when i add eth0.1, eth0.2, eth0.3, eth0.4 into br-lan bridge, computers connected to the lan ports of the router stop seeing it. the router stops reply to client pings, clients stop receiving addresses from the dhcp server. how can i fix this issue?
In my network there are several devices for viewing iptv. part of them use multicast, another part use unicast through udpxy. I would like to enable igmp snooping to exclude multicast traffic on ports where he was not asked. and I would like all these devices to be on the same physical network.
If on the same physical network, if you then segregate by VLANs, then all of the clients will need to be VLAN-aware and (manually) configured for VLAN access on their connections.
I'm not sure that using VLANs is going to gain you anything -- all the packets will still be present "on the wire". If anything, it will make congestion worse as you might be multicasting more than one VLAN.
clients do not necessarily have vlan support, because all router lan ports configured to untagged mode.
as I wrote at the beginning, this configuration works fine on another router and I want to repeat it on this. but for some reason this configuration does not work on this router.
you can try to repeat this config:
vlan cpu0 lan1 lan2 lan3 lan4
1 tagged untag off off off
2 tagged off untag off off
3 tagged off off untag off
4 tagged off off off untag
after this you can add interfaces eth0.1, eth0.2, eth0.3 and eth0.4 into bridge br-lan
I don't think you can accomplish what you want, which I understand to be traffic for certain clients to be sent only over certain physical ports, without either putting each of the ports on their own subnets, or by providing static routes for the specific hosts.
My guess is that if you look at your routing table it is not doing what you want. Mapping the physical ports to interfaces is only the start of the configuration I believe you'll need to perform.
Jeff I think what he wants is to turn the device into a smart switch, bridge each port in the CPU instead of switch hardware, and by doing that also enable igmp snooping on the Linux bridge and limit the multicast spam.
ok. br-lan bridge successfully created with new interfaces eth0.1, eth0.2, eth0.3, eth0.4 and wlan0(wifi). clients connected via Wi-Fi continue to have access to the router. they can ping router ip, while clients connected to lan ports of the same router lose access to router. they stop receiving ping answers from router. What more detailed information is needed to diagnose this problem? may be tcpdump output is needed or something else?
Your "lan" zone at the firewall includes networks "lan lan2 lan3 lan4", but only "lan" is a valid network name; however, I do not think this should cause the behaviour you explain.
Could you please execute these commands, and post the results here:
"brctl show"
"ifconfig"
Also, just for testing purposes, could you disable IGMP snooping and try again?
10.136.212.0/22 dev eth1.21 scope link src 10.136.214.174
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
ip -6 route show
unreachable fd3c:3f33:53a4::/48 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan0 metric 256
fe80::/64 dev eth1 metric 256
fe80::/64 dev eth1.1 metric 256
fe80::/64 dev eth1.21 metric 256
unreachable default dev lo metric -1 error -128
ff00::/8 dev eth0 metric 256
ff00::/8 dev br-lan metric 256
ff00::/8 dev wlan0 metric 256
ff00::/8 dev eth1 metric 256
ff00::/8 dev eth1.1 metric 256
ff00::/8 dev eth1.21 metric 256
unreachable default dev lo metric -1 error -128
lan2, lan3 and lan4 appeared in the firewall configuration after I made separate interfaces lan2 for eth0.2 lan3 for eth0.3 and lan4 for eth0.4 with separate ip addresses for each interface, lan2, lan3, lan4 was deleted, but records in firewall config remain