Beryl ax and guest vlan

After reading the other vlan support pages I still have issues with setting up vlans on my beryl ax routers. I have used the DSA device option (openwrt option 3) is that correct for the Beryl ax makeup?
See below my config

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'XXXXX'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1.1'
	option ipv6 '0'

config device
	option name 'br-guest'
	option type 'bridge'
	list ports 'eth1.10'
	option ipv6 '0'

config device
	option name 'eth1'
	option macaddr 'XXXXX'
	option ipv6 '0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option isolate '0'
	option ipaddr '192.168.1.1'

config device
	option name 'eth0'
	option macaddr 'XXXXX'

config interface 'wan'
	option proto 'dhcp'
	option ipv6 '0'
	option device 'eth0.100'
	option hostname '*'

config interface 'guest'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option multicast_querier '1'
	option igmp_snooping '0'
	option isolate '0'
	option bridge_empty '1'
	option ipaddr '192.168.10.1'
	option disabled '0'
	option device 'br-guest'

config interface 'wwan'
	option proto 'dhcp'
	option metric '20'

config rule 'policy_bypass_vpn'
	option mark '0x60000/0x60000'
	option lookup '53'
	option priority '53'

config rule 'policy_via_vpn'
	option mark '0x80000/0x80000'
	option lookup '52'
	option priority '52'

config rule 'policy_dns'
	option mark '0x100000/0x100000'
	option lookup '51'
	option priority '51'

config interface 'wgserver'
	option proto 'wgserver'
	option config 'main_server'
	option disabled '0'

config device
	option vid '100'
	option ifname 'eth0'
	option name 'eth0.100'
	option ipv6 '0'
	option type '8021q'

config device
	option vid '1'
	option ifname 'eth1'
	option name 'eth1.1'
	option ipv6 '0'
	option type '8021q'

config device
	option vid '10'
	option ifname 'eth1'
	option name 'eth1.10'
	option ipv6 '0'
	option type '8021q'

config interface 'modem_1_1_2_6'
	option proto 'dhcpv6'
	option disabled '1'
	option device '@modem_1_1_2'

However, with brctl show, the vlan 10 is not shown on the guest bridge.
And the interface is not present when I configure a host in the ghost vlan on the switch.
I get the impression that pvid 1 untagged fallback is used instead of tagged as configured.

When looking into the bridge interface, vlan filtering is off and nothing is configured there, but I am under the impression that that is double, because I allready configured vlans under the interfaces.

any help is appreciated.

I am now a little further in solving this problem.
It seems that the config is correct, but that the br-guest bridge is unable to route.
When making the same config with any name but br-guest, it works and I can reach my other devices. However, when naming the interface br-guest again, the dhcp and connectivity stops outside the main beryl ax (wifi still works on this interface and gets served IP addresses).

But I need to call the interface br-guest since this is the only interface next to br-lan which populates the client list in the GUI which I use a lot. Can anyone give me a solution that makes external ethernet vlan connectivity possible AND in which the client list gets populated?

I didn’t understand your scenario, are you accessing the switch or hub on the LAN port?
The br-guest setting in that topic is simply to allow the device to access the guest network over the cable and does not involve VLAN ID configuration.

There is only one LAN port. What can do you to configure multiple vlan?

Yuxin
I want to build a guest and normal wifi spanning over 2 beryl ax. And I want to see both guest and normal clients in de client gui.

For this I have made 2 vlans between the beryls which I have connected to br-lan and br-guest with dhcp on the first beryl. For br-guest the vlan does not work. No connectivity, no dhcp after the first router.
The other vlan works fine. And when I couple the guest vlan to another name bridge interface, it also works but then the client list is not populated.

I made 2 dot1q logical vlan interfaces on the physical lan port. I also tried the approach of deleting the lan interface and making an mainswitch interface with 2 filtered vlans as proposed elsewhere on the forum, and attaching those to br-guest and br-lan. Unfortunately with the same result. The vlan of the br-guest does not come up.

Let me understand your purpose and configuration.

  1. first, connect the LAN port of Beryl AX 1 to the WAN port of Beryl AX 2.
  2. Then, both main Wi-Fi and guest Wi-Fi are enabled on Beryl AX 1.
    Now, you want to extend Beryl AX 2’s main Wi-Fi and guest Wi-Fi on Beryl AX 2. You want the client devices that are connected to Beryl AX 2 to be visible on Beryl AX 1’s admin panel as well. That’s why you’re going through the VLAN setup.
    Is that right?
    This may not be configurable…

Maybe you can say a little bit about your desired scenario? For example, how do you want your client devices to be connected, which devices can access each other, and which devices need to be isolated from each other?
Maybe there’s another way.

You are correct Yuxin (I take it you mean " Now, you want to extend Beryl AX 1 ’s main Wi-Fi and guest Wi-Fi on Beryl AX 2 ."). In addition I have a switch between the beryls doing vlans.
I want to centrally manage my devices in the client tab. For instance, I like the function to see what clients are doing which throughput to internet (use case: are my kids doing homework or youtube on their chromebook :innocent:, but it also helps in identifying unknown clients, see whether clients connect to 2.4 ghz due to 5ghz gap, etc).

Guest devices are my more dirty devices. Kids friends telephones, kids telephones, some old devices which do not update well and don’t pose a risk when broken. These need internet and nothing more, so isolation is a nice to have.
My normal wifi contains my NAS, home domotica, energy systems, “managed client”, etc. These do not function with isolation.

I also tried with my brume2 but that has no guest which fills the client list

I would assume that this is possible but only by doing pretty advanced configurations and without interacting with the GL GUI.

For getting this work you need to get the 2nd router into wired AccessPoint mode (so it will act like a switch) and have to configure the VLAN manually. So you can span them over both devices. (This will not create a mesh anyway - so it’s not like “easily” change from one Wi-Fi access point to another one)

I would assume that the only real way of getting this working is to use plain OpenWrt so no GL GUI configurations exist.

Admon, getting the setup working is no big issue with native openwrt (see my second post).
The problem is that I want the interaction with the Gui for the clients tab.

I bought the 2nd beryl ax because I was advised to switch to a central device with guest wifi because my initial setup with the central Brume2 could not populate the gui with a second bridge interface. (brume2 natively does not have wifi, but I had an external usb wifi dongle as fall-over.(getting that to work was a hassle :sweat_smile:))

bandwidthd could be the way to go then.

Don’t think that you will be able to get it working in the GL GUI, tbh. The GL GUI is pretty static and easy - not for advanced feature-sets.

Tried a couple of these monitoring tools but they all lack the “instant” block function and naming possibility of the gui.

Yep, because they are all for monitoring and not Surveillance the kids :wink:

I hope a solution can be found to make the br-guest behaviour like the br-lan behaviour in stead of the current stub behaviour of only the guest bridge.