I Set Up A VLAN But Can't Ping Systems On It

[netnut]

Ok how about this?

Thats _the_ One ;-)

Code Select Expand


interface GigabitEthernet1/0/6
switchport trunk encapsulation dot1q
switchport trunk native vlan 7
switchport mode trunk
switchport nonegotiate


These are the important bits...

Code Select Expand


srr-queue bandwidth share 1 30 35 5
queue-set 2
priority-queue out
mls qos trust cos
macro description cisco-wireless
auto qos trust


We don't care about qos now, just ignore, won't be your issue

Code Select Expand

spanning-tree bpduguard enable

Your OpenWRT device won't send BDPU's, so your port should not get shutdown by this guard, but there is one very important "thing" with this setting... One of the reasons it's always hard to judge if someone really had the patience (or actively checking it) to wait before the port is in UP mode when troubleshooting a device connecting to it. Because of this setting this port will go through several states (listen, learn, forward) which can take a _while_  (> 30s) depending on the network. So be really, really sure the port is up, you already know the port status command....
This is also the reason your "Access Ports" have a portfast option, BDPU are rejected or filtered by default on this type of ports, that's why these ports are up in a second or so, after you plug in a cable or activating the port.

No I'm not on IOS, I use NixOS.

I'll forgive you for making me feel old :), but IOS is the name of the Cisco Operating System running on your switch.  8)


Assuming you're are now connected over Wireless as I suggested, you might try this minor change in your OpenWRT config. This would suboptimal though, as I explained earlier about disconnecting the device and connect it to something else as your switch. However:

First add VLAN 7 to your OpenWRT Switch config, OpenWRT -> Network -> Switch. Every VLAN you add here NEEDS to be tagged on CPU and OFF on all ports except LAN1. LAN1 (or any switchport) can only have ONE untagged VLAN and many TAGGED VLAN's.

Code Select Expand


config device
    option name 'br-vlan1'
    option type 'bridge'
    list ports 'eth0.7'    <--- Change this one


Because you have complete freedom over the wired interface now, take your time and test the different scenario's with tagged/untagged OpenWRT switchports and interface (eth0.1 / eth0.7), start with the minor one above. One of them should work :) and should explain how this port is handling VLAN's from OpenWRT.
You might want to adjust the interface and bridge names too if you like, but the OpenWRT switch config and port config will be the most important.

[isaacthekind]

Oh, I thought by IOS you meant the Apple OS for mobile devices. Haha.

I may just be confused here, but I really do not understand what you're asking me to do. You showed me this code:

Code Select Expand


config device
    option name 'br-vlan1'
    option type 'bridge'
    list ports 'eth0.7'    <--- Change this one


But I don't have any code that looks like that. Could you show me the whole config file maybe? That might clear it up. I find this very difficult, sorry.

[netnut]

Code Select Expand


config device
    option name 'br-vlan1'
    option type 'bridge'
    list ports 'eth0.7'    <--- Change this one


But I don't have any code that looks like that.

Well, that's strange because I posted this snippet a few posts earlier ;-) https://forum.opnsense.org/index.php?topic=37380.msg183886#msg183886 . You say you "loose connectivity" when applying this change, so I suggested (step by step) to change the underlaying VLAN ID for this interface from 1 to 7.

Remember, your challenge is to connect the wired management interface to your network, that's a single device & interface section in the network config file, I can't be more specific than that.

Could you show me the whole config file maybe? That might clear it up. I find this very difficult, sorry.

Sure, but you still need to fix your wired management port. You now know the "trick" to connect to OpenWRT via a wireless management port, so if the full configuration below still don't you give access to the wired interface (again strange because it should) you can and need to debug it from there.

The /etc/config/network & /etc/config/wireless below contains all the bits and pieces we've discussed and is 100% working. In other words, if something isn't: it is _your_ infra ! Your switch looks ok so check check and double check your OPNsense configuration if you can't connect (and get a ip address, dns and internet) to any of the wireless networks.

You get the following setup if you copy/paste the two config files (reboot):

- Wired Management  - "br-vlan1" - 10.0.7.2/24 - No Wireless Networks

- Wireless Management - "wlan0-3" - 192.168.2.1/24 - SSID:  WiFi_MGMT

- 1x WiFi SSID (Management): WiFi_MGMT - Wireless Management

- 1x WiFi SSID (Management): 2.4 GHz Radio

- 3x WiFi SSID's: WiFi 1 / WiFI 2 / WiFi 3

- 3x WiFi SSID's: Dual Radio 2.4GHz & 5GHz + WPA3

- 3x WiFi VLAN Mapping:
WiFi 1 -> VLAN 4
WiFi 2 -> VLAN 5
WiFi 3 -> VLAN 6

Names and VLAN id's are configurable, read the comments, especially for wireless.

/etc/config/network

Code Select Expand


#
# OpenWRT Network Config
#
# !!! Edit Management Interface (Wired) when having connectivity issues
# !!! vlan1 / br-vlan1 / eth0.1
#

###
# Loopback
###

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

###
# IPv6 ULA
###

config globals 'globals'
option ula_prefix ''

###
# Management Interface (Wired)
###

config device
option name 'br-vlan1'
option type 'bridge'
list ports 'eth0.1'

config interface 'vlan1'
option device 'br-vlan1'
option proto 'static'
option ipaddr '10.0.7.2'
option netmask '255.255.255.0'
        option gateway '10.0.7.1'
option ip6assign '0'

###
# Management Interface (Wireless)
###

config interface 'WiFi_MGMT'
option device 'wlan0-3'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option defaultroute '0'
option delegate '0'

###
# VLAN 4 = WiFi 1
###

config device
option type 'bridge'
option name 'br-vlan4'
list ports 'eth0.4'
option bridge_empty '1'
option ipv6 '0'

config interface 'vlan4'
option proto 'none'
option force_link '1'
option defaultroute '0'
option delegate '0'
option device 'br-vlan4'

###
# VLAN 5 = WiFi 2
###

config device
option type 'bridge'
option name 'br-vlan5'
list ports 'eth0.5'
option bridge_empty '1'
option ipv6 '0'

config interface 'vlan5'
option proto 'none'
option device 'br-vlan5'
option force_link '1'
option defaultroute '0'
option delegate '0'

###
# VLAN 6 = WiFi 3
###

config device
option type 'bridge'
option name 'br-vlan6'
list ports 'eth0.6'
option bridge_empty '1'

config interface 'vlan6'
option proto 'none'
option device 'br-vlan6'
option force_link '1'
option defaultroute '0'
option delegate '0'

###
# Switch Configuration
###

#
# !!! option vlan = sequence
# !!! option vid = VLAN ID
#

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3 4 5'
option vid '1'
option description 'Default VLAN'

config switch_vlan
option device 'switch0'
option vlan '2'
option vid '4'
option ports '0t 2t'
option description 'VLAN 4 - WiFi 1'

config switch_vlan
option device 'switch0'
option vlan '3'
option vid '5'
option ports '0t 2t'
option description 'VLAN 5 - WiFi 2'

config switch_vlan
option device 'switch0'
option vlan '4'
option vid '6'
option ports '0t 2t'
option description 'VLAN 6 - WiFi 3'

config switch_vlan
option device 'switch0'
option vlan '5'
option ports '0t 2t'
option vid '7'
option description 'VLAN 7 - Cisco Switch Native VLAN'



/etc/config/wireless

Code Select Expand


#
# OpenWRT Wireless Configuration
#
# !!! Don't use radio0 & radio1 from this file
# !!! Use your device specific radio config (with path, country code, etc)
# !!! Configure and add all custom wireless options (802k/v/r etc)
# !!! Only copy the SSID config
#

###
# Radio 0 - 2.4GHz
###

config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option band '2g'
        option country 'US'
        option channel 'auto'
option htmode 'HT20'
option cell_density '0'

###
# Radio 1 - 5GHz
###

config wifi-device 'radio1'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option band '5g'
        option country 'US'
        option channel 'auto'
option htmode 'HT20'
option cell_density '0'

###
# SSID: WiFi 1 - 2.4GHz
###

config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 1'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan4'

###
# SSID: WiFi 2 - 2.4GHz
###

config wifi-iface 'wifinet1'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 2'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan5'

###
# SSID: WiFi 3 - 2.4GHz
###

config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 3'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan6'

###
# SSID: WiFi-Management - 2.4GHz
###

config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
        option ssid 'WiFi-MGMT'
option encryption 'sae'
option key 'Very Secret'

###
# SSID: WiFi 1 - 5GHz
###

config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 1'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan4'

###
# SSID: WiFi 2 - 5GHz
###

config wifi-iface 'wifinet5'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 2'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan5'

###
# SSID: WiFi 3 - 5GHz
###

config wifi-iface 'wifinet6'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 3'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan6'


[netnut]

Your final solution would look like this, where you have a bridge per vlan with a vlan and (dual) wireless interface(s):

Code Select Expand


root@OpenWrt:~# brctl show
bridge name bridge id STP enabled interfaces
br-vlan5 7fff.ffffffffffffffffffffff no wlan0-1
eth0.5
wlan1-1
br-vlan1 7fff.ffffffffffffffffffffff no eth0.1
br-vlan6 7fff.ffffffffffffffffffffff no eth0.6
wlan1-2
wlan0-2
br-vlan4 7fff.ffffffffffffffffffffff no eth0.4
wlan0
wlan1


Besides these static mappings you now also have the possibility to create a single SSID with dynamic VLAN assignment through 802.1x with Radius (which can be installed on OPNsense...).

But you should fix your management interface first  8)

[isaacthekind]

I'm willing to keep trying things here, I really would like to get this working, and I don't want to give up. But I'm starting to feel like I may be wasting your time, because no matter what I do, I just get the same behaviour. I can copy paste the exact files you've used, line for line, /etc/config/network and /etc/config/wireless, then reboot, and still I can't ping the device. I've checked and triple checked OPNsense and I really can't see the error. You said that config 100% works so if it fails for me there's something wrong with my infrastructure, but it's just totally beyond me what this could be. I've shown my topology, I've also checked over and over to make sure the topology is right. I even went and bought a patch panel just to make it almost impossible to plug anything into the wrong place, lol. The IPs are all exactly as described in my topology diagram. So I just really don't know what to do. If you want to keep suggesting things, I'm happy to keep trying but at this point I'm worrying about being a burden. I'm sure it's not fun to help someone when you put tons of time into writing solutions, and even go as far as to set up a dummy device at your house for testing, just to have them always say "sorry, same behaviour". Rest assured, I am carefully trying everything you post and reading your comments in detail and repeatedly, I'm just still failing for some reason. But I'm not half-assing it over here or anything.

[netnut]

That you can't ping the management interface was the issue we tried to solve, but you asked for a full configuration, you got a full configuration ;-).

The OpenWRT configuration contains three different important parts, try to understand these and please confirm if they do work:

- The wired management interface
* You still have an issue with that, your switch config looked ok at first sight. But there's something wrong which I can't see from my couch.

- The wireless management interface
* This one should work, because it doesn't depend on anything else except for your OpenWRT device. So can you connect to the Wireless SSID: WiFi MGMT and can you connect to the management interface 192.168.2.1 ? You need to statically configure an IP address on your wireless client when connecting to this SSID, 192.168.2.2/24 (/24 == 255.255.255.0) will work

- The 3 VLAN bridges for the 3 wireless SSID's
* The config provides 3 SSID's for WiFi 1, WiFi 2 and WiFi 3 (mapped to VLAN 4, VLAN 5 and VLAN6). Can you connect to these WiFi networks and do you get an IP address, DNS and Internet. Do they all work ? Which one do, which one don't ?

[isaacthekind]

Yeah, to be clear, I'm not blaming you at all. I did ask for full configuration. I thought maybe I could spot something off about mine.

To answer your 3:

- Wired is working right now. I can connect at 10.0.7.2 from CORE.

- Wireless I'm having trouble. I want to make sure to get this working since it's the fallback. If I follow your steps I get some trouble. First I set up SSID with unspecified network (picture 1), and enable it. Then I make an interface with a static address 192.168.2.1 and netmask 255.255.255.0 and select my SSID from dropdown, which defaults to radio0.network1, as you said it would (picture 2, and picture 3). But if I have it enabled, then the device becomes phy0-ap0 instead of radio0.network1 (picture 4). If I then try to connect on my laptop with 'nmcli device wifi connect OpenWrt password mypass` it fails to connect and says "ERROR: connection activation failed: IP configuration could not be resolved (no available address, timeout, etc)". This happens even if I assign my laptop an IP of 192.168.2.3 with ifconfig before I try connecting.

- VLANs having trouble with all, but probably should focus on wireless management interface first.

EDIT: If I set the SSID to lan instead of unspecified, I can connect with the laptop.

[netnut]

Yeah, to be clear, I'm not blaming you at all.

You could, but I wouldn't care ;D, just trying to help...

To answer your 3:

- Wired is working right now. I can connect at 10.0.7.2 from CORE.

You wanted to create a so called OpenWRT Dumb Access Point with multiple VLAN's. As explained, your first task should be renaming the management interface to the br-vlanX naming scheme before going forward. You twice reported "loss of connectivity" and now you're connected again.  ???

I shared a _complete_ config file to work from, but

...
First I set up SSID with unspecified network (picture 1), and enable it.
...

Here you are back at the default config and try to config networks already provided in my example, do you see this doesn't help to understand where you are. Are you using my config or are you playing around with something default/custom ?!?! It's hard to understand what your doing ;-)

- VLANs having trouble with all, but probably should focus on wireless management interface first.

That COULD be a bridging issue, BUT if you didn't successfully renamed your wired management interface first (br-vlanX) this ain't going to work.

[isaacthekind]

You wanted to create a so called OpenWRT Dumb Access Point with multiple VLAN's. As explained, your first task should be renaming the management interface to the br-vlanX naming scheme before going forward. You twice reported "loss of connectivity" and now you're connected again.  ???

I factory reset, sorry I should have said this. If I do the br-vlanX i lose connectivity. Sorry I will avoid making further changes without saying exactly what I'm doing.

I shared a _complete_ config file to work from, but

Yes, but when i switch to it I lose connectivity. So I factory reset, sorry, again I should have said something.

Here you are back at the default config and try to config networks already provided in my example, do you see this doesn't help to understand where you are. Are you using my config or are you playing around with something default/custom ?!?! It's hard to understand what your doing ;-)

Sorry, yes i see how it's unhelpful. I am back to square one, trying to do your previous suggestion with wireless management interface so I can avoid further factory resets.

That COULD be a bridging issue, BUT if you didn't successfully renamed your wired management interface first (br-vlanX) this ain't going to work.

I did not successfully rename it.

If there are any other things I say that are confusing please point them out, I don't mean to make you repeat yourself, I'm just confused.

From now on, I will include the current config at the bottom of each comment so it's clear what I am doing.

/etc/config/network

Code Select Expand


config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'REDACTED'

config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
option gateway '10.0.7.1'
list ipaddr '10.0.7.2/24'
list ipaddr '192.168.1.1/24'

config device
option name 'eth0.2'
option macaddr 'REDACTED

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'

config interface 'WIFI_MGMT'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option device 'phy0-ap0'


/etc/config/wireless

Code Select Expand


config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'
option cell_density '0'

config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'sae'
option key 'hello1234'

config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '1'

config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'


With the current config I can see OpenWrt network when i scan on my laptop, but i can't connect to it. If I change WIFI_MGMT device to "lan" then I can connect wirelessly from the laptop.

[netnut]

So we're still at Step 1, the "Rename and configure the Wired Management Interface. br-vlan1", again, this is mandatory to make your bridged VLANs to work in later steps. Now this is a typical "Chicken Egg" problem, because you have an issue with it we need to find out what's the problem. The problem with a non-working management interface is: you can't manage it.

So that's why we need to go to step 2 first, configure the Wireless Management Interface, so we can debug the problems with your Wired Management Interface. Only when step 1 is successfully done, we can go to step 3 - Setting up Wireless SSID's.

You've explained your familiar with text editors (like VI), so it really suprises me if I give you this config for the Wireless Management Interface:

Code Select Expand


###
# Management Interface (Wireless)
###

config interface 'WiFi_MGMT'
option device 'wlan0-3'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option defaultroute '0'
option delegate '0'


You report back that it isn't working with:

Code Select Expand


config interface 'WIFI_MGMT'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option device 'phy0-ap0'


Even if your device ends-up as "phy0-ap0" instead of my "wlan0-3" this is not what I posted and the reason why it doesn't work. I'm really trying to help you, but if I need to (double)  check if you really configured what I suggested you never succeed.

The devil is in the details, OpenWRT supports over 1000 different devices. The network config definitions changed significantly after v21.x, some devices have a built-in switch (like yours), some don't. Some devices with a built-in switch changed to DSA (Linux Bridge VLAN filtering), some don't, like yours.

Even a single point, collon, hash or whatever can completly f*ck up your config, so please, at least be _really_ sure you copy paste the configs right and be clear what you're doing.

I've commented the config files extensively, part by part, section by section. Looking at your wireless config (and my comment in the example files), I don't see a country code in the radio's....

[netnut]

So to be absolutly clear, THIS should be your wireless management interface config (only changing the device entry to match your OpenWRT device)

Code Select Expand


###
# Management Interface (Wireless)
###

config interface 'WiFi_MGMT'
option device 'phy0-ap0'        <---- Your wireless radio / ssid sequence
option type 'bridge'                 <---- Should be a BRIDGE
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option defaultroute '0'
option delegate '0'


Rember it's now refering to phy0 (which I assume is your 2.4GHz radio, where phy1 is 5GHz) and ap0 is the first SSID in the list. So if you change the sequence of the SSID's somehow (by adding and/or removing them) the apX part will change too. Same goes for changing the management from 2.4 GHz (phy0) to 5GHz (phy1).

So don't change this AGAIN, UNTIL you have fixed wired management access (Step 1), otherwise you lock yourself out.

[isaacthekind]

You've explained your familiar with text editors (like VI), so it really suprises me if...

Even a single point, collon, hash or whatever can completly f*ck up your config...

It's not that I have any trouble with the editor or that I don't understand how even a slight difference in a config file, like a tab instead of a space, can mess things up. I've been programming for around 4 years, I understand these types of things for sure. The problem is I'm having trouble understanding what I'm trying to do here, which is 100% my fault. Right now I have directly copied your /etc/config/wireless. But I can't directly copy your /etc/config/network, because that will cause me to lose connectivity so although /etc/config/wireless is exactly like yours /etc/config/network is not. /etc/config/network is basically just the default after factory reset, but I've now added a section for the WiFi management interface. I think the correct thing to do for device is phy0-ap3, because WiFi-MGMT is the fourth SSID in the list under radio0 (picture included). Currently, when I scan on my laptop, I see WiFi 1, WiFi 2, WiFi 3, and WiFi-MGMT. Though I can't connect to WiFI-MGMT. I assume I need to do more to make /etc/config/network correct, again I would copy yours exactly, but for some reason that causes me to lose connection.

/etc/config/network

Code Select Expand


config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'REDACTED'

config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
option gateway '10.0.7.1'
list ipaddr '10.0.7.2/24'
list ipaddr '192.168.1.1/24'

config device
option name 'eth0.2'
option macaddr 'REDACTED'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'

config interface 'WiFi_MGMT'
option device 'phy0-ap3'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option defaultroute '0'
option delegate '0'


/etc/config/wireless

Code Select Expand


#
# OpenWRT Wireless Configuration
#
# !!! Don't use radio0 & radio1 from this file
# !!! Use your device specific radio config (with path, country code, etc)
# !!! Configure and add all custom wireless options (802k/v/r etc)
# !!! Only copy the SSID config
#

###
# Radio 0 - 2.4GHz
###

config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option band '2g'
        option country 'US'
        option channel 'auto'
option htmode 'HT20'
option cell_density '0'

###
# Radio 1 - 5GHz
###

config wifi-device 'radio1'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option band '5g'
        option country 'US'
        option channel 'auto'
option htmode 'HT20'
option cell_density '0'

###
# SSID: WiFi 1 - 2.4GHz
###

config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 1'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan4'

###
# SSID: WiFi 2 - 2.4GHz
###

config wifi-iface 'wifinet1'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 2'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan5'

###
# SSID: WiFi 3 - 2.4GHz
###

config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 3'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan6'

###
# SSID: WiFi-Management - 2.4GHz
###

config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
        option ssid 'WiFi-MGMT'
option encryption 'sae'
option key 'Very Secret'

###
# SSID: WiFi 1 - 5GHz
###

config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 1'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan4'

###
# SSID: WiFi 2 - 5GHz
###

config wifi-iface 'wifinet5'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 2'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan5'

###
# SSID: WiFi 3 - 5GHz
###

config wifi-iface 'wifinet6'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 3'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan6'


[netnut]

I think the correct thing to do for device is phy0-ap3, because WiFi-MGMT is the fourth SSID in the list under radio0 (picture included).

Exactly! I assumed your "current" state of config, but if you're back at my wireless config it's the fourth SSID, so phy-ap3.

If your Wireless Management is working now, again c/p my latest /etc/config/network & /etc/config/wireless (only adjust the finetuning of the wireless management). You should end up again in a state where you don't have access to the wired management but you do now via wireless. From here you can start debugging the wired management interface.

For the wireless config, adjust radio0 & radio1 to your needs, your country and paths are probably different

[isaacthekind]

Exactly! I assumed your "current" state of config, but if you're back to my wireless config it's the fourth SSID, so phy-ap3.

Ok good!

If your Wireless Management is working now...

It's not quite working. It's working in the sense that it is visible when I scan with my laptop. But it's not working in the sense that if I try to connect to it with the standard command "nmcli device wifi connect WiFi-MGMT password "Very Secret"" I get an error which says "ERROR: connection activation failed: IP configuration could not be resolved (no available address, timeout, etc)".

EDIT: I can change the country to CA since I'm in Canada, but I'm not sure how to determine the correct path.

Files currently unchanged from last post.

[netnut]

It's not quite working. It's working in the sense that it is visible when I scan with my laptop. But it's not working in the sense that if I try to connect to it with the standard command "nmcli device wifi connect WiFi-MGMT password "Very Secret"" I get an error which says "ERROR: connection activation failed: IP configuration could not be resolved (no available address, timeout, etc)".

The Wireless Management interface you've created is just a simple (bridge) device without DHCP or whatever, it only provides a HTTP & SSH entry at 192.168.2.1 over wireless. So you need to put a static address on the wireless interface of the client, everything but 192.168.2.1/24 will work, like 192.168.2.2/24.

Also be aware there are two stages connecting to a wireless network, actually connect TO a network (SSID) and the (automatic) configuration of IP information. So something as "I can't connect to this/that Wireless Network" always needs extra explanation:
- Can you connect (associate) to the SSID / Wireless Network (Can be checked at the status overview in the OpenWRT web gui)
- Do you receive an IP address (Check the DHCP Service Log @ OPNsense if request are received)

EDIT: I can change the country to CA since I'm in Canada, but I'm not sure how to determine the correct path.

Use the radio config from your default /etc/config/wireless after factory reset, most options are generic (like country code). But the path to the WiFi device may vary with different models.