Ok so I'm effectively trying to create something like this.. I'll preface this by saying I'm new to OpenWRT & related devices but I've been reading quite a lot and watching some videos but it's not quite clicking.
My understanding is that I need to create a primary VLAN first (ie; br-lan10 according to picture in top diagram) and have my LAN (including main wifi network with trusted devices) included & then extend br-lan 20/30/40/50 in br-lan.10 so they're all part of the same LAN?
I have discord if anybody would like to help there as well. Other people I live with kind of depend on this WIFI so setting it up with as minimal downtime as possible would really be nice. I plan to learn it more in depth using proxmox where nobody else is effected by my foolery.
I think that because it is openwrt vanilla it would be better to ask on the openwrt forum.
It's actually stock glinet firmware.. sorry.
root@GL-MT6000:~# ubus call system board
{
"kernel": "5.4.238",
"hostname": "GL-MT6000",
"system": "ARMv8 Processor rev 4",
"model": "GL.iNet GL-MT6000",
"board_name": "glinet,gl-mt6000",
"release": {
"distribution": "OpenWrt",
"version": "21.02-SNAPSHOT",
"revision": "r15812+1075-46b6ee7ffc",
"target": "mediatek/mt7986",
"description": "OpenWrt 21.02-SNAPSHOT r15812+1075-46b6ee7ffc"
}
}
root@GL-MT6000:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'xxxx:xxxx:xxxx::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
option macaddr 'xx:xx:xx:xx:xx:xx'
config device
option name 'lan1'
option macaddr 'xx:xx:xx:xx:xx:xx'
config device
option name 'lan2'
option macaddr 'xx:xx:xx:xx:xx:xx'
config device
option name 'lan3'
option macaddr 'xx:xx:xx:xx:xx:xx'
config device
option name 'lan4'
option macaddr 'xx:xx:xx:xx:xx:xx'
config device
option name 'lan5'
option macaddr 'xx:xx:xx:xx:xx:xx'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.8.1'
option netmask '255.255.255.0'
option ip6assign '60'
option isolate '0'
config device
option name 'eth1'
option macaddr 'xx:xx:xx:xx:xx:xx'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
option force_link '0'
option ipv6 '0'
option classlessroute '0'
option metric '10'
config interface 'wan6'
option proto 'dhcpv6'
option device '@wan'
option disabled '1'
config interface 'tethering6'
option device '@tethering'
option proto 'dhcpv6'
option disabled '1'
config interface 'wwan6'
option device '@wwan'
option proto 'dhcpv6'
option disabled '1'
config interface 'guest'
option force_link '1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.9.1'
option netmask '255.255.255.0'
option ip6assign '60'
option multicast_querier '1'
option igmp_snooping '0'
option isolate '0'
option bridge_empty '1'
option disabled '1'
config interface 'wwan'
option proto 'dhcp'
option classlessroute '0'
option metric '20'
config interface 'secondwan'
option ipv6 '0'
option proto 'dhcp'
option metric '15'
option force_link '0'
option classlessroute '0'
config interface 'secondwan6'
option proto 'dhcpv6'
option device '@secondwan'
option disabled '1'
option metric '15'
config interface 'modem_1_1_2_6'
option proto 'dhcpv6'
option disabled '1'
option device '@modem_1_1_2'
config rule 'policy_direct_rt'
option lookup 'main'
option suppress_prefixlength '0'
option priority '1100'
config rule 'policy_default_rt_vpn'
option mark '0x8000/0xc000'
option lookup '8000'
option priority '1101'
option invert '1'
config rule6 'policy_direct_rt6'
option lookup 'main'
option suppress_prefixlength '0'
option priority '1100'
config rule6 'policy_default_rt_vpn6'
option mark '0x8000/0xc000'
option lookup '8000'
option priority '1101'
option invert '1'
config rule 'policy_default_rt_vpn_ts'
option lookup 'main'
option priority '1099'
option mark '0x80000/0xc0000'
option invert '0'
In LUCI on the Devices screen that you've already found (as per your screenshot)
br-lan > configure > bridge vlan filtering, setup tagging/native.etc in there.
I think having "local" ticked means the vlan is available on the internal link between the switch chip and the main CPU.
I wasn't sure how "lan" would behave after this so I moved that to Vlan as well and then set it as Untagged and Primary on one of the LAN ports so I could still reach the router on it without going through the external switches.
I'd suggest backing up your config before you do this as if you do something wrong you might lose access to the router and have to factory reset it to regain access.
This is what mine looks like
I also have "Management" Vlan which is the default for the port facing my switch, its where the native vlan on the switch ends up because it didn't really want it having internet access (That vlan is blocked from internet on the firewall)
Edit:
Also make sure your switch is set to use Tagged for the additional vlans on the port connected to the flint
1 Like
Hi there! I still don't get it! Or in other words. I think I understand how to do it and then I go and configure it and then the change won't apply.
Isn't there a truly step by step how to?
If I go to YouTube the example there are all vanilla openwrt.
Using KI (ChatGPT, GEMINI) also doesn't help since those don't understand the current setup.
Please help!
- I want to have an own dhcp on two ports. Like 192.168.178.0/24 - let's call it vlan178
- I want to access everything from vlan178 as I can currently from 192.168.8.1
- I want to access everything inside 192.168.8.1 from vlan178 but not the other way around
Currently I'm running:
|Firmware Version|OpenWrt 24.10.0-rc2 r28161-ea17e958b9 / LuCI openwrt-24.10 branch 24.337.27339~b1968d9|
|Kernel Version|6.6.63|
on Flint 2
