GL-MT2500 setup trunking ports for multiple vlans

Hello!

Im looking to throw the current router my ISP gave me and trying to see if its possible to reuse some of my older equipment, my goal is to have a safe vpn access to my home and my home is split up into 7 diffrent vlans. I had this unit at home collecting dust i was wondering if its possible to make the GL-MT2500 setup a couple of vlans. In luci it seems possible but the tab for switching dose not exist. I only have eth0 and eth1 to use and putting upp vlans on these devices seem not work properly, but i assume its my lack of knowledge on the device.
My first thought was if i setup all of my vlans on one of these interfaces, how do i trunk the port?
I also was wondering if anyone knows which of the eth0 or eth1 is better to use and if anyone can say which of these is the wan or lan

Thank you!

1 Like

Your device is supported by OpenWRT snapshot.
https://firmware-selector.openwrt.org/?version=SNAPSHOT&target=mediatek%2Ffilogic&id=glinet_gl-mt2500

Will be a bit of discomfort until next stable release:
https://openwrt.org/docs/guide-quick-start/developmentinstallation#snapshots_do_not_include_the_luci_web_interface_by_default

Basic setup - you enable VLANs on switch, then tag and untag them on various ports to your liking.

Are you running GL.iNet software or actual Openwrt?

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Hello and thanks for the reply!

Im still running the stock firmware with the GL.inet software/web gui. But this unit has full access to luci with their software. As mentioned before, the biggest problem is i cant get to the switch page in luci. I also do not have any switch interfaces only eth0 and eth1.

Is this a workaround to get to the switch tab?

In this case, you need to ask GL-Inet. Their firmware is very significantly modified relative to official OpenWrt and therefore it works differently. They will be able to answer questions about that device when it is running the stock firmware.

If you install official OpenWrt, we can help you here.

1 Like

Hello!

I havent been usung openwrt before and mainly used pfsens but im curious how to get an official openwrt firmware so i can do a flush of my gl inet unit to try out and see if i can resolve my question about vlans and having vpn support on the gl-mt2500 unit

Keep in mind that the device is not yet supported by an official stable release of OpenWrt. It is supported currently in snapshot only, which may potentially have bugs, especially during the development of initial support for the device.

Also, note that the LuCI web interface is not included by default on snapshots. You can easily install it yourself, or you can even create a custom image (with the firmware selector) that includes LuCI.

https://firmware-selector.openwrt.org/?version=SNAPSHOT&target=mediatek%2Ffilogic&id=glinet_gl-mt2500

Ive downloaded the sysupgrade of the snapshot and run the file in luci under the system->backup/firmware->flash new firmware image and selectes the file (7.24mb) afterwards i seem to have gotten a success since my ip adress get assisgned to new network 192.168.1.1 instead of 192.168.8.1 which it was before on th gl inet firmware, but now im not abel to access web gui or connecting it on ssh, is it bricked?

The web UI issue is expected...

As for ssh, you should be able to connect:

ssh root@192.168.1.1

If that doesn't work, please show us what errors you are seeing.

Hi and thank you!

I missed that part of bare ssh , so i got inside it and it works, did the install of luci and its working well, but im still missing the switch tab for vlan assignment and editing trunking for my lan side

This would imply that your device is either using DSA or has individually routed ports.

Let's see the network config file:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network

Not much came out to be honest and no mac adresses either as seen below

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdf3:d55a:8eb0::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth0'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0'
        option proto 'dhcpv6'

root@OpenWrt:~#

Yup... looks like individually routed ports.

It should be pretty easy to get these to do what you want, though.

Please specify the VLAN configuration you want on each port -- what VLAN IDs will be present on each port. For the trunk port(s), will a VLAN be untagged or will they all be tagged? If one will be untagged, which one?

And what is the management VLAN that will be used on this device? What address should the MT2500 hold on your network?

So ideally i would like to separate my network into 7 vlans and then i would use firewall rules or sd-wan / mdns to make some vlans talk to each other and/or some block for internet access(untrusted devices) . My setup was initally to do a admin network for all IT equipment on vlan 1 and the other networks like below. Every vlan will be trunked and tagged to my managed 2.5gbe switch. So basically the router will just keep track of networks and allow for vpn access to the network. The MT2500 deivce only has 1 "wan port" and 1 "lan port"

I made the following vlans on my AP and managed switches
Vlan id 1
Vlan id 234
Vlan id 543
Vlan id 587
Vlan id 666
Vlan id 878
Vlan id 1234
Vlan id 3458

Is this the main router?

Indeed , well it will be

Ok... I'll show you how to add one VLAN, you can then use the recipe for the rest (just do one for now and test it).

Start in /etc/config/network, add the new subnet:

config interface 'vlan234'
        option device 'eth1.234'
        option proto 'static'
        option ipaddr '192.168.234.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

Moving on to /etc/config/firewall, add this to the lan firewall zone for now (this will simplify initial setup; you can later put it in another firewall zone if you want to restrict it):

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'vlan234'

Add a DHCP server in /etc/config/dhcp

config dhcp 'vlan234'
	option interface 'vlan234'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'

On your managed switch, ideally you've got an untagged+PVID network (VLAN 1) and VLAN 234 tagged on the trunk port already. Assign another port on the managed switch to be used as an access port for each of these VLANs (i.e. a port that is untagged + PVID for VLAN 1 and another port for VLAN 234).

Now, restart and test by plugging a computer into each of the ports on the switch as per above.

Editing the files for dhcp firewall and network, saving it and rebooting the device makes the device unreachable, setting static ip on pc to try to reach it dose not work either, neither the standard network nor the newly created 234.