Hi,
So tldr I just want to assign LAN5 port into a LAN Guest Network (instead of WiFi). I'll add in another switch to that port (WAVLINK AX3000M) for my guests outside my farm.
Is it possible with my Flint 2? I also want to ask if a client/device is connected, it will show in my glinet admin clients page as guest (like the one with the guest wifi icon).
I saw some workaround with Luci but I wanted to make sure first. I'm on 4.7.0-op24 thanks
I think it is possible for the Flint 2 with the 4.7.0-op24.
Refer this thread:
LAN 4 will be moved the guest network.
It can display guest clients of LAN4 port with guest IP, but it will not be like the WiFi icon. It should be wired since the LAN4 is a wired cable port.
@bruce I glad to hear that the version 24 gl firmware shows the ‘br-guest’ bridge device natively now, sweet.
However, I was able to make the ‘br-guest’ bridge device show up on the devices tab of the gl version 21 firmware’s LUCI GUI on my Flint 2.
The way I got the ‘br-guest’ device to appear on the LUCI GUI’s devices tab on the version 21 gl firmware, was to edit the ‘/etc/config/network’ file to change the Guest interface from being the ‘br-guest’ bridge, and adding a few lines to create the ‘br-guest’ bridge so that I could then see it in the LUCI GUI’s devices tab.
I changed the ‘/etc/network/config’ file by adding this;
config device option name 'br-guest' option type 'bridge' option igmp_snooping '0'
And, I changed one line in the (interface 'guest') section of the config. I changed the line (option name 'br-guest') to (option device 'br-guest') which changed the Guest Interface from being the ‘br-guest’ bridge itself, to using the ‘br-guest’ bridge device I created.
I then saved the file and restarted the Guest LAN interface in the LUCI GUI, and when I went to the devices tab, I could then see the ‘br-guest’ bridge device and configure it further in the the LUCI GUI on the version 21 of the gl firmware.
Thanks for the reply and apologies for the late response. I just managed to try this out and it worked. However, I couldn't see any device connected in my clients list. Even the router (connected to lan5) isn't showing in the clients list.
Is there another workaround to isolating lan5 restricting it from accessing admin (192.168.8.1) or communicating with other devices?
I’m thinking the devices connected to the external device do not get their DHCP IP assignments from the MT6000, and the external device’s management IP is set statically?
If so, then @bruce can confirm that those clients probably won’t show up on the MT6000 GUI devices list since I don’t think the MT6000 will show the entire ARP table in the GUI. In that case, SSH into the MT6000 and use the ‘arp’ command which should show all of the IP’s/mac-addresses discovered on the various interfaces.
BTW, something to consider is that if at some point both of the Guest Wireless networks on the MT6000 are not enabled, then the Guest Network won’t be active since it disables the Guest interface. So in that case, the Guest network’s DHCP services won’t work and the Guest’s IP network won’t be routed anywhere so anything connected to a LAN port assigned to the Guest network will not work either.
The external device/router is on DHCP and it's assigning an IP to the router and connected devices in it.192.168.9.x - which the IP range of the guest network if I'm not mistaken.
I'll try doing ssh and arp once I get back home in 2 days.
Regarding enabling guest network, I thought of this too. I enabled the WiFi guest network and see if could trigger identifying the devices connected to the lan port, but no it doesn't either.
It sure seems like the external device is providing the DHCP IP addresses to the wireless clients as an AP mode device. So the MT6000 only sees the one WAN IP address of the AP device and nothing connecting to it.
If you want to see the devices on the MT6000, and if the wireless device has other modes other than AP Mode available, you could try the using another mode. For example, a Repeater mode could work, but Repeater mode might require a wireless uplink connection instead using the device’s Ethernet port. If it has a Mesh mode, then again the device might use a wireless uplink connection instead of using the device’s Ethernet port. It just depends on how the manufacturer’s firmware is setup. So, now that you have the MT6000 Ethernet connection working with the device, you might contact the manufacturer of the device and asked them about it.
It would be great if GL implemented the guest LAN feature in the standard interface 
Thanks for the response. I think I'll just give up on the guest LAN network for now. Side question: Is there a way for me to isolate the devices connected to other router? I mean, I tried doing everything by default like literally just plug and play and the repeater/router is on AP mode, everything shows in the clients GUI - but the issue now is they can talk to each other on my network i.e. can access admin GUI etc.
Is there a way for me to have some kind of security on my admin settings? Or like literally isolate everything on that lan port.
I created a Guest LAN on my MT6000 by creating a new network interface on another 192.168.x.x IP subnet in the Advanced LUCI GUI and set it up to use the Guest firewall.
The MT6000 isolate's clients on its Guest network since the default of the Guest Network configuration in the GUI has the isolate feature enabled. But you're using an external AP which the MT6000 does not control the network for while it is in AP Mode since the Wireless clients are connecting to the AP's Wireless network and not the MT6000's.
When you have the AP connected to the LAN port on the MT6000 which is assigned to the Guest network, the Wireless clients connected to the AP should not be able to access the MT6000's Admin GUI's, but they probably can access the AP's Admin GUI since that's their network. It's up to how the manufacture setup their firmware if they even allow the ability to restrict access to the AP's Admin GUI.
Does this guest network ignore Tailscale's rules? This is important.
Sorry, I do not know since I don’t use Tailscale, but since it’s just an additional network using the same Guest firewall rules, it should work.
Thanks for this - can you please give me step by step instructions on how you did this? Just note that I'm on 4.7.0-op24
I tried to play around this creating guest networks but i can't make it to work. Maybe I was doing something wrong.
EDIT:
Will it also show the devices connected in the AP in GLinet's clients page? I made the guest network work before but it doesn't show the connected devices in the clients.
If it is a custom newly created Radio AP, it will not be displayed in GL GUI > clients on current firmware. Since the clients list are hardcoded.
Future GL firmware will support more Radio APs by default.