Docs
OpenWrt
Configuration

Configuration

LuCI or uci

OpenWrt can be configured through the Web-UI (called LuCI) and via a tool on the command line (called uci). It is important to understand the hierarchy:

graph TD;
LuCI-->uci;
uci-->Linux;

Changes made in LuCI are translated into uci commands, and uci then applies the changes to the underlaying OS (Linux).

Recommendation: If you’re new to OpenWrt (or networking in general), I recommend starting with LuCI, get your configuration set up, make sure it works, and only then dive into the actual config files.

This will prevent confusion that would occur when using uci and LuCI interchangeably.

VLAN

OpenWrt supports VLANs. VLANs are useful to separate devices into different networks, even though they are connected to the same router. VLANs also allow you to carry these virtual networks over a single link to another device (i.e. one ethernet cable).

VLANs work by attaching a so called VLAN-tag to the Ethernet Frame. If such an Ethernet-Frame arrives on another device (and that device is VLAN-capable and VLAN-aware), the device can do things with it, according to the value of the VLAN tag.

First decision

Do you want to use VLANs?

This question is important. If the answer is ‘yes’, the chosen tools/software for OpenWrt might be different.

Do I need VLANs?

If you only want to separate traffic on one router (i.e. have port 1 & 2 for personal use, and port 3 & 4 for work use) you don’t need VLANs. In that case you would just create two bridges, assign the correct ports to them and that’s it. If you need Wifi on top, create a home and a work SSID and assign them to the correct bridges.

Now, if you want to add another router to the mix (maybe you want to extend the Wifi range), and you want to extend the home and the work network to it. Without VLANS you would need two links between the routers (one for each network).

With VLANs you would only need a single liink between the routers. The packets going over that link will then be tagged.

VLAN-capable

Most end-devices (PC, Phone, TV, whathaveyou) are not capable of handling VLAN tags. If a VLAN-tagged packet arrives at such a device it either:

  • doesn’t know what to do with it and can’t communicate
  • simply ignores it

VLAN-aware

Devices that are VLAN-capable (most routers, managed switches, etc) have to be configured in such a way, that they know what kind of VLAN tags could possibly arrive. They are then aware of the VLAN and can make decisions based on that.

DSA vs swconfig

In v21.02 OpenWrt switched from swconfig to DSA. DSA stands for Distributed Switch Architecture and is the upstream Linux Kernel Subsystem for network switches.

The docs you are reading will only show/relate to DSA configuration, as I all my devices support it.

InstallationPXE boot / netboot