I am sure this is very easy for experienced guys. I am trying to assign LAN5 port on Flint 2 to the guest network so I can attach the iot bridges that do not have wifi.
I followed this guide and when I connect to LAN5, I am getting an IP address from the guest network in the 192.168.9.X range. However, I am not able to get to the internet. What am I missing?
Hello,
I just verified on my MT6000, that method is available:
Please confirm that you have completed every step.
If possible, please provide screenshots in steps.
Thank you for responding. I will provide the screenshots today evening. I did do every step and the screens look like mine.
One thing I noticed is that even though my IP is in the 192.168.9.x subnet I cannot ping the default gateway 192.168.9.1 - Isolation setting is off in GUI.
Do you have the Guest Wi-Fi enabled? Iâm thinking you do since you mentioned the Isolation setting. If the Guest Wi-Fi is enabled, then itâs the default IP is 192.168.9.1. So, it appears that you created a new LAN Interface with the same IP and DHCP services as the Guest network which is conflicting. Try setting the new LAN5 network interface to a different IP subnet.
But that is the idea, and it is per the instructions I posted. I want lan5 to be in the same network as guest wifi (192.168.9.x) which is enabled and working.
I will use the guest wifi ( plus a switch connected to lan5, which will also be in the guest wifi network) for iot and other insecure devices.
I want to plug in some iot bridges like the Tapo Bridge into the lan5 switch so it can communicate with other nodes in the guest wifi network (hence the isolation is off). At the same time, the guest wifi and main wifi will be isolated from each other to avoid compromised iot devices from accessing the main network.
You are right. lan5 is set up with the same IP range and DHCP as the guest wifi network but isn't this necessary to let it communicate with the guest wifi?
I followed these instructions and apparently this works.
Found a workaround 
In short, assign a different IP range from my Guest network and leave DHCP on for LAN5.
Going to try this tonight.
Can you confirm clients in 192.168.9.x and 192.168.10.x address ranges can communicate with each other as well as the Internet?
Also can you test the above networks cannot communicate with the main network which is by default 192.168.8.x ?
I don't want that the clients in the 192.168.9.x and 192.168.10.x range to communicate between themselves or the main network 192.168.8.x. That`s why I wanted to move them to the Guest part so they are isolated from themselves or from the main network. They can only access the wan.
My use case is Home Assistant server, which should be able to talk to the local iots. Hopefully turning off the device isolation will let it work.
Is your device isolation setting on?
Yes, is set to on. Maybe in your use case would be better to try VLAN`s. I would use them as well, but if I do, I will not be able to see devices in the GL.iNet UI Clients TAB. And I really like that part 
For ex, now on lan5 I can`t see the device connected in the Clients tab. 
No, I want to see the iots in the GUI as well, so I'll see if turning off the client isolation works.
Thanks a lot for your feedback. Spend the whole of Sunday struggling.
Just wonderingâŚ. If you chose the lan5 to be 192.168.9.2 and leave the DHCP unchecked as before, it would stay in the same network and then you will be able to see the clients attached in the GUI. Want to try?
Tried that already, not working. Device connected to lan5 will not get a DHCP address.
Ok, then you want LAN5 to be on the same IP network as the Guest network. The setup is different depending on which GL firmware version you are running.
First, on either firmware, do what you already did and remove the LAN5 checkbox from the br-lan bridge device.
On the Stable version of the Flint 2 firmware, edit the Guest Interface and select LAN5 in the Devices dropdown, then save and apply.
On the OpenWRT 24 firmware, edit the br-guest bridge interface and select LAN5 in the bridge ports dropdown, then save and apply.
That should put LAN5 on the Guest network.
Just a note, if you are using the Stable version of the GL firmware and you ever disable the Guest Wi-Fi, that will totally disable the Guest network and wired devices wonât even work. Thatâs because the base OpenWRT firmware in the Stable firmware version sets the Guest Interface as a Bridge device instead of using the br-guest bridge device that is created in the OpenWRT 24 firmware version.
Sorry, did not work
Running Stock GLinet firmware 4.8.3
Result: The device on LAN 5 got IP address from the wifi network 192.168.9.x all right, but was not able to ping anything. Weirdly, the guest wifi network also lost internet access for all clients. Then I tremoved LAN5 from Guest interface and guest wifi had internet access again.
This is what it looked like after step 2 (And it took away internet access from all guest network)
@bruce I have the same settings you have posted except for one big distinction.
Your Guest wifi is not enabled (no IP address), and probably that is why your LAN5 is working fine. My challenge is, I want both the Guest wifi clients and the LAN5 port clients to be enabled together in the same 192.168.9.x network.
Below is what my devices look like, and this configuration does not let LAN5 clients ping anything - in the guest wifi network OR the internet, despite being in the same (bridged) subnet.
However in this case
Guest wifi clients are fine, can ping others and get to internet
LAN5 client cannot ping any other guest wifi clients and cannot get to internet
@Void An update, your formula (assigning a different subnet to lan5 interface works.
But as you noted, the lan5 network devices do not appear in the GUI any more. So Iâm still hopeful of a solution whereby both guest wifi and lan5 can be in the same subnet.
What you tried did not work because you selected LAN5 from the wrong place.
So, don`t manually create the LAN5 interface anymore. (If it`s there already created by you before, you can delete it)
Go to Network - Interfaces - Devices
Select the Guest or Br-Guest depends what version you have and add LAN5.
See if you can do it from there on Stock 4.8.3
I`m on OpenWrt 24 version and it works that way.
Now LAN5 is part of the same Subnet and I can see the device in the Clients tab.
I can add some screenshots when I`m home if needed.
Btw, Thanks @DaWeav
Sorry that didnât work, it did for me. Did you remove the LAN5 interface network that you created? If not, then do that.
Also, since you are using the Stable firmware, you could do what I did to create the br-guest device bridge so that you can edit it on that version of the firmware so you can see and edit it in the Advanced LUCI GUI.
First, remove all the changes you made and return everything back to the defaults.
Hereâs is how I was able to make the âbr-guestâ device show up on the devices tab of the GL Stable version 21 firmwareâs LUCI GUI on my Flint 2. I used the VI editor to Edit the â/etc/config/networkâ file to add a few lines to create the âbr-guestâ device bridge, and changed one line in the Guest interface section of the network file to change it from being the âbr-guestâ bridge to using the br-guest device bridge that I created.
SSH to the router.
Edit the â/etc/network/configâ file by adding this which creates the br-guest device bridge.
vi /etc/network/config
Add this new section;
config device option name 'br-guest' option type 'bridge' option igmp_snooping '0'
Change one line in the (interface 'guest') section of the config to change the Guest Interface from being the hidden âbr-guestâ bridge itself, to using the âbr-guestâ device bridge created above.
Find the âinterface guestâ section of the â/etc/network/configâ file and change this line;
option name 'br-guest'
to this instead;
option device 'br-guestâ
Save the file and restart the Guest interface in the LUCI GUI. You should then see the âbr-guestâ bridge device assigned to the Guest network like @xcyber picture above, and be able to see and configure the br-guest device bridge on the devices tab.
If you do all this, then remove LAN5 from the br-lan device and add it to the br-guest device bridge.
