GL-AXT1800 adding physical interface eth2 (LAN2) to Guest network

I have the my Guest wifi network setup as a Wireguard client and isolated using the firewall zones (“guest=>wgclient” only). Right now both physical interfaces connect only to the primary LAN and share the same MAC address. What is the best way to reallocate only one of these from the LAN bridge to the Guest bridge?

root@XXXXX:/etc/config# ubus call system board; uci export network
{
        "kernel": "4.4.60",
        "hostname": "XXXXX",
        "system": "ARMv7 Processor rev 4 (v7l)",
        "model": "GL Technologies, Inc. AXT1800",
        "board_name": "glinet,axt1800",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "21.02-SNAPSHOT",
                "revision": "r16399+157-c67509efd7",
                "target": "ipq807x/ipq60xx",
                "description": "OpenWrt 21.02-SNAPSHOT r16399+157-c67509efd7",
                "tip-revision": "OpenWrt 21.02-SNAPSHOT r16399+157-c67509efd7 / TIP-devel-ee17d932",
                "tip-version": "devel"
        }
}
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdc8:2840:0afb::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'
        list ports 'eth2'
        option multicast_to_unicast '0'

config device
        option name 'eth1'
        option macaddr '94:83:c4:27:xx:xy'

config device
        option name 'eth2'
        option macaddr '94:83:c4:27:xx:xy'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option isolate '0'
        option ipaddr '192.168.7.1'

config device
        option name 'eth0'
        option macaddr '94:83:c4:27:xx:xx'

config interface 'wan'
        option device 'eth0'
        option proto 'dhcp'
        option force_link '0'
        option ipv6 '0'

config interface 'wan6'
        option proto 'dhcpv6'
        option disabled '1'
        option device '@wan'

config switch
        option name 'switch0'
        option reset '0'
        option enable_vlan '0'

config interface 'tethering6'
        option proto 'dhcpv6'
        option disabled '1'
        option device '@tethering'

config interface 'wwan6'
        option proto 'dhcpv6'
        option disabled '1'
        option device '@wwan'

config interface 'guest'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.9.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option multicast_querier '1'
        option igmp_snooping '0'
        option isolate '0'
        option bridge_empty '1'

config interface 'wwan'
        option proto 'dhcp'
        option metric '20'

config rule 'policy_bypass_vpn'
        option mark '0x60000/0x60000'
        option lookup '53'
        option priority '53'

config rule 'policy_via_vpn'
        option mark '0x80000/0x80000'
        option lookup '52'
        option priority '52'

config rule 'policy_dns'
        option mark '0x100000/0x100000'
        option lookup '51'
        option priority '51'

config interface 'wgclient'
        option proto 'wgclient'
        option config 'peer_8059'
        option disabled '0'


Thank you.

1 Like

Copy br-lan part to br-guest will be okay. example /etc/config/network

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	option multicast_to_unicast '0'

config device
	option name 'br-guest'
	option type 'bridge'
	list ports 'eth2'
	option multicast_to_unicast '0'

config device
	option name 'eth1'
	option macaddr '94:83:c4:1f:7c:6e'

config device
	option name 'eth2'
	option macaddr '94:83:c4:1f:7c:6e'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option isolate '0'
	option ipaddr '192.168.173.1'

config interface 'guest'
	option proto 'static'
	option device 'br-guest'
	option ipaddr '192.168.9.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option isolate '0'

After editing network config file, then

root@GL-AXT1800:~# /etc/init.d/network restart
root@GL-AXT1800:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br-guest                7fff.9483c41f7c6e       no              eth2
br-lan          7fff.9483c41f7c6e       no              eth1
                                                        wlan0
                                                        wlan1

Thank you for the reply hansome. I tried exactly as you said, and unfortunately it did not work. It did remove the eth2 from br-lan, but did not add it to br-guest.

I’m a bit confused where br-guest is actually defined. If you look at my export above, you can see that it appears to be defined here using “config interface”.

config interface 'guest'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.9.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option multicast_querier '1'
        option igmp_snooping '0'
        option isolate '0'
        option bridge_empty '1';

There doesn’t seem to be a current corresponding “device” section for “br-guest” like there is for “lan”, but br-guest does show up using brctl:

root@XXXX:/etc/config# brctl show
bridge name     bridge id               STP enabled     interfaces
br-guest                7fff.9283c427xxxy       no              wlan0-1
                                                        wlan1-2
br-lan          7fff.9483c427xxxx       no              eth1
                                                        eth2
                                                        wlan0
                                                        wlan1-1

If I run: brctl delif br-lan eth2
followed by: brctl addif br-guest eth2

Then it does seem to re-assign it properly, but I’m not sure how to translate this back into the network file format to make it permanent. (Also, funny enough, eth1 seems to actually be labelled “LAN2” and eth2 as “LAN1” on the router printing.)

Hi again. I redid it using the Luci gui following the instructions here and it works now (including re-association of br-guest to the guest firewall zone).
https://forum.gl-inet.com/t/ax-1800-luci-br-guest-does-not-appear-in-devices-list/24696/4

Ultimately the network uci file did end up similar to your direction, so I’m not sure why didn’t work the first time by just editing the file directly.

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth2'
        option multicast_to_unicast '0'

config device
        option name 'br-guest'
        option type 'bridge'
        list ports 'eth1'
        option multicast_to_unicast '0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option isolate '0'
        option ipaddr '192.168.7.1'

config interface 'guest'
        option device 'br-guest'
        option force_link '1'
        option proto 'static'
        option ipaddr '192.168.9.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option multicast_querier '1'
        option igmp_snooping '0'
        option isolate '0'
        option bridge_empty '1'

brctl output:

root@XXXXX:/etc/config# brctl show
bridge name     bridge id               STP enabled     interfaces
br-guest      7fff.9483c427xxxy       no              eth1
                                                                         wlan0-1
                                                                         wlan1-2
br-lan          7fff.9483c427xxxx       no              eth2
                                                                         wlan0
                                                                         wlan1-1

Thank you!

1 Like