Adding LAN port to a guest network on dumb AP

Booka000 · January 14, 2025, 7:08am

Good day! I have an openwrt dumb access point with a running wifi guest network! I have configured the guest wifi according to the user's guide:

https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guestwifi_dumbap

I was wonderig if I can add one of the lan ports to that guest network

psherman · January 14, 2025, 7:14am

This is generally quite easy to do, but the specific method depends on you device and configuration. Let’s take a look and then we can guide you through the process.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network

Booka000 · January 14, 2025, 8:31am

root@OpenWrt:~# ubus call system board
{
	"kernel": "6.6.68",
	"hostname": "OpenWrt",
	"system": "MediaTek MT7620A ver:2 eco:6",
	"model": "TP-Link EC220-G5 v2",
	"board_name": "tplink,ec220-g5-v2",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "SNAPSHOT",
		"revision": "r28476-2456a2fd7f",
		"target": "ramips/mt7620",
		"description": "OpenWrt SNAPSHOT r28476-2456a2fd7f",
		"builddate": "1735781424"
	}
}

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd5e:fdd0:bcbe::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.2'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.1.1'
	list dns '192.168.1.1'

config device
	option name 'eth0.2'
	option macaddr 'xxxxxxxxxxx'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '0'

config switch
	option name 'switch1'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch1'
	option vlan '1'
	option ports '0 1 2 4 7t'

config switch_vlan
	option device 'switch1'
	option vlan '2'
	option ports '3 7t'

config device
	option type 'bridge'
	option name 'br_guest'
	option bridge_empty '1'

config interface 'guest'
	option proto 'static'
	option device 'br_guest'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'

pavelgl · January 14, 2025, 9:44am

The wan port has been removed, but vlan 2 still exists.

Just add eth0.2 to the guest bridge device and you should be able to use the blue colored port as a wired port for the guest network.

config device
	    option type 'bridge'
	    option name 'br_guest'
	    list ports 'eth0.2'

If you need more ports, you can move some from vlan 1 to vlan 2, e.g.

config switch_vlan
	    option device 'switch1'
	    option vlan '1'
	    option ports '0 1 4 7t'

config switch_vlan
	    option device 'switch1'
	    option vlan '2'
	    option ports '2 3 7t'

Booka000 · January 14, 2025, 10:32am

doesn't eth0.2 represent second LAN port? If that's the case, then I don't want to touch that port because it's already in use, should I go with eth0.3 instead?

_bernd · January 14, 2025, 10:41am

No. This notation indicates sub-interface with a vlan.

Booka000 · January 14, 2025, 11:32am

I have added this, but all the ports still connect to the main network, the router has only 3 ports, 2 of them are already in use LAN 3 is the only one available.

mk24 · January 14, 2025, 11:48am

Run swconfig dev switch0 show to find out which switch number corresponds to the physical port you want to use. Check the switch status both with and without a live cable plugged in to the port to see which one changes.

Then add that port to switch-vlan number 2. eth0.2 means vlan 2 going into the switch, which physical port(s) it is depends on the switch vlan configuration.

_bernd · January 14, 2025, 11:48am

Why is enable_vlan set to 0?

I count at least 7 ports....

And is port 7 or 0 your CPU? Every single VLAN needs to be tagged on the (internal) CPU(-Port).

Booka000 · January 14, 2025, 12:38pm

weirdo lol, I'm using snapshots version, I guess, it's not built correctly, I also see 4 lan ports in switch page

Booka000 · January 14, 2025, 12:54pm

it's port 7

_bernd · January 14, 2025, 12:55pm

Then you have to ensure its set to tagged on every used VLAN!

Booka000 · January 14, 2025, 12:57pm

here is the switch configuration

mk24 · January 14, 2025, 1:29pm

So if you plug something in to the unused third port on the back, one of those icons should change from "empty socket" to "cable plugged in".

Booka000 · January 18, 2025, 9:44pm

this is the solution! thank you so much, I only had to disable the traffic rule that was blocking the guest network from using LAN ports and I also switched off the wan port on eth0.2, shortly here is how the switch looks now:

system · January 28, 2025, 9:45pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.