Best way to add a physical port to GUEST ZONE?

countingcrows · May 31, 2021, 4:02pm

Hello friends,

Everything is working fine on router. Internet of Little Shits connecting to their wireless APs which are isolated from LAN. Firewall rules and everything good.

What is the least taxing way to add a single Physical LAN Port to GUEST ZONE?

Many Thanks!

trendy · May 31, 2021, 4:42pm

It depends on the hardware. Which router is this? ubus call system board; uci export network

countingcrows · May 31, 2021, 4:51pm

Thanks trendy.

root@Linksys:/etc/config# ubus call system board; uci export network
{
        "kernel": "4.14.221",
        "hostname": "Linksys",
        "system": "ARMv7 Processor rev 1 (v7l)",
        "model": "Linksys WRT32X",
        "board_name": "linksys,venom",
        "release": {
                "distribution": "OpenWrt",
                "version": "19.07.7",
                "revision": "r11306-c4a6851c72",
                "target": "mvebu/cortexa9",
                "description": "OpenWrt 19.07.7 r11306-c4a6851c72"
        }
}
package network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

config interface 'wan'
        option ifname 'eth1.2'
        option proto 'dhcp'
        list dns '8.8.8.8'
        option peerdns '0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 5t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

config interface 'guest'
        option proto 'static'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.0'
        option type 'bridge'

trendy · May 31, 2021, 4:56pm

You can take one port from the lan and add it in a new vlan which belongs to guest.

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 5t'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '3 5t'

config interface 'guest'
        option ifname 'eth0.3'
        option proto 'static'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.0'
        option type 'bridge'

countingcrows · May 31, 2021, 5:03pm

Thanks. I already have that during testing. But is this the best way?

trendy · May 31, 2021, 7:31pm

Yes, what did you have in mind?

mk24 · May 31, 2021, 8:17pm

It's the only way, and the correct way.

Well since there are two CPU ports, you could switch the new VLAN to eth1 and use eth1.3 instead, but that's no practical difference.

countingcrows · May 31, 2021, 8:41pm

Thank you trendy and mk24.

I was wondering if this would have any performance effects. We are tagging another vlan. I can keep this Little S on wifi along with others, for example.

trendy · June 1, 2021, 10:14am

I don't think you'll notice anything.

I didn't get that.

countingcrows · June 1, 2021, 1:24pm

Guest Network is for IoT. Eufy Homebase already connects to WIFI, but also can connect to LAN port. I was wondering if this would introduce some latency to all traffic (VLAN tagging that) and if I should keep that as it with WIFI connection.

mk24 · June 1, 2021, 1:38pm

The Ethernet switch is all hardware and operates at line speed including the VLAN routing, tagging and de-tagging of packets. The eth0 port is already checking VLAN tags since the LAN is eth0.1. In any case, wifi requires more CPU cycles per packet than Ethernet does.

countingcrows · June 1, 2021, 2:09pm

All clear. Many thanks mk24.

system · June 11, 2021, 2:09pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.