Hello all,
I am trying to configure some VLANs on this RT-AC68U with 19.07.6 install. Hoping someone can help.
I have created everything with Luci.
All the VLANs are issuing IPs they just don't have internet access. Below are the configs:
NETWORK
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdaa:8d3e:f9db::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option ifname 'eth0.1 tap0 tap-server'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option metric '1'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr '78:24:AF:7d:03:e9'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '5t 1 2 3 4'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5t 0'
config interface 'VPN'
option proto 'none'
option ifname 'tun0'
option auto '0'
config interface 'VPNS'
option proto 'none'
option ifname 'tun-server'
option auto '0'
config interface 'TAP'
option proto 'none'
option ifname 'tap0'
option auto '1'
config interface 'TAPS'
option proto 'none'
option ifname 'tap-server'
option auto '0'
config interface 'wwan'
option proto 'dhcp'
option metric '2'
config interface 'wwan6'
option proto 'dhcpv6'
config switch_vlan
option device 'switch0'
option vlan '20'
option ports '5t 1t 2t 3t 4t'
config interface 'TpLinkAP'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '10.10.20.0'
option gateway '192.168.2.1'
list dns '1.1.1.1'
list dns '1.0.0.1'
option ifname 'eth0.20'
config switch_vlan
option device 'switch0'
option ports '5t 1t 2t 3t 4t'
option vlan '30'
config switch_vlan
option device 'switch0'
option ports '5t 1t 2t 3t 4t'
option vlan '50'
config interface 'SmartDevices'
option ifname 'eth0.50'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '10.10.50.0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'CCTV'
option ifname 'eth0.30'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '10.10.30.0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'wan1'
option proto 'dhcp'
option metric '10'
option ifname 'wan1'
config interface 'wan2'
option proto 'dhcp'
option metric '20'
option ifname 'wan2'
config interface 'wg0'
option proto 'wireguard'
option auto '0'
list addresses ''
config interface 'wg1'
option proto 'wireguard'
option auto '0'
list addresses ''
Firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'CCTV'
list network 'SmartDevices'
list network 'TpLinkAP'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'wwan'
list network 'wan1'
list network 'wan2'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone 'vpnzone'
option name 'VPN'
option forward 'REJECT'
option output 'ACCEPT'
option network 'VPN'
option input 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding 'vpnforward'
option dest 'VPN'
option src 'lan'
config zone 'vpnzones'
option name 'VPNS'
option forward 'REJECT'
option output 'ACCEPT'
option network 'VPNS'
option input 'ACCEPT'
option masq '1'
option mtu_fix '1'
config forwarding 'vpnforwards'
option dest 'VPNS'
option src 'lan'
config zone 'wgzone'
option name 'wg'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'wg0 wg1'
option input 'ACCEPT'
option masq '1'
option mtu_fix '1'