I am seeing some really strange behavior with br1. If I remove the 2nd VAP, eth1.77 returns as the attached photo shows but after rebooting the router only wlan0.1 remains in br1. Why is this?
I took your advice and I see this a lot in the log:
user info bridge : interface eth1 successfully deleted from bridge br0
user info bridge : interface eth1.77 successfully deleted from bridge br1
daemon info mstpd[493] MSTP_OUT_set_ageing_time: br1:eth1.77 Setting new ageing time to 300
daemon warning dnsmasq-dhcp[8982] DHCP packet received on br1 which has no address
daemon info mstpd[493] MSTP_OUT_set_state: br1:eth1.77:0 entering learning state
daemon info mstpd[493] set_if_up: Port eth1.77 : up
daemon info mstpd[493] MSTP_OUT_set_state: br1:eth1.77:0 entering forwarding state
I don't why it's deleting eth1 and eth 1.77 from their bridges. I did not tell the router to do this.
The gui only shows wlan0.1 as a member of br1 currently even though eth1.77 is also configured for br1. Wireless devices receive an ip address from br1, show up in Status/LAN as receiving addresses from br1 and work just fine.
If I plug my laptop into a switchport in vlan77, I get a DHCP address but no internet access. Status/LAN says the address is from eth1.77 which is not configured anywhere for DHCP. BR1 is configured to hand out the ip address that my laptop gets but according to the gui and the syslog eth1.77 is no longer a member of br1 so how is this possible?
I have good news. While the forum was taking a siesta, I solved my vlan77 problem i.e. I have successfully bridged a vlan and 2 vaps together and it survives a router reboot. Yay! I wish everything in gui worked as intended so I didn't have to learn linux in the process but I understand that dd-wrt is a 'labor of love" project.
Anyhow, here's my startup commands and see the attachment for my bridge setup in the gui.
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 3 4t 6"
swconfig dev switch0 vlan 77 set ports "4t 6t"
swconfig dev switch0 vlan 97 set ports "4t 6t"
swconfig dev switch0 set apply
vconfig add eth1 77
vconfig add eth1 97
ifconfig eth1.97 192.168.97.1 netmask 255.255.255.0
ifconfig eth1.77 up
ifconfig eth1.97 up
#
#
#
brctl delif br0 wlan0.1 wlan1.1
brctl addif br1 eth1.77 wlan0.1 wlan1.1
ifconfig wlan0.1 up
ifconfig wlan1.1 up
ifconfig br1 up
Now that vlan77 is straight, my attention has returned to vlan97. I have taken the PC with the camera software out of that vlan and placed it back in vlan1. Also, I removed the gateway ips from all camera since they don't need to route traffic outside of their subnet. So now, I need to figure out what firewall commands that are going to allow just the management PC to access the cameras. Vlan97 does not have internet access just lan.
I don't know why the bridges does not work for you.
In the networking tab, there is a switch on each interface with choices "unbridged" and "default (bridged)".
eth1.97 shall be set to unbrigded, while eth1.77 shall be default to be bridged to it's br1.
I have this already
Per Yngve Berg wrote:
Unbridged interfaces must have an ip address while for bridges it's set on the bridge.
Ok
Per Yngve Berg wrote:
The cameras must have a gateway address set in order to reply to the management station on another sub-net.
OMG. How embarrassing it is that I forgot routing between subnets requires gateways? My Cisco certification is crying right now.
Well, I added the gateway ips back to the cameras and for a while I was able to see the cameras through the software on the management PC (Yay!) but then I rebooted the router and it stopped working again. Grumble.
So I've management to get video on all 4 cameras but it's random every time the router is rebooted. Sometime I can only get video from 1 camera and the next only the other 3. Also, I cannot ping any of the cameras or access their web interfaces from the management PC.
I found the following command it seems to do the trick i.e. I can ping, enter the web console and view video from all 4 cameras. The weird intermittent camera behavior is gone. Yay.
iptables -I FORWARD -i br0 -o eth1.97 -j ACCEPT
Unfortunately, everything on br0/vlan1 can now see and access the cameras which is what I don't want. I want only the management PC to be able to interact with the the cameras on vlan97 so I added these commands:
#Enables NAT to allow all subnets to reach the internet
iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE
#Allow only the Blue Iris PC to connect to cameras in vlan97
iptables -I FORWARD -i br0 -o eth1.97 -j DROP
iptables -I FORWARD -s 192.168.7.180 -o eth1.97 -j ACCEPT
I guess we can "mothball" this thread finally. I may do an IOT vlan in the future but I'll do a new thread if I need any assistance with that.