Converting network setup from openwrt 22.03.01 to GL-MT6000 (flint2)

Good morning/afternoon/etc.
I'm trying to convert my existing network setup running on WNDR3700 v1 with OpenWRT 22.03.01 to GL-MT6000 (flint 2). In my current situation the OpenWRT is the core router with RJ45 connection, WAN via DHCP and 4 Android TV Boxes SDSTB01 running EON platform.

wndr3700496×471 20.2 KB

My current OpenWRT config is

-----------------------------------------------------
 OpenWrt 22.03.1, r19777-2853b6d652
 -----------------------------------------------------
root@125:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd30:9bc5:13a8::/48'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.11.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'
	option macaddr '00:22:68:xx:xx:xxx'

config interface 'wan6'
	option proto '6in4'
	option peeraddr 'xx'
	option ip6addr 'xxxxxx'
	option ip6prefix 'xxxxxx'
	option tunnelid 'xxxxx'
	option username 'xx'
	option password 'xxxxx'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'
	list ports 'eth2'

config device
	option name 'eth0'
	option macaddr '06:a1:51:xx:xx:xx'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'
	option blinkrate '2'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5'

config switch_port
	option device 'switch0'
	option port '1'
	option led '6'

config switch_port
	option device 'switch0'
	option port '2'
	option led '9'

config switch_port
	option device 'switch0'
	option port '5'
	option led '2'

My GL-MT6000 config is

root@GL-MT6000:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd3e:f8fe:b71e::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'lan5'
	option igmp_snooping '1'

config device
	option name 'lan1'
	option macaddr '94:83:c4:xx:xx:xx'

config device
	option name 'lan2'
	option macaddr '94:83:c4:xx:xx:xx'

config device
	option name 'lan3'
	option macaddr '94:83:c4:xx:xx:xx'

config device
	option name 'lan4'
	option macaddr '94:83:c4:xx:xx:xx'

config device
	option name 'lan5'
	option macaddr '94:83:xx:xx:xx'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.8.1'
	option netmask '255.255.255.0'
	option isolate '0'
	option ip6assign '64'
	option ip6hint '0000'
	option ip6ifaceid '::1'
	option ip6class 'local'

config device
	option name 'eth1'
	option macaddr '94:83:c4:a6:f4:53'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'
	option force_link '0'
	option metric '10'
	option classlessroute '0'
	option ipv6 '0'

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'
	option disabled '1'

config interface 'tethering6'
	option proto 'dhcpv6'
	option device '@tethering'
	option disabled '1'

config interface 'wwan6'
	option proto 'dhcpv6'
	option device '@wwan'
	option disabled '1'

config interface 'guest'
	option force_link '1'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.9.1'
	option netmask '255.255.255.0'
	option multicast_querier '1'
	option isolate '0'
	option bridge_empty '1'
	option disabled '1'
	option igmp_snooping '1'
	option ip6prefix 'fd3e:f8fe:b71e::/48'
	option ip6assign '64'
	option ip6hint '0001'
	option ip6ifaceid '::1'
	option ip6class 'guest'

config interface 'wwan'
	option proto 'dhcp'
	option metric '20'
	option classlessroute '0'

config interface 'secondwan'
	option ipv6 '0'
	option proto 'dhcp'
	option metric '15'
	option force_link '0'
	option classlessroute '0'

config interface 'secondwan6'
	option proto 'dhcpv6'
	option disabled '1'
	option metric '15'
	option device '@secondwan'

config rule 'policy_direct_rt'
	option lookup 'main'
	option suppress_prefixlength '0'
	option priority '1100'

config rule 'policy_default_rt_vpn'
	option mark '0x8000/0xc000'
	option lookup '8000'
	option priority '1101'
	option invert '1'

config rule6 'policy_direct_rt6'
	option lookup 'main'
	option suppress_prefixlength '0'
	option priority '1100'

config rule6 'policy_default_rt_vpn6'
	option mark '0x8000/0xc000'
	option lookup '8000'
	option priority '1101'
	option invert '1'

config rule 'policy_default_rt_vpn_ts'
	option lookup 'main'
	option priority '1099'
	option mark '0x80000/0xc0000'
	option invert '0'

config rule 'policy_relay_lo_rt_lan'
	option lookup '16800'
	option in 'loopback'
	option priority '1'

I'm with the latest stable GL inet firmware. My problem is that internet on WiFi works, but IPTV boxes do not pick the signal.
My questions are:

1. How can I add the missing untagged VLAN and switch config in FLINT2 config without risking bricking the unit? I'm ok to do it via command line or LUCI. I see that device names are different and probably the hw setup between the netgear and the flint2. need help with the proper mapping of names and devices
2. should i stick to the default stable or switch to -op24 gl inet firmware to guarantee best compatibility between what i have and what to adapt.
3. if in the future I want to add a managed switch, should I ask my ISP for the IPTV VLAN tag so that I can tag the IPTV VLAN accordingly in the switch and the FLINT2

Many thanks in advance for the help!

Hello,

1. If you want to use VLAN, please enter the Luci to configure: Luci -> Network -> Interface -> Device -> "br-lan" Configure -> Bridge VLAN filtering

you can try this tutorial by onemarcfifty:

Generally, the correct settings will not become bricked, the software settings almost no brick risk.
Even if the network settings are abnormal, you can reset the all configuration by pressing the reset button 8 secs.

2. If the current firmware version meets the requirements, there is no need to switch to -op24 firmware. but if you like to newer OP version, you can also consider installing it.

3. You need to know the VLAN tag ID and configure the port correctly on Flint 2, otherwise it cannot pass IPTV packets through Flint2.

@bruce ,
thank you. I did run tcpdump on my current box and it seems I need to ask my ISP the VLAN tag ID for IPTV. I see a lot of nonces and authentication stuff, might be I need to ask them to allow my new device in their system. I will give an update in a week.

@bruce ,
Spoke with my ISP today. According to them there are no VLAN tags, no igmp and multicasts. Just plain https unicast streaming. When I asked why boxes get stuck with signal, the ISP support told me to cold boot the tv box after powering up the new router. Did also ran tcpdump last night and can confirm that I saw mostly https unicast traffic with nonces for authentication.
So I will test in the morning

• shutting down all android tv devices
• powering up the new flint 2
• booting up a box
• testing with -op24 on another unit and vlan filtering on the stock 4.7.4 if I get stuck

@bruce,
I accepted your solution. Thanks for the links. Currently browsing via my new Flint2 unit with TV devices working without any modification. I had a call with my ISP support and they explained me the SDSTB01 models need to be power-cycled after migrated to a new router. I did an extended power outage on them and first hooked my new router into power and internet. Then i started plugging one by one. For the moment I also added an intermediate switch to enjoy the fun of VLANs later on.
Just in case i left IGMP snooping on, with version 3 enabled. doesn't hurt. I will look into my current config of the OpenWRT for DNS and the other parts and start merging slowly.
So bottom line is:

1. call ISP to confirm settings needed
2. analyze existing traffic if possible
3. apply new settings on the new router
4. do an extend power-off of any client devices hooked in the home network > 5 min to be on the safe side from having old data cached in them. even in sleep mode some devices have the network information stored.