Guest VLAN, Swapping WAN-LAN ports and more

General discussion about Gargoyle, OpenWrt or anything else even remotely related to the project

Moderator: Moderators

Post Reply
robert7k
Posts: 8
Joined: Thu Jan 14, 2016 7:18 am

Guest VLAN, Swapping WAN-LAN ports and more

Post by robert7k »

It is possible do make custom configurations of ports and vlans in gargoyle 1.8.1 (by manually editing files via winscp) without gargoyle GUI rewriting them and losing my changes!

My main router wifi has to be off (because of it's location) and i need to use multiple access points AND allow guest access WITH QOS (low priority to the guest letwork)

So this is the solution (my solution uses non-standard port mapping, for safety - resetting the router will not connect the main and the guest network together)

1. edit /etc/gargoyle_default_ifs to:

Code: Select all

default_lan_if	eth1
default_wan_if	eth0.3
if the file doesn't exist play around with enabling disabling the WAN port
2. delete from /etc/config/network all "config switch_vlan" sections
3. add to /etc/config/network:

Code: Select all

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'
	option ports '0t 2 3'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option ports '0t 4'

config interface 'FreeWifi'
	option proto 'static'
	option ifname 'eth0.2'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
4. add to /etc/config/dhcp

Code: Select all

config dhcp 'FreeWifi'
	option interface 'FreeWifi'
	option start '100'
	option leasetime '12h'
	option limit '151'
5. add before the includes to /etc/config/firewall

Code: Select all

config zone
	option input 'ACCEPT'
	option output 'ACCEPT'
	option name 'freewifi'
	option forward 'ACCEPT'
	option network 'FreeWifi'

config forwarding
	option src 'freewifi'
	option dest 'wan'

config rule
	option src 'freewifi'
	option name 'block access to router for guests'
	option dest_port '80 20 22 443'
	option target 'REJECT'
That's it! now you have a router with 2 independent LAN subnets (with router configuration blocked from the guest network):
The WAN port is for your own LAN, the WAN should be connected to one of the lan ports (more on that later) of the router and 2 ports for guest wifi access points
The extra port may be configured for an extra LAN/GUEST port or a trunk connection for a smart switch or multi SSID wireless AP.
Never manually edit "config interface lan" and "config interface wan" - they get overwritten by the GUI - edit /etc/gargoyle_default_ifs instead
WLAN may be enabled for one or two of those networks (i didn't test it, you may need add "option type 'bridge'" to "config interface 'FreeWifi'")

Known bugs:
- The port numbers for VLAN assignment may not match port numbers written on the router ports (known "WONTFIX" bug from openwrt)
- In Bandwidth Usage you can't select the guest network users
- B/W Distribution doesn't include the guest network
- "All individual hosts without explicit quota" does not include the guest network
- Backup / Restore configuration doesn't save /etc/gargoyle_default_ifs

The next thing: using this approach in GUI?
Top
rsbrux
Posts: 11
Joined: Thu Sep 12, 2013 2:15 pm

Re: Guest VLAN, Swapping WAN-LAN ports and more

Post by rsbrux »

I'm too ignorant to fully understand the implications of this, but it sounds as though it might solve a problem I have. I have two routers to cover my apartment adequately. Obviously, only one has DHCP enabled. This is the "master" router, which is connected to the WAN. The guest network on that router works as expected. The "slave" router (which uses the "master" as its gateway) allows clients to connect to its guest network, but the connected clients do not have internet access, presumably because they aren't receiving IP addresses. Would your approach permit me to create a separate subnet, with its own exclusive DHCP server, for the "slave" guest network?
TP-LINK WDR4300v1
Gargoyle 1.12.0 as AP, LAN to WAN bridged
Top
nworbnhoj
Posts: 916
Joined: Mon Jul 21, 2014 10:08 am
Location: Australia
Contact:
Contact nworbnhoj

Re: Guest VLAN, Swapping WAN-LAN ports and more

Post by nworbnhoj »

I suspect that you can achieve your aim by connecting a LAN port on your "master" router to a LAN port on tour "slave" router
Can you help someone else get Gargoyle up and running?
TL-WDR3600 : Gargoyle 1.9.0 : NBN FixedWireless
TL-WR1043ND-V2 : Gargoyle 1.8.0 : 3G Huawei E160E
Top
robert7k
Posts: 8
Joined: Thu Jan 14, 2016 7:18 am

Re: Guest VLAN, Swapping WAN-LAN ports and more

Post by robert7k »

rsbrux wrote:I'm too ignorant to fully understand the implications of this, but it sounds as though it might solve a problem I have. I have two routers to cover my apartment adequately. Obviously, only one has DHCP enabled. This is the "master" router, which is connected to the WAN. The guest network on that router works as expected. The "slave" router (which uses the "master" as its gateway) allows clients to connect to its guest network, but the connected clients do not have internet access, presumably because they aren't receiving IP addresses. Would your approach permit me to create a separate subnet, with its own exclusive DHCP server, for the "slave" guest network?
That's exactly the goal of what i did. In my system i use separate APs for the guest and the private network (i use salvaged wireless-G routers with no option to change the firmware), but you could use also a single slave router with VLAN on it running openwrt (gargoyle doesn't have the options in the GUI, openwrt does)
For that you need to create 2 VLAN port-WLAN bridges on the slave router and connect every VLAN port with a wire to the right port on the main router (yes - 2 cables)
To avoid using 2 cables you can create a tagged vlan port ("trunk") on both routers and connect a single cable to that port (via the GUI on openwrt and by editing /etc/config/network on the gargoyle)
Top
Post Reply

Return to “General Discussion”