VLAN custom config

Issue #339 closed
Dev
created an issue

I am using my rtn56u as AP so not using dhcp server on it. I have a seperate cisco router managing all router services and have a seperate vlan23 for guest internet access I want to associate that VLAN23 with the guest ssid option available in this built. Is it possible to utilize and bridge tagged vlan data with a wifi radio?

Comments (9)

  1. Arne

    Hey that's funny. I recently bought a separate router and am now only using the n56 as an access point, and I was looking for exactly the same functionality. In the current configuration, guest users can still access all IPs on my private network. Is there any way we can bridge the guest wlan to a separate vlan, perhaps using SSH and tweaking some of the config files?

  2. Arne

    I wouldn't think you have to make any changes to the switch though. Just a second bridge from the guest-wlan to a vlan.

    I was running OpenWRT on the n56 before and it was fairly easy to accomplish on that one. But the Padavan firmware is much more stable which is why I switched

  3. Dev reporter

    I also tried the Openwrt but its not stable at all. Wifi will stop working all of a sudden and there is no fix so far so I switched back to Padavan.

    Any suggestions how to bridge vlan to guest wlan?

  4. Arne

    Ok so I had a look and this should not be that hard. Unfortunately it does look like you need to make changes to the switch though, and I can't figure out what I'm doing wrong there

    # Create the vlan
    vconfig add eth2 23
    
    # Remove guest wlan from br0 and add to new br1 (do the same for ra1 if you also use 5ghz guest ap)
    brctl delif br0 rai1
    brctl addbr br1
    brctl addif br1 eth2.23
    brctl addif br1 rai1
    

    So far so good. But unfortunately it seems that the switch does not allow vlans by default. You need to use the command rtl8367 to control the switch, but it is largely undocumented. The most helpful comment from Andy Padavan is here: https://bitbucket.org/padavan/rt-n56u/issues/6/iptv-two-vlans-over-one-port-for-multiroom

    However I tried

    rtl8367 64 0x7F 0x00170017

    which should add VLAN17 to all ports, but I still can't ping across the vlan

    I also tried:

    rtl8367 62 0x7F 0

    which should allow vlan tags for all ports, but again no success.

    If anyone has a good suggestion on how to get the vlan working on the switch, let me know!

  5. Arne

    In the mean time I have used ebtables to at least isolate the guest wlan from the rest of the network (except the router):

    ebtables -A FORWARD -p IPv4 -i rai1 --ip-dst 192.168.1.1 -j ACCEPT
    ebtables -A FORWARD -p IPv4 -i rai1 --ip-dst 192.168.1.0/24 -j DROP
    
  6. Jaykob

    I'm trying to use an RT-AC51U as access point and I'm missing a guest isolation here. I tried the ebtables solution and it accepts the command (confirmed with ebtables -L), however they don't have any effect. Do I need to restart a service or something in order to apply the changes?

  7. Log in to comment