Client isolation

In OpenWrt ...you have to have a bridge if you intend to have a WiFi to a VLAN

i think "wifi to a vlan" is a misnomer as dot11 frames dont have any such concept .

Now two options come :-

1. want to bridge wlan with router lan switch or not ?
   now as bridging is L2 concept now if you have done the vlan segmentation of your switch and want bridging of any sub interface with wlan or ( as done by default by opnert ( they make a bridge call br-lan that has lan ethernet port and wlan port bridged ) you can do bridging

if you . opt for this firewall rules will be wriitin for zones LAN ( having br-lan( lan ethernet port and wlan) ) and WAN zone

but this is not a complusion what i usually do is remove wlan from the bridge and make three interfaces and apply policies accordingly more granularly

OpenWrt creates a br-lan by default**
A vlan is needed for Wired
IF YOU REMOVE THIS, LAN has to be reconfigured.**
in OpenWrt,** VLANs and Interfaces are synonyms, so it is possible to address a wlan1 without VLAN and add it to a bridge. BUT you would need to do this future if, FOR EXAMPLE, the OP CONNECTED IT TO THE FIREWALL MENTIONED!

dont reply let me complete plz

Why are you improperly quoting me from here? (or actually, failing to quote me whatsoever)

Do you have an actual issue with an OpenWrt device?

i respect you dude, i really want to have discussion with you , you are correct but only quoting a subset of all cases , that is why i am quoting you

if you want i am removing your name fine

done removed

I'm curious if you actually have an issue with Client Isolation or keeping wireless devices from talking to wired ones.

I'm more than willing to setup my test routers and take screenshots for you.

BTW, I think you misunderstood, your OP now includes my words, but fails to attribute me.

Since you quoted me...I would have been more than happy to have told you in the previous thread that it is not a mosnomer.

The Kernel must logically do something to connect a 1000base connection to a WiFi interface. In Linix this is a bridge.

To use the switch PHYs, they must each have a VLAN ID.

Simple.

If you begin editing different interfaces in OpenWrt, you have to ensure you do not break other PHYs already configured.

no no , kernel only give api utilised by ifconfig and wlconfig and wi and all to customise , in this concept i just told kernal not to bridge my vint created on PHY with and eth port

you are taking me wrong , i can also show you screen shots of all or even video

its not true you can use the whole switch in openwrt disabling vlan mode too

@lleachii

see it has option , you can disable it when you want

@lleachii . it was very nice talking to you . its nice community

I'm not sure if you forgot:

• not all OpenWrt routers are identical
• Yes, you can disable vlans, but then you cannot zone, forward any traffic (via zones) or create mutiple wired networks.

I don't understand the point. Yes you can do that. OpenWrt uses the UCI, though.

lets make it intresting.. lets bet on a gift .

my statement is i dont need vlans in this case
case is If i have eth1 eth2 wlan0 , no vlan is requires all untagged traffic flows
if wrong i ll send you a router if correct you send me one

yes i do agree on this

i got what you are trying to say

cpu tagging ??

I think you're going to owe him router...

You are correct, 802.11 does not have the notion of VLAN tagging.

However, the hardware switch requires internal VLAN tags to isolate the flows, even if you choose to remove those tags on delivery to the switch's ports (the phys, and the physical jacks).

Since you are not the OP of: GL-MT300A: Wireless devices cannot get IPs

I'm not sure what the bet it. I must decline.

You don't need a VLAN in your case, comparing it to the OP in GL-MT300A: Wireless devices cannot get IPs

Your use case is different. You would bridge to put eth1 and eth2 on the same network. It isn't a switch.

i think i should increase the number of routers

Dang...I coulda got a free router! LOL