OpenWrt AP with dynamic vlans

My first vlan setup brought isolated networks for both wired and wireless clients, at the cost of having a dedicated ssid per vlan.

As each ssid takes a bit of bandwidth, this didn’t scale and as I renewed some of my equipment, I took the opportunity to try something else :

ssid1: 802.1x with mikrotik user-manager as radius server to authenticate and assign vlans

ssid2: wpa2-psk with mikrotik user-manager in the background to assign per mac address vlans

This setup cannot be done through luci, but directly using uci or editing /etc/config/wireless

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'ssid1'
        option encryption 'wpa2'
        option key 'not-sure-if-needed-radius-secret'
        option server 'radius-ip'
        option port '1812'
        option dynamic_vlan '2'
        option vlan_bridge 'br-lan'
        option auth_secret 'radius-secret'
        option network 'vlan101'
        option auth_server 'radius-ip'
        option auth_port '1812'
        option vlan_tagged_interface 'eth0'

config wifi-iface 'wifinet1'
        option device 'radio0'
        option mode 'ap'
        option ssid 'ssid2'
        option encryption 'psk2'
        option key 'ssid-password'
        option dynamic_vlan '2'
        option vlan_bridge 'br-lan'
        option vlan_tagged_interface 'eth0'
        option auth_server '192.168.99.1'
        option auth_port '1812'
        option auth_secret 'radius-secret'
        option server 'radius-ip'
        option port '1812'

OpenWrt AP with dynamic vlans

Table of Contents