Assigning Ports to Guest Interface (DSA) - No Links Recognized

Hello,

I have been trying to assign (2) of my ethernet ports to a guest interface that was created as outlined in the wiki here and here, so that I can have a security camera base station isolated from my LAN.

However, when attempting to do so as noted in the DSA mini tutorial, the link is not recognized at all (router indicator light will not even come up).

network config:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'wan'
        option macaddr 'xx:xx:xx:xx:xx:xx'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config device
        option name 'br-guest'
        option type 'bridge'
        list ports 'lan3'
        list ports 'lan4'

config interface 'guest'
        option proto 'static'
        option device 'br-guest'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.0'
        option type 'bridge'

and firewall settings:

image1090×286 49.7 KB

image970×373 79 KB

I do not have VLAN configured here but the snippet shows that the links are down, and if I reassign the ports back to the br-lan device under the Network>Interfaces>Devices tab, they are immediately recognized:

image901×417 55.6 KB

Is something in my configuration off? Do I need to implement VLANs? (noobie with this... are VLANs only needed if one is trying to separate ports on the same interface?)

Device is a WRT32X running a community snapshot: Divested-WRT SNAPSHOT r21100+10-ffe91ca478

Any help would be greatly appreciated!

This is wrong.

uci delete network.guest.type
uci commit network
/etc/init.d/network restart

Thank you! Not sure how that bridge option was set, but that did it.

@pavelgl hmm.. actually this helped bring up the link on br-guest, but took down the link on br-lan. Looks like I am unable to have links of different interfaces? Weird

Please post the current network configuration.

iirc, method 2 from the DSA wiki is borked on wrtpac devices; on kernel 5.10.

Guessing WRT32x falls under that category, bummer. (might have to build Divested myself with a different kernel to try it out)

By method 2, do you mean the second point from the one I linked regarding multiple interfaces? Do you know if it is all of 5.10?

Is there another way to accomplish the same thing? Just want the secondary wired device isolated from the LAN.

config interface 'loopback'                                                               
        option device 'lo'                                                                
        option proto 'static'                                                             
        option ipaddr '127.0.0.1'                                                         
        option netmask '255.0.0.0'                                                        
                                                                                          
config globals 'globals'                                                                  
        option ula_prefix 'fdd0:1462:d552::/48'                                           
                                                                                          
config device                                                                             
        option name 'br-lan'                                                              
        option type 'bridge'                                                              
        list ports 'lan1'                                                                 
        list ports 'lan2'                                                                 
        list ports 'lan3'                                                                 
                                                                                          
config interface 'lan'                                                                    
        option device 'br-lan'                                                            
        option proto 'static'                                                             
        option ipaddr '192.168.1.1'                                                       
        option netmask '255.255.255.0'                                                    
        option ip6assign '60'                                                             
                                                                                          
config device                                                                             
        option name 'wan'                                                                 
        option macaddr 'xx:xx:xx:xx:xx:xx'                                                
                                                                                          
config interface 'wan'                                                                    
        option device 'wan'                                                               
        option proto 'dhcp'                                                               
                                                                                          
config interface 'wan6'                                                                   
        option device 'wan'                                                               
        option proto 'dhcpv6'                                                             
                                                                                          
config device                                                                             
        option name 'br-guest'                                                            
        option type 'bridge'                                                              
        list ports 'lan4'                                                                 
                                                                                          
config interface 'guest'                                                                  
        option proto 'static'                                                             
        option device 'br-guest'                                                          
        option ipaddr '192.168.3.1'                                                       
        option netmask '255.255.255.0'

Yes to both, here is the original test, have not tried since that post, nor on a 5.15 build. You should be able to get there with either 3 | 4 I would think.

Try using bridge vlan filtering to see if it makes a difference

uci delete network.@device[2]
uci add_list network.@device[0].ports='lan4'

uci add network bridge-vlan
uci set network.@bridge-vlan[-1].device='br-lan'
uci set network.@bridge-vlan[-1].vlan='10'
uci add_list network.@bridge-vlan[-1].ports='lan1:u*'
uci add_list network.@bridge-vlan[-1].ports='lan2:u*'
uci add_list network.@bridge-vlan[-1].ports='lan3:u*'

uci add network bridge-vlan
uci set network.@bridge-vlan[-1].device='br-lan'
uci set network.@bridge-vlan[-1].vlan='20'
uci add_list network.@bridge-vlan[-1].ports='lan4:u*'

uci set network.lan.device='br-lan.10'
uci set network.guest.device='br-lan.20'

/etc/init.d/network restart

dumb question, but how can I build with 5.15 instead of 5.10 (using Divested patches/config)? didn't see anything in nconfig under kernels

CONFIG_HAS_TESTING_KERNEL=y
CONFIG_TESTING_KERNEL=y

Global build settings->Use the testing kernel version.

An FYI, mvebu target on kernel 5.15, flowoffload is borked, so disable if turned on in your config.

is that kmod-nft-offload?

No, just on your device config:

/etc/config/firewall

config defaults
	option flow_offloading '0'

hmm.. tried this but it took out my network so I had to revert to the alternate partition.. I'm going to chalk this up to a device issue on my end. I'll keep trying with VLANs but for now the base station is going to stay on my LAN. I have stubby enabled as well but I am unable to connect any devices due to a lack of IPs.

@anomeome no luck with 5.15

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.