GL mt6000: mDNS and IOT isolated wifi

HI,

Just got my GL mt6000, and I am in the process of setting it up for my home. I have 2 questions:

  1. Can I use the Guest network, for my IOT devices? I still not very familiar with Luci. Therefore, I figured, it would be easier to configure the Guest network to create a secure network for IOT devices.

1.1 According to the list below, how do I set up the router to create the separate networks for normal and IOT devices (VLANS ?).
1.2 How do I bridge them together? And what configuration types are there to consider?
1.3 I used Cloudflare for exposing my home assistant to the outside world, should I instead use a application already present on the GL mt6000 for doing so?
What I have and want:

On the GL mt6000:

  • LAN 1: Managed switch for PC’s printer etc,
  • LAN 2: Truenas Server
  • LAN 4: Hue bridge connected to GL mt6000
  • LAN 5: home assistant running on a Pi, connected to the GL mt6000
  • Wi-Fi: normal devices.
  • IOT-Wi-Fi: Multiple esphome devices, all connected to home assistant
  • IOT-Wi-Fi: some Shelly devices connected over.
  1. Homeassistant and ESPHome devices are using mDNS for discovery, this leads to some problems, since some of them are not discovered anymore by Homeassistant. Has anyone has some experience with it and could give me some advice on how to tackle this? I looked into the openWRT ZeroConf (umdns, Avahi), but this also seems to be a bit involved.

Thank you in advance,
Best
Fabian

1 Like

Geezus; there’s a lot going on in this post given all the other devices you’ve got going on. Here’s what I’m going to suggest: you’re going to find yourself wanting to get into LuCI & SSH sooner than later. Before doing so to do more advanced setups (eg: IoT VLANs &/or bridging VLANs), make sure you have a backup(s) to fall back on if things go awry. Here’s a HOW-TO:

You’re already running the latest release, OpenWrt 23.05. From there, feel free to consult the OpenWrt Wiki, maybe their forums, if you don’t find what you need in the GL docs.

… but I don’t see a reason why not to use the Guest subnet for IoT if you know you won’t be having any guests use it.

(You might want to map/diagram your current network vs your ideal network setup; see draw.io)

1 Like

Not wanting to be harsh to op, but if you are a beginner i would suggest first to make seperated networks first per port just to get a bit familar with luci and DSA.

i mean iot can be easily added into a guest network for now maybe after some time you can add vlan topology and more complexity to your network :smile:

Note since i read op is very familar with GL UI, thats fine but the chances are also there you break support for gl ui once you go beyond gls ui options.

I think for more advanced i can recommend a YouTube channel https://youtube.com/@OneMarcFifty?si=LG4sTR8eVJ3NKPUb

He covers alot of DSA based videos but also wifi and isolation videos :+1:, but i think best is to start with a really simple setup first.

1 Like

… & backups. Lots of backups!

Keep a log too, @FabianM . Both baled my ass out of a few muck ups on more than one occasion.

1 Like

Hi,
[EDIT] regarding backups and using openWRT: I am familiar with linux and fine with using the CLI. The problem I have is, that I don’t know most commands and nomenclature, and therefore this might lead to simple copy past errors in the config files since I still have a hard time reading them.

thank you for the replies, good tip for using the guest network for my IOT.
I found the Videos from OneMarcFifty yesterday, Pretty good channel, I will check it out.

What kind of changes should I make to allow devices (PC, smartphone) to access HA(homeassistant) when using the Guest network for my IOT stuff?
Ether I have the Pi running HA in the regular network but then I have to expose it to the guest network, or I reserve one LAN Port for the guest WiFi and I then need a good option to access HA with my phone.
I think I could still use my cloudflare tunnel to access the HA server, that might be the easier option and I have good Isolation between the Networks. I am not sure if I need a VLAN to have a LAN port in the guest network…?

Or just use my spare router (mikrotik hapAX3) just for the IOT stuff, this would leave the FLINT2 clean. good choice ?

Best

Assuming you have a topology like:

iot/guest interface → wan
lan → wan

Where lan shares wifi and iot shares a other wifi network or use ethernet seperated from lan.

Then you can do two things either forward the firewall zones:

for lan you forward to zone iot or guest.

Or a better approach this is how i would do it:

create a traffic rule, src lan, dest iot/guest, and then the dest ip of your HA.

The zones can be found in luci, luci → network tab → firewall, and the traffic rules are there aswell in a tab.

Most of the commands should be vim, opkg as replacement for apt, and if you want to be more advanced uci for the configuration, but you can also edit them in /etc/config and with winscp you can access everything similar like ftp :+1:, normally for a backup we do that in luci its in the system tab, but these backups can also be opened as zip file, to move configs one at a time aswell.

1 Like

Which is why my protocol is to take a backup before I make any changes & after I’m confident those settings are working. Restoring a backup is just a matter of uploading a small archive file & rebooting. It should be less than 1 min ‘downtime’ in your case.

LuCI is just a front end to uci which itself is a front end to editing .conf. It’s rare I use uci when I can just fire up vi(m).

That’s is what I’d do. Wholly isolate the IOT behind its own subnet. Make the Flint 2 your ‘main router’. You can always create custom routes at a later time.

… but really, you should see that HOW-TO & whip up some diagrams. You’re going to need to break up your goals into more digestible chunks.

1 Like

@xize11 @bring.fringe18 You are right, first I should make a topology. While I am reading and watching guides and tutorials, I start to see how valuable it is, to understand what I want.

I am having a easier time just using the CLI and Vim, anyway… guess I just have to learn some basics for interacting with openwrt and the config files.

TY for your help, For now I will follow your advice and make smaller steps :). ill be back when I have done my homework!

2 Likes