After reading the other vlan support pages I still have issues with setting up vlans on my beryl ax routers. I have used the DSA device option (openwrt option 3) is that correct for the Beryl ax makeup?
See below my config
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'XXXXX'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
option ipv6 '0'
config device
option name 'br-guest'
option type 'bridge'
list ports 'eth1.10'
option ipv6 '0'
config device
option name 'eth1'
option macaddr 'XXXXX'
option ipv6 '0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option isolate '0'
option ipaddr '192.168.1.1'
config device
option name 'eth0'
option macaddr 'XXXXX'
config interface 'wan'
option proto 'dhcp'
option ipv6 '0'
option device 'eth0.100'
option hostname '*'
config interface 'guest'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option multicast_querier '1'
option igmp_snooping '0'
option isolate '0'
option bridge_empty '1'
option ipaddr '192.168.10.1'
option disabled '0'
option device 'br-guest'
config interface 'wwan'
option proto 'dhcp'
option metric '20'
config rule 'policy_bypass_vpn'
option mark '0x60000/0x60000'
option lookup '53'
option priority '53'
config rule 'policy_via_vpn'
option mark '0x80000/0x80000'
option lookup '52'
option priority '52'
config rule 'policy_dns'
option mark '0x100000/0x100000'
option lookup '51'
option priority '51'
config interface 'wgserver'
option proto 'wgserver'
option config 'main_server'
option disabled '0'
config device
option vid '100'
option ifname 'eth0'
option name 'eth0.100'
option ipv6 '0'
option type '8021q'
config device
option vid '1'
option ifname 'eth1'
option name 'eth1.1'
option ipv6 '0'
option type '8021q'
config device
option vid '10'
option ifname 'eth1'
option name 'eth1.10'
option ipv6 '0'
option type '8021q'
config interface 'modem_1_1_2_6'
option proto 'dhcpv6'
option disabled '1'
option device '@modem_1_1_2'
However, with brctl show, the vlan 10 is not shown on the guest bridge.
And the interface is not present when I configure a host in the ghost vlan on the switch.
I get the impression that pvid 1 untagged fallback is used instead of tagged as configured.
When looking into the bridge interface, vlan filtering is off and nothing is configured there, but I am under the impression that that is double, because I allready configured vlans under the interfaces.
I am now a little further in solving this problem.
It seems that the config is correct, but that the br-guest bridge is unable to route.
When making the same config with any name but br-guest, it works and I can reach my other devices. However, when naming the interface br-guest again, the dhcp and connectivity stops outside the main beryl ax (wifi still works on this interface and gets served IP addresses).
But I need to call the interface br-guest since this is the only interface next to br-lan which populates the client list in the GUI which I use a lot. Can anyone give me a solution that makes external ethernet vlan connectivity possible AND in which the client list gets populated?
I didn’t understand your scenario, are you accessing the switch or hub on the LAN port?
The br-guest setting in that topic is simply to allow the device to access the guest network over the cable and does not involve VLAN ID configuration.
Yuxin
I want to build a guest and normal wifi spanning over 2 beryl ax. And I want to see both guest and normal clients in de client gui.
For this I have made 2 vlans between the beryls which I have connected to br-lan and br-guest with dhcp on the first beryl. For br-guest the vlan does not work. No connectivity, no dhcp after the first router.
The other vlan works fine. And when I couple the guest vlan to another name bridge interface, it also works but then the client list is not populated.
I made 2 dot1q logical vlan interfaces on the physical lan port. I also tried the approach of deleting the lan interface and making an mainswitch interface with 2 filtered vlans as proposed elsewhere on the forum, and attaching those to br-guest and br-lan. Unfortunately with the same result. The vlan of the br-guest does not come up.
first, connect the LAN port of Beryl AX 1 to the WAN port of Beryl AX 2.
Then, both main Wi-Fi and guest Wi-Fi are enabled on Beryl AX 1.
Now, you want to extend Beryl AX 2’s main Wi-Fi and guest Wi-Fi on Beryl AX 2. You want the client devices that are connected to Beryl AX 2 to be visible on Beryl AX 1’s admin panel as well. That’s why you’re going through the VLAN setup.
Is that right?
This may not be configurable…
Maybe you can say a little bit about your desired scenario? For example, how do you want your client devices to be connected, which devices can access each other, and which devices need to be isolated from each other?
Maybe there’s another way.
You are correct Yuxin (I take it you mean " Now, you want to extend Beryl AX 1 ’s main Wi-Fi and guest Wi-Fi on Beryl AX 2 ."). In addition I have a switch between the beryls doing vlans.
I want to centrally manage my devices in the client tab. For instance, I like the function to see what clients are doing which throughput to internet (use case: are my kids doing homework or youtube on their chromebook , but it also helps in identifying unknown clients, see whether clients connect to 2.4 ghz due to 5ghz gap, etc).
Guest devices are my more dirty devices. Kids friends telephones, kids telephones, some old devices which do not update well and don’t pose a risk when broken. These need internet and nothing more, so isolation is a nice to have.
My normal wifi contains my NAS, home domotica, energy systems, “managed client”, etc. These do not function with isolation.
I also tried with my brume2 but that has no guest which fills the client list
I would assume that this is possible but only by doing pretty advanced configurations and without interacting with the GL GUI.
For getting this work you need to get the 2nd router into wired AccessPoint mode (so it will act like a switch) and have to configure the VLAN manually. So you can span them over both devices. (This will not create a mesh anyway - so it’s not like “easily” change from one Wi-Fi access point to another one)
I would assume that the only real way of getting this working is to use plain OpenWrt so no GL GUI configurations exist.
Admon, getting the setup working is no big issue with native openwrt (see my second post).
The problem is that I want the interaction with the Gui for the clients tab.
I bought the 2nd beryl ax because I was advised to switch to a central device with guest wifi because my initial setup with the central Brume2 could not populate the gui with a second bridge interface. (brume2 natively does not have wifi, but I had an external usb wifi dongle as fall-over.(getting that to work was a hassle ))
I hope a solution can be found to make the br-guest behaviour like the br-lan behaviour in stead of the current stub behaviour of only the guest bridge.
Can you draw a network topology to help us understand your needs?
If you just want the second beryl’s client to become the first beryl’s guest client and display on the gui, simply move eth1 from the first to br-guest and set the AccessPoint mode for the second beryl
Both SSID’s guest & secure have to be transmitted on both Beryl AX systems.
they cannot repeat wirelessly due to the distance, it has to be cabled.
Can you suggest?
Tbh this isn’t something you should do with the Beryl even if it might be possible.
In that case, you need to go with luci-settings instead, which will make it a pain if you want to install firmware updates (because the settings might get overwritten) - for example VLANs are not officially supported by the GL GUI.
From my personal (and professional) view, I would go with access points only and then add 1 router to do all the fancy stuff.
Thank you Admon, but I had this working with a Brume 2 and 2 beryls ax for the ap function. However, also the brume2 was not able to do the guest function in the GUI.
It works as long as I do not use the br-guest interface. but I need to use this br_guest to get the clients in the GUI
I went for the Beryl AX instead of the Brume2 on advise of gl.inet, so I would like to know from Gl.inet how to set it up.
Beryl AX 1 as a router:
br-lan (eth1(lan port) + ra0(2.4g main) + rax0(5g main)) static ip 192.168.8.x/24 ,as a dhcp server
br-guest (eth1.1(lan port vlan 1) + ra1(2.4g guest) + rax1(5g guest)) static ip 192.168.9.x/24 , as a dhcp server
Beryl AX 2 as a AP:
br-lan (eth0(wan port) + eth1(lan port) + ra0(2.4g main) + rax0(5g main)) , as a dhcp client
br-guest (eth0.1 (wan port vlan 1) + ra1(2.4g guest) + rax1(5g guest)) , as a dhcp client
config Beryl AX 1
you need to enable guest WIFI firstly on GLUI.
Modify /etc/config/network
config device #create a 8021q device , lan port vlan 1(name as eth1.1), macaddr can be written to an unused one
option type '8021q'
option ifname 'eth1'
option vid '1'
option name 'eth1.1'
option macaddr 'xx:xx:xx:xx:xx:xx'
option mtu '1500'
config device # create a guest bridge that contains eth1.1
option name 'br-guest'
option type 'bridge'
list ports 'eth1.1'
config interface 'guest' #guest interface using br-guset bridge device
...
option device 'br-guest'
restart network /etc/init.d/network restart
config Beryl AX 2
you need to enable guest WIFI firstly on GLUI.
Modify /etc/config/network
config device
option name 'br-lan'
option type 'bridge'
...
list ports 'eth1'
list ports 'eth0' #bridge wan port
config interface 'lan'
option device 'br-lan'
...
option proto 'dhcp' #change proto 'static' to 'dhcp'
config device #create a 8021q device , wan port vlan 1(name as eth0.1), macaddr can be written to an unused one
option vid '1'
option ifname 'eth0'
option name 'eth0.1'
option mtu '1500'
option macaddr 'xx:xx:xx:xx:xx:xx'
option type '8021q'
config device # create a guest bridge that contains eth0.1
list ports 'eth0.1'
option type 'bridge'
option name 'br-guest'
option bridge_empty '1'
config interface 'guest' #guest interface using br-guset bridge device
...
option device 'br-guest'
option proto 'dhcp' #change proto 'static' to 'dhcp'
Modify /etc/config/dhcp , disable lan and guest’s dhcp server
The only problem with this is that all the clients in beryl ax 2 appear as wired connections on beryl ax 1’s GLUI, and you can determine whether they are guest by ip.
, but it also helps in identifying unknown clients, see whether clients connect to 2.4 ghz due to 5ghz gap, etc).
))
