We typically use an unmanaged switch for troubleshooting bacnet IP networks. While this works great it requires dragging a cord out to power the switch. I have a GL-MT300N-V2 router that I though could maybe be used in its place. I'd need to configure the WAN as LAN so I can "tee" into the network, then connect via wifi to my laptop. Is this a possibility?
Should be possible...
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
-----------------------------------------------------
OpenWrt 22.03.4, r20123-38ccc47687
-----------------------------------------------------
root@GL-MT300N-V2:~# ubus call system board
{
"kernel": "5.10.176",
"hostname": "GL-MT300N-V2",
"system": "MediaTek MT7628AN ver:1 eco:2",
"model": "GL-MT300N-V2",
"board_name": "glinet,gl-mt300n-v2",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.4",
"revision": "r20123-38ccc47687",
"target": "ramips/mt76x8",
"description": "OpenWrt 22.03.4 r20123-38ccc47687"
}
}
root@GL-MT300N-V2:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdcf:4dd3:d223::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.8.1'
option netmask '255.255.255.0'
option ip6assign '60'
option isolate '0'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option force_link '0'
option ipv6 '0'
config interface 'wan6'
option proto 'dhcpv6'
option ifname '@wan'
option disabled '1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan 'vlan_lan'
option device 'switch0'
option vlan '1'
option ports '1 6t'
config switch_vlan 'vlan_wan'
option device 'switch0'
option vlan '2'
option ports '0 6t'
config interface 'tethering6'
option ifname '@tethering'
option proto 'dhcpv6'
option disabled '1'
config interface 'wwan6'
option ifname '@wwan'
option proto 'dhcpv6'
option disabled '1'
config interface 'guest'
option force_link '1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.9.1'
option netmask '255.255.255.0'
option ip6assign '60'
option multicast_querier '1'
option igmp_snooping '0'
option isolate '0'
option bridge_empty '1'
option disabled '1'
config interface 'wwan'
option proto 'dhcp'
config interface 'modem_1_1_2_6'
option ifname '@modem_1_1_2'
option proto 'dhcpv6'
option disabled '1'
config rule 'policy_direct_rt'
option lookup 'main'
option suppress_prefixlength '0'
option priority '1100'
config rule 'policy_default_rt_vpn'
option mark '0x8000/0xc000'
option lookup '8000'
option priority '1101'
option invert '1'
config rule6 'policy_direct_rt6'
option lookup 'main'
option suppress_prefixlength '0'
option priority '1100'
config rule6 'policy_default_rt_vpn6'
option mark '0x8000/0xc000'
option lookup '8000'
option priority '1101'
option invert '1'
root@GL-MT300N-V2:~# cat /etc/config/wireless
config wifi-device 'mt7628'
option type 'mtk'
option band '2g'
option htmode 'HT40'
option channel 'auto'
option txpower '100'
option country 'US'
option disabled '0'
option legacy_rates '0'
config wifi-iface 'wifi2g'
option device 'mt7628'
option mode 'ap'
option network 'lan'
option ifname 'ra0'
option ssid 'GL-MT300N-V2-b9d'
option encryption 'psk2'
option key 'goodlife'
option wds '1'
option isolate '0'
config wifi-iface 'guest2g'
option device 'mt7628'
option network 'guest'
option mode 'ap'
option ifname 'ra1'
option encryption 'psk2'
option key 'goodlife'
option ssid 'GL-MT300N-V2-b9d-Guest'
option guest '1'
option disabled '1'
option wds '1'
option isolate '1'
root@GL-MT300N-V2:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option rebind_protection '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option force '1'
option dhcpv6 'disabled'
option ra 'disabled'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config domain
option name 'console.gl-inet.com'
option ip '192.168.8.1'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'disabled'
option ra 'disabled'
root@GL-MT300N-V2:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
list network 'wwan'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'nat6'
option path '/etc/firewall.nat6'
option reload '1'
config rule 'block_dns'
option name 'block_dns'
option src '*'
option dest_port '53'
option target 'REJECT'
option enabled '0'
option device 'br-*'
config include 'gls2s'
option type 'script'
option path '/var/etc/gls2s.include'
option reload '1'
config include 'glblock'
option type 'script'
option path '/usr/bin/gl_block.sh'
option reload '1'
config zone
option name 'guest'
option network 'guest'
option forward 'REJECT'
option output 'ACCEPT'
option input 'REJECT'
config forwarding
option src 'guest'
option dest 'wan'
config rule
option name 'Allow-DHCP'
option src 'guest'
option target 'ACCEPT'
option proto 'udp'
option dest_port '67-68'
config rule
option name 'Allow-DNS'
option src 'guest'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
config include 'vpn_server_policy'
option type 'script'
option path '/etc/firewall.vpn_server_policy.sh'
option reload '1'
option enabled '1'
root@GL-MT300N-V2:~#
It appears you are using firmware that is not from the official OpenWrt project.
When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.
You may find that the best options are:
- Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
- Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
- Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).
If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.
This is what is installed from GL.iNet out of the box.
If it were an "official version" what would be the setup to accomplish what was put forth in my original post?
Official openwrt here:
https://firmware-selector.openwrt.org/?version=23.05.4&target=ramips%2Fmt76x8&id=glinet_gl-mt300n-v2
Or if you want to continue using the gl-inet fork, please ask in their support channels.
Once installed how would it be setup to work as a switch with wifi?
@toekneedee67
I have no idea what a "bacnet" network is, but if what you describe is configuring as an "unmanaged switch with wifi so you can tee in to a switch port and monitor traffic" then yes this is a few simple config edits to achieve on both OEM firmware and official OpenWrt.
Bare in mind though, the mt300n-v2 is limited to 100Mb/s ethernet.
As @psherman says, if you upgrade to official OpenWrt we can help you here.
If not, ask on the gl-inet forum.