Hi,
Does anyone have a SSH script to setup VLAN’s on the Flint 3.
I have used the one posted by Bruce for IOT, but I was also looking for the same for the switch ports.
Thanks.
I thought someone would have this.
Thanks, in anticipation.
Hello,
I see you've discussed this here before, and you've pinpointed the VPN issue.
Please share what your VPN dashboard or VPN configuration?
Unfortunately, the router has been set back to factory and I have reverted to the stock firmware 4.7.11 due to the below error in LuCI.
Switch switch0 has an unknown topology - the VLAN settings might not be accurate.
Although, this has not rectified the switch problem so the router must have had this error out of the box.
There are so many problems with this router, I’m really not happy, I purchased the Flint 3 to replace my Flint 2, but I am now thinking of returning it due its poor performance and instability.
That's not an error, it's a warning. The switch numbering is weird in the flint 3. The numbering is backwards in LuCi, and different again in the config files. In the config files LAN1/WAN2 is port 7, LAN2 is port 6, LAN3 is port 5, and LAN4 is port 4. So, if I wanted my IoT VLAN30 on LAN3, I would untag port 5. Remember port 3 is the CPU and must be tagged in all VLANS, so I would tag port 3 and untag port 5 in the switch config.
So setting up the switch for that VLAN would look like this.
uci set network.vlan_iot='switch_vlan'
uci set network.vlan_iot.device='switch1'
uci set network.vlan_iot.vlan='30'
uci set network.vlan_iot.ports='3t 5ut' **# THIS IS WHERE PORTS ARE SET**
Here is my complete script for an IoT VLAN30 set to LAN3.
uci set network.vlan_iot='switch_vlan'
uci set network.vlan_iot.device='switch1'
uci set network.vlan_iot.vlan='30'
uci set network.vlan_iot.ports='3t 6t'
uci set network.eth1_30=device
uci set network.eth1_30.type='8021q'
uci set network.eth1_30.ifname='eth1'
uci set network.eth1_30.vid='30'
uci set network.eth1_30.name='eth1.30'
uci add network device
uci set network.@device[-1].type='bridge'
uci set network.@device[-1].name='br-iot'
uci add_list network.@device[-1].ports='eth1.30'
uci set network.iot=interface
uci set network.iot.proto='static'
uci set network.iot.device='br-iot'
uci set network.iot.ipaddr='192.168.30.1'
uci set network.iot.netmask='255.255.255.0'
uci set dhcp.iot=dhcp
uci set dhcp.iot.interface='iot'
uci set dhcp.iot.start='100'
uci set dhcp.iot.limit='150'
uci set dhcp.iot.leasetime='12h'
uci add firewall zone
uci set firewall.@zone[-1].name='iot'
uci set firewall.@zone[-1].input='ACCEPT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci add_list firewall.@zone[-1].network='iot'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='iot'
uci set firewall.@forwarding[-1].dest='wan'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='iot'
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-DHCP-IoT'
uci add_list firewall.@rule[-1].proto='udp'
uci set firewall.@rule[-1].src='iot'
uci set firewall.@rule[-1].dest_port='67-68'
uci set firewall.@rule[-1].target='ACCEPT'
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-DNS-IoT'
uci set firewall.@rule[-1].src='iot'
uci set firewall.@rule[-1].dest_port='53'
uci set firewall.@rule[-1].target='ACCEPT'
uci add firewall rule
uci set firewall.@rule[-1].name='Block-IoT-Intra'
uci set firewall.@rule[-1].src='iot'
uci set firewall.@rule[-1].dest='iot'
uci set firewall.@rule[-1].target='REJECT'
uci set firewall.@rule[-1].proto='all'
uci add firewall rule
uci set firewall.@rule[-1].name='Block IoT WebUI'
uci set firewall.@rule[-1].src='iot'
uci set firewall.@rule[-1].target='DROP'
uci set firewall.@rule[-1].dest_port='22 80 443 8080'
uci set wireless.iot2g=wifi-iface
uci set wireless.iot2g.device='wifi0'
uci set wireless.iot2g.network='iot'
uci set wireless.iot2g.mode='ap'
uci set wireless.iot2g.ifname='wlan30'
uci set wireless.iot2g.ssid='IoT'
uci set wireless.iot2g.encryption='psk2+ccmp'
uci set wireless.iot2g.key='goodlife'
uci set wireless.iot2g.wds='1'
uci set wireless.iot2g.hidden='0'
uci set wireless.iot2g.isolate='1'
uci set wireless.iot2g.disabled='0'
uci set wireless.iot2g.ieee80211k='1'
uci set wireless.iot2g.bss_transition='1'
uci set wireless.iot5g=wifi-iface
uci set wireless.iot5g.device='wifi1'
uci set wireless.iot5g.network='iot'
uci set wireless.iot5g.mode='ap'
uci set wireless.iot5g.ifname='wlan31'
uci set wireless.iot5g.ssid='IoT'
uci set wireless.iot5g.encryption='psk2+ccmp'
uci set wireless.iot5g.key='goodlife'
uci set wireless.iot5g.wds='1'
uci set wireless.iot5g.hidden='0'
uci set wireless.iot5g.isolate='1'
uci set wireless.iot5g.disabled='0'
uci set wireless.iot5g.ieee80211k='1'
uci set wireless.iot5g.bss_transition='1'
uci set wireless.iot6g=wifi-iface
uci set wireless.iot6g.device='wifi2'
uci set wireless.iot6g.network='iot'
uci set wireless.iot6g.mode='ap'
uci set wireless.iot6g.ifname='wlan32'
uci set wireless.iot6g.ssid='IoT'
uci set wireless.iot6g.encryption='sae'
uci set wireless.iot6g.key='goodlife'
uci set wireless.iot6g.wds='1'
uci set wireless.iot6g.hidden='0'
uci set wireless.iot6g.isolate='1'
uci set wireless.iot6g.disabled='0'
uci set wireless.iot6g.ieee80211k='1'
uci set wireless.iot6g.bss_transition='1'
uci commit
reboot
Here is my complete script for a Work VLAN60 assigned to LAN4, complete with MLO.
uci set network.vlan_work='switch_vlan'
uci set network.vlan_work.device='switch1'
uci set network.vlan_work.vlan='60'
uci set network.vlan_work.ports='3t 4ut'
uci set network.eth1_60=device
uci set network.eth1_60.type='8021q'
uci set network.eth1_60.ifname='eth1'
uci set network.eth1_60.vid='60'
uci set network.eth1_60.name='eth1.60'
uci add network device
uci set network.@device[-1].type='bridge'
uci set network.@device[-1].name='br-work'
uci add_list network.@device[-1].ports='eth1.60'
uci set network.work=interface
uci set network.work.proto='static'
uci set network.work.device='br-work'
uci set network.work.ipaddr='192.168.60.1'
uci set network.work.netmask='255.255.255.0'
uci set dhcp.work=dhcp
uci set dhcp.work.interface='work'
uci set dhcp.work.start='100'
uci set dhcp.work.limit='150'
uci set dhcp.work.leasetime='12h'
uci add firewall zone
uci set firewall.@zone[-1].name='work'
uci set firewall.@zone[-1].input='ACCEPT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci add_list firewall.@zone[-1].network='work'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='work'
uci set firewall.@forwarding[-1].dest='wan'
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-DHCP-Work'
uci add_list firewall.@rule[-1].proto='udp'
uci set firewall.@rule[-1].src='work'
uci set firewall.@rule[-1].dest_port='67-68'
uci set firewall.@rule[-1].target='ACCEPT'
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-DNS-Work'
uci set firewall.@rule[-1].src='work'
uci set firewall.@rule[-1].dest_port='53'
uci set firewall.@rule[-1].target='ACCEPT'
uci add firewall rule
uci set firewall.@rule[-1].name='Block-Work-Intra'
uci set firewall.@rule[-1].src='work'
uci set firewall.@rule[-1].dest='work'
uci set firewall.@rule[-1].target='REJECT'
uci set firewall.@rule[-1].proto='all'
uci add firewall rule
uci set firewall.@rule[-1].name='Block Work WebUI'
uci set firewall.@rule[-1].src='work'
uci set firewall.@rule[-1].target='DROP'
uci set firewall.@rule[-1].dest_port='22 80 443 8080'
uci set wireless.work2g=wifi-iface
uci set wireless.work2g.device='wifi0'
uci set wireless.work2g.network='work'
uci set wireless.work2g.mode='ap'
uci set wireless.work2g.ifname='wlan60'
uci set wireless.work2g.ssid='Work'
uci set wireless.work2g.encryption='psk2+ccmp'
uci set wireless.work2g.key='goodlife'
uci set wireless.work2g.wds='1'
uci set wireless.work2g.hidden='0'
uci set wireless.work2g.isolate='1'
uci set wireless.work2g.disabled='0'
uci set wireless.work2g.ieee80211k='1'
uci set wireless.work2g.bss_transition='1'
uci set wireless.work5g=wifi-iface
uci set wireless.work5g.device='wifi1'
uci set wireless.work5g.network='work'
uci set wireless.work5g.mode='ap'
uci set wireless.work5g.ifname='wlan61'
uci set wireless.work5g.ssid='Work'
uci set wireless.work5g.encryption='psk2+ccmp'
uci set wireless.work5g.key='goodlife'
uci set wireless.work5g.wds='1'
uci set wireless.work5g.hidden='0'
uci set wireless.work5g.isolate='1'
uci set wireless.work5g.disabled='0'
uci set wireless.work5g.ieee80211k='1'
uci set wireless.work5g.bss_transition='1'
uci set wireless.work6g=wifi-iface
uci set wireless.work6g.device='wifi2'
uci set wireless.work6g.network='work'
uci set wireless.work6g.mode='ap'
uci set wireless.work6g.ifname='wlan62'
uci set wireless.work6g.ssid='Work'
uci set wireless.work6g.encryption='sae'
uci set wireless.work6g.key='goodlife'
uci set wireless.work6g.wds='1'
uci set wireless.work6g.hidden='0'
uci set wireless.work6g.isolate='1'
uci set wireless.work6g.disabled='0'
uci set wireless.work6g.ieee80211k='1'
uci set wireless.work6g.bss_transition='1'
uci set mlo.mld6=wifi-mld
uci set mlo.mld6.disabled='0'
uci set mlo.mld6.bands='2g'
uci add_list mlo.mld6.bands='5g'
uci add_list mlo.mld6.bands='6g'
uci set wireless.workmld2g=wifi-iface
uci set wireless.workmld2g.device='wifi0'
uci set wireless.workmld2g.network='work'
uci set wireless.workmld2g.mode='ap'
uci set wireless.workmld2g.ssid='Work'
uci set wireless.workmld2g.encryption='ccmp'
uci set wireless.workmld2g.sae='1'
uci set wireless.workmld2g.key='goodlife'
uci set wireless.workmld2g.wds='1'
uci set wireless.workmld2g.isolate='1'
uci set wireless.workmld2g.hidden='0'
uci set wireless.workmld2g.ifname='wlan63'
uci set wireless.workmld2g.ieee80211k='1'
uci set wireless.workmld2g.bss_transition='1'
uci set wireless.workmld2g.disabled='0'
uci set wireless.workmld2g.mld='mld6'
uci set wireless.workmld5g=wifi-iface
uci set wireless.workmld5g.device='wifi1'
uci set wireless.workmld5g.network='work'
uci set wireless.workmld5g.mode='ap'
uci set wireless.workmld5g.ssid='Work'
uci set wireless.workmld5g.encryption='ccmp'
uci set wireless.workmld5g.sae='1'
uci set wireless.workmld5g.key='goodlife'
uci set wireless.workmld5g.wds='1'
uci set wireless.workmld5g.isolate='1'
uci set wireless.workmld5g.hidden='0'
uci set wireless.workmld5g.ifname='wlan64'
uci set wireless.workmld5g.bss_transition='1'
uci set wireless.workmld5g.disabled='0'
uci set wireless.workmld5g.mld='mld6'
uci set wireless.workmld6g=wifi-iface
uci set wireless.workmld6g.device='wifi2'
uci set wireless.workmld6g.network='work'
uci set wireless.workmld6g.mode='ap'
uci set wireless.workmld6g.ssid='Work'
uci set wireless.workmld6g.encryption='ccmp'
uci set wireless.workmld6g.sae='1'
uci set wireless.workmld6g.key='goodlife'
uci set wireless.workmld6g.wds='1'
uci set wireless.workmld6g.isolate='1'
uci set wireless.workmld6g.hidden='0'
uci set wireless.workmld6g.ifname='wlan65'
uci set wireless.workmld6g.ieee80211k='1'
uci set wireless.workmld6g.bss_transition='1'
uci set wireless.workmld6g.disabled='0'
uci set wireless.workmld6g.mld='mld6'
uci set wireless.mld6=wifi-mld
uci set wireless.mld6.mld_ssid='Work'
uci commit
reboot
I'm running a total of 10 VLANS on my Flint3, and I changed the default to VLAN10 since VLAN1 should never be used for traffic.
Edit: I should add, if you make one and you can't get an address on the lan port, go into Luci and the switch settings, and just click "save and apply". Then disconnect and reconnect to that port. I don't know why it does that when you set it up via SSH but sometimes it does and it took me a while to figure out.
2 Likes