Pyanne
November 13, 2022, 12:27pm
1
I'm a newbie. I just flashed my Linksys WRT54GS to openWRT 22.03.
Using LuCi, I don't see anywhere the physical ports of the router. There is no lan1, lan2, etc. In Network>Interfaces there is a bridge called LAN but in it's Edit window there is no lan1, lan2,... under the Device menu. Instead, I see the bridge itself (???), eth0 and two vlans. Very confusing!
In Network>Devices the only device not greyed is br-lan. No trace of any physical port in its setting either.
How can I create a vlan with ports 1 and 2, then another vlan with ports 3 and 4?
Pico
November 13, 2022, 12:34pm
2
an older non-DSA device.
there should be a menu: network -> switch.Cannot block ICMPv6 in LAN zone - #7 by Pico
but could be tight with RAM.
1 Like
Pyanne
November 13, 2022, 1:01pm
3
Thanks.
EDIT: That's not enough!
I don't understand in which order I should do things.
I added vlan10 in Network>Switch
I created a bridge in Network>Devices (Device type=Bridged device, Device name=MyBr , Bridge ports=eth0.10 )
I added a new interface in Network>Interfaces (Device=MyBr )
The newly added interface Do not have uptime, MAC nor IP. It only says Error : Network is not present
It's not an easy way!
1 Like
I got mine set up like here:
[openwrt2_switch]
Here is mine. I connect upstream through WAN, and downstream to the VLANs per port.
I understand the CPU needs to be tagged for communication. Likely you'll have higher performance if you all put them on the same CPU, but for me this set up is simpler.
Also, don't forget to set your firewall properly if you do this.
Also, keep an eye on the firewall for WAN-LAN traffic rules.
Let's see your config files in text format:
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
Pyanne
November 13, 2022, 6:02pm
6
My switch config looks the same.
Pyanne
November 13, 2022, 6:04pm
7
Let's go:
root@OpenWrt:/etc/config# cat network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdeb:55fb:0078::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
list dns '192.168.1.1'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
option ipaddr '10.0.0.100'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '1 2 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 5t'
option vid '2'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '10'
option ports '0t 3 4 5t'
option description 'VLAN10'
config device
option type 'bridge'
option name 'MyBr'
list ports 'eth0.10'
option mtu '1500'
option macaddr 'XX:XX:XX:XX:XX:XX'
config device
option name 'eth0.10'
option type '8021q'
option ifname 'eth0'
option vid '10'
option macaddr 'XX:XX:XX:XX:XX:XX'
option mtu '1500'
config interface 'port3and4'
option proto 'static'
option device 'MyBr'
option ipaddr '10.0.10.100'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
root@OpenWrt:/etc/config# cat wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'ssb0:0'
option channel '1'
option band '2g'
option htmode 'NOHT'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
root@OpenWrt:/etc/config# cat dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'port3and4'
option interface 'port3and4'
option start '100'
option limit '150'
option leasetime '12h'
root@OpenWrt:/etc/config# cat firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'`Preformatted text`
I'd recommend that you remove the gateway definitions from both lan and port3and4 networks (the gateway routing will be automatic based on the standard routing tables).
Regariding the switch configuration, unless VLAN 10 is supposed to be available on the WAN port, you probably want to remove 0t from the ports list below:
Your port3and4 network is not assigned to a firewall zone -- try assigning it to the lan zone.
Pyanne
November 14, 2022, 2:47pm
9
Thank you for helping me.
system
November 24, 2022, 2:47pm
10
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
