'
list ports 'lan5'

config bridge-vlan
option device 'br-lan'
option vlan '80'
list ports 'lan1:t'
list ports 'lan4:t'
list ports 'lan6'

config bridge-vlan
option device 'br-lan'
option vlan '70'
list ports 'lan1:t'
list ports 'lan4:t'
list ports 'lan7'

I also tried the programmable switch but it not deploy without error. The template was:
{
  "interfaces": [
    {
      "type": "bridge",
      "name": "br-lan",
      "bridge_members": [ "lan1","lan2","lan3","lan4","lan5","lan6","lan7" ]
    },
    { "type":"other", "name":"infra",   "device":"br-lan.100", "proto":"dhcp", "ifname":"infra" },
    { "type":"other", "name":"user",    "device":"br-lan.178", "proto":"dhcp", "ifname":"user" },
    { "type":"other", "name":"server",  "device":"br-lan.70",  "proto":"dhcp", "ifname":"server" },
    { "type":"other", "name":"jail",    "device":"br-lan.80",  "proto":"dhcp", "ifname":"jail" }
  ],
  "switch": [
    {
      "name":       "br-lan",
      "reset":      true,
      "enable_vlan":true,
      "vlan": [
        { "device":"br-lan", "vlan":178, "ports":"lan1t lan2t lan3t lan4t" },
        { "device":"br-lan", "vlan":70,  "ports":"lan1t lan4t lan6u" },
        { "device":"br-lan", "vlan":80,  "ports":"lan1t lan4t lan7u" },
        { "device":"br-lan", "vlan":100, "ports":"lan1u lan2u lan3u lan4u lan5u" }
      ]
    }
  ]
}

I also saw the  https://github.com/openwisp/netjsonconfig/pull/261 and assumed it is now merged.

Can you please help me to either correct the template which correctly sets up the VLAN tagging or help me refine my requirements for a easier implementation.

Thank you so much.


DISCLAIMER: The Templates were generated with the help of AI

Federico Capoano

unread,
Jul 10, 2025, 10:44:29 AMJul 10
to open...@googlegroups.com
I tried parsing the configuration file generated via UCI that you have provided, but the library can't parse it, which is not a good sign.

Can you share the UCI configuration in /etc/config/network?

The Bridge VLAN fitlering implementation needs to be improved, I opened an issue for this:
If you can share the UCI code I'll add it to the issue (or you can add it yourself there).

In the meantime as a workaround, could you define the configuration you need by supplying files?
It's a bit uncomfortable but it will help you get around this issue, you can also use variables freely in files which is nice.

Best regards
Federico Capoano
OpenWISP OÜ
Kotkapoja tn 2a-10, 10615, Harju maakond, Tallinn, Estonia
VAT: EE101989729


--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/openwisp/7d00ca6c-b098-4cbb-ad52-682a366e6465n%40googlegroups.com.

Marten Lucas

unread,
Jul 15, 2025, 8:47:14 AMJul 15
to OpenWISP
Do you mean the UCI of the working config? That would be the following:


config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd48:e132:af34::/48'
option packet_steering '1'

config device 'switch'
option name 'switch'
option type 'bridge'
option macaddr '4c:9e:ff:f2:b7:81'

list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'

config bridge-vlan 'lan_vlan'
option device 'switch'

option vlan '100'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'

config interface 'infra'
option proto 'dhcp'
option device 'switch.100'


config interface 'debug'
option device 'lan8'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option proto 'static'

config bridge-vlan
option device 'switch'

option vlan '178'
list ports 'lan1:t'
list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:t'
list ports 'lan5'

config bridge-vlan
option device 'switch'

option vlan '70'
list ports 'lan1:t'
list ports 'lan4:t'
list ports 'lan6'

config bridge-vlan
option device 'switch'

option vlan '80'
list ports 'lan1:t'
list ports 'lan7'

config interface 'user'
option proto 'dhcp'
option device 'switch.178'

config interface 'server'
option proto 'dhcp'
option device 'switch.70'

config interface 'jail'
option proto 'dhcp'
option device 'switch.80'


In the mean time I found one error on my side. I had a timezone-template assigned to the device which broke the vlan template (globals).
Now I can render the following device config preview:

package system

config system 'system'
option hostname 'switch-eg'
option timezone 'CET-1CEST,M3.5.0,M10.5.0/3'
option zonename 'Europe/Berlin'

config timeserver 'ntp'
option enable_server '0'
option enabled '1'
list server '0.openwrt.pool.ntp.org'
list server '1.openwrt.pool.ntp.org'
list server '2.openwrt.pool.ntp.org'
list server '3.openwrt.pool.ntp.org'

package network


config device 'device_br_lan'
option name 'br-lan'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
option type 'bridge'
option vlan_filtering '1'

config bridge-vlan 'vlan_br_lan_178'
option device 'br-lan'
list ports 'lan1:t*'

list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:t'
option vlan '178'

config bridge-vlan 'vlan_br_lan_70'
option device 'br-lan'

list ports 'lan1:t'
list ports 'lan4:t'
list ports 'lan6:u*'
option vlan '70'

config bridge-vlan 'vlan_br_lan_80'
option device 'br-lan'

list ports 'lan1:t'
list ports 'lan4:t'
list ports 'lan7:u*'
option vlan '80'

config bridge-vlan 'vlan_br_lan_100'
option device 'br-lan'
list ports 'lan2:u*'
list ports 'lan3:u'
list ports 'lan4:u'
list ports 'lan5:u'
option vlan '100'


config interface 'vlan_br_lan_178'
option device 'br-lan.178'
option proto 'none'

config interface 'vlan_br_lan_70'
option device 'br-lan.70'
option proto 'none'

config interface 'vlan_br_lan_80'
option device 'br-lan.80'
option proto 'none'

config interface 'vlan_br_lan_100'
option device 'br-lan.100'
option proto 'none'

config interface 'br_lan'
option device 'br-lan'
option proto 'none'

config interface 'infra'

option device 'br-lan.100'
option ifname 'infra'
option proto 'dhcp'

config interface 'user'
option device 'br-lan.178'
option ifname 'user'
option proto 'dhcp'

config interface 'server'
option device 'br-lan.70'
option ifname 'server'
option proto 'dhcp'

config interface 'jail'
option device 'br-lan.80'
option ifname 'jail'
option proto 'dhcp'

config interface 'debug'
option device 'lan8'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option proto 'static'

package dhcp

config dnsmasq 'dnsmasq_1'
option authoritative '1'
option cachesize '1000'
option domain 'lan'
option domainneeded '1'
option ednspacket_max '1232'
option expandhosts '1'
option leasefile '/tmp/dhcp.leases'
option local '/lan/'
option localise_queries '1'
option localservice '1'
option readethers '1'
option rebind_localhost '1'
option rebind_protection '1'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'

config dhcp 'debug'
option dhcpv4 'server'
option interface 'debug'
option leasetime '12h'
option limit '100'
option start '10'

# ---------- files ---------- #

# path: /etc/dropbear/authorized_keys
# mode: 0644

ssh-ed25519 AAA....


from this template for the vlans & dhcp:

{
    "interfaces": [
        {
            "type": "bridge",
            "bridge_members": [
                "lan1",
                "lan2",
                "lan3",
                "lan4",
                "lan5",
                "lan6",
                "lan7"
            ],
            "name": "br-lan",
            "vlan_filtering": [
                {
                    "vlan": 178,
                    "ports": [
                        {
                            "ifname": "lan1",
                            "tagging": "t",
                            "primary_vid": true

                        },
                        {
                            "ifname": "lan2",
                            "tagging": "t"
                        },
                        {
                            "ifname": "lan3",
                            "tagging": "t"
                        },
                        {
                            "ifname": "lan4",
                            "tagging": "t"
                        }
                    ]
                },
                {
                    "vlan": 70,
                    "ports": [
                        {
                            "ifname": "lan1",
                            "tagging": "t"
                        },
                        {
                            "ifname": "lan4",
                            "tagging": "t"
                        },
                        {
                            "ifname": "lan6",
                            "tagging": "u",
                            "primary_vid": true

                        }
                    ]
                },
                {
                    "vlan": 80,
                    "ports": [
                        {
                            "ifname": "lan1",
                            "tagging": "t"
                        },
                        {
                            "ifname": "lan4",
                            "tagging": "t"
                        },
                        {
                            "ifname": "lan7",
                            "tagging": "u",
                            "primary_vid": true
                        }
                    ]
                },
                {
                    "vlan": 100,
                    "ports": [
                        {

                            "ifname": "lan2",
                            "tagging": "u",
                            "primary_vid": true
BEfore the error was that the Port Tagging did not apply.
Now the new error is that the config does not deploy and gets roled back:

Error reported from the device:
Fri Jul 11 22:13:52 2025 daemon.info openwisp: The following uci configs have been renamed: network.bridge_vlan1, network.bridge_vlan2, network.bridge_vlan3
Fri Jul 11 22:13:53 2025 daemon.crit openwisp: Could not apply configuration, openwisp-update-config exit code was 2
Fri Jul 11 22:13:53 2025 daemon.crit openwisp: ERROR: invalid UCI configuration file: network
Fri Jul 11 22:13:59 2025 daemon.info openwisp: The most recent configuration backup was restored

Marten Lucas

unread,
Jul 15, 2025, 8:47:18 AMJul 15
to OpenWISP
I just tried deploying via files. This works.

But do I loose the modularity? 
If I assign multiple templates with /etc/config/network files to the device will they merge or override? 
Can I combine file and netjsonconfig - e.g. I have a untagged debug port that was well deployed with the template. Can I keep this template and deploy the vlans with file? Will it merge?

thxs for the help
f.capoano schrieb am Donnerstag, 10. Juli 2025 um 16:44:29 UTC+2:

Federico Capoano

unread,
Jul 15, 2025, 8:54:15 AMJul 15
to open...@googlegroups.com
Merging won't work, but you could try using the custom syntax:

That's another possibility. We'll be working to improve this in a couple of weeks, I'll get in touch when we have news.

Best regards
Federico Capoano
OpenWISP OÜ
Kotkapoja tn 2a-10, 10615, Harju maakond, Tallinn, Estonia
VAT: EE101989729

Marten Lucas

unread,
Aug 9, 2025, 11:34:39 AMAug 9
to open...@googlegroups.com
Hi,
Did the latest netjsonconfig Release Address the issue? Or was it about something else.

Cheers
Marten

BlueMail for Android herunterladen

Iván Ledesma Obelar

unread,
Aug 10, 2025, 4:35:20 AMAug 10
to open...@googlegroups.com

Hi everybody,

 

after much trouble I managed to deploy all the modules necessary to provide a wifi hotspot service, but when trying to test the captive portal features in the demo system I came up with the following notice:

 

Warning

Unfortunately, at the moment, installing Coova-Chilli from the OpenWrt packages will not work because the default configuration of the Coova-Chilli OpenWrt package does not enable the chilli-redir feature, nor has SSL support enabled, which will not allow the captive portal to redirect the user to the captive page and will not support HTTPs requests.

 

Consequently I could connect to the Openwisp Wifi Demo SSID, but I wasn´t allocated an IP by the demo system.

 

Is there right now any workaround to the above issue, so that I can provide wifi hotspot service during Summer?

 

Regards,

 

Iván Ledesma Obelar

Federico Capoano

unread,
Aug 11, 2025, 2:22:17 PMAug 11
to open...@googlegroups.com
That section of the docs needs to be updated. You can use chilli without the redir module as long as the "redir" config option is set to zero.
It will still do basic redirects but it won't be able to do stuff like redirects using regular expressions.

I hope this helps.

F.




--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.

Iván Ledesma Obelar

unread,
Aug 11, 2025, 5:40:36 PMAug 11
to open...@googlegroups.com

Thanks, I won´t be doing nothing “advanced” since I´m just a newbie.

 

Nevertheless, I will be providing some suggestions to the documentation when I manage to make things completely work.

 

Regards,

 

Iván Ledesma Obelar

Federico Capoano

unread,
Aug 11, 2025, 6:56:01 PMAug 11
to open...@googlegroups.com
For the record, thanks to the Google Summer of Code we're doing some improvements to uspot so that we can use it in OpenWISP, see:

I have already deployed it on a couple of installations and it is going pretty well.

However, coova-chilli is probably easier to configure as you only deal with one configuration file, so for now I'd recommend sticking to it, unless you want to dedicate some time to understanding how uspot works.

Federico



Iván Ledesma Obelar

unread,
Aug 13, 2025, 3:19:20 AMAug 13
to open...@googlegroups.com

Thank you Federico, ¿is there any docs about captive portal templates? The template on the demo system is missing and I don´t know how to continue.

 

Saludos,

Iván Ledesma Obelar

unread,
Aug 17, 2025, 7:18:34 AMAug 17
to open...@googlegroups.com

Hi everybody,

 

Would it be possible to enable once again the Wifi Login Pages template on the demo system? It is missing and it´s the last thing I need to enable service.

 

Thanks a lot,

 

Iván Ledesma Obelar

Federico Capoano

unread,
Aug 18, 2025, 10:41:46 AMAug 18
to open...@googlegroups.com
The captive portal demo template is still available and the WiFi Login Pages demo is available at wifi.openwisp.io.
If you have further doubts I recommend asking in our support chat: https://matrix.to/#/#openwisp_general:gitter.im

Regards
Federico


Iván Ledesma Obelar

unread,
Aug 19, 2025, 4:12:07 PMAug 19
to open...@googlegroups.com

Thank you, although the template is not available at  generic templates menu, it is indeed available to check up at each device configuration.

Reply all
Reply to author
Forward
0 new messages