You need to delete device eht0.2
, the wan
interfaces and vlan 2.
Then add the second port to the default vlan 1.
uci delete network.@device[2]
uci delete network.wan
uci delete network.wan6
uci delete network.@switch_vlan[1]
uci set network.@switch_vlan[0].ports='4 5 0t'
Assuming the LAN IP address of the main router is 192.168.1.1 and 192.168.1.2 is free, change the IP configuration of the lan
interface of the AP as follows:
uci set network.lan.ipaddr='192.168.1.2'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.gateway='192.168.1.1'
uci set network.lan.dns='192.168.1.1'
Run uci show network
and verify that the configuration looks like this:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd3e:c6d6:55da::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config device
option name 'eth0.1'
option macaddr '08:55:31:ac:8b:fd'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.2'
option gateway '192.168.1.1'
option dns '192.168.1.1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '4 5 0t'
config interface 'guest'
option proto 'static'
option ipaddr '192.168.11.1'
option netmask '255.255.255.0'
Disable the DHCP service for the lan interface:
uci set dhcp.lan.ignore='1'
Rewrite this rule using dest_ip
address (the private IP subnet):
rulenum=$(uci show firewall | grep 'Guest - Block' | sed 's/.*\@//;s/\.name.*//')
uci delete firewall.@"$rulenum"
uci add firewall rule
uci set firewall.@rule[-1]=rule
uci set firewall.@rule[-1].src='guest'
uci set firewall.@rule[-1].name='Guest - Block'
uci set firewall.@rule[-1].dest='lan'
uci set firewall.@rule[-1].dest_ip='192.168.1.0/24'
uci set firewall.@rule[-1].target='REJECT'
uci set firewall.@rule[-1].proto='all'
Restart the affected services without committing the changes:
/etc/init.d/network restart; /etc/init.d/dnsmasq restart; /etc/init.d/firewall restart
You will lose access to the device.
Update your computer's IP configuration and try to connect to the new device's IP address.
If everything is fine commit the changes (uci commit changes
).
If you can't access the device, turn off/on the power and the previous setting will be restored.