Configuration of STP bridge doesn't work on v3.0-r41027 std

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
cmitran
DD-WRT Novice


Joined: 16 Sep 2019
Posts: 3

PostPosted: Tue Sep 17, 2019 11:45    Post subject: Configuration of STP bridge doesn't work on v3.0-r41027 std Reply with quote
There seems to be an issue since the first betas which persists in the current build (v3.0-r41027 std), when running on an ASUS-RT-AC68U.

Scenario: add a new virtual wireless to a new bridge configured with a DHCP server.
Configuration:
* Wireless: add new virtual wireless interface (wl1.1)
- AP Isolation: disable
- Multicast To Unicast: disable
- Network Configuration: bridged
* Setup, Networking: add a new bridge, add the virtual wireless interface to it and map a new DHCP server:
- Create new bridge:
> name: br1
> STP: STP
> IGMP Snooping: off
> Prio: 32768
> Forward Delay: 15
> Max Age: 20
> MTU: 1500
> Root MAC: 38:2C:4A:E2:D6:B0 (same as br0's)
- Network Configuration br1:
> TX Queue Length: 1000
> MTU: 1500
> Multicast forwarding: disable
> Net Isolation: disable
> Forced DNS Redirection: disable
> IP Address: 192.168.11.1
> Subnet Mask: 255.255.255.0
> L2Mesh enable: unchecked
- Assign virtual wireless interface (wl1.1) to the bridge:
> Assignment: br1
> Interface: wl1.1
> STP: on
> Prio: 128
> Path cost: 100
> Hairpin Mode: unchecked
- Add new DHCP server for the new bridge
> DHCP 0: br1
> On
> Start: 128
> Max: 50
> Lease time: 1440

Behaviour:
Clients cannot connect to the configured wireless because the interface wl1.1 doesn't stay up.
The log file shows repeatedly:
Sep 17 01:41:33 router daemon.info mstpd[587]: set_if_up: Port wl1.1 : up
Sep 17 01:41:33 router daemon.info mstpd[587]: error, ethtool_get_speed_duplex: Cannot get speed/duplex for wl1.1: Not supported.
The message in the log file is informational, indeed. But it must be related to the incapacity of clients to obtain an IP address when trying to connect to the virtual wireless interface. If I bind the DHCP server directly to the interface (unbridged mode), it works. But not when using a bridge.

I hope that I've provided you with enough information for this issue.

Kind regards,
Cristian Mitran
Sponsor
nmarmolejo
DD-WRT Novice


Joined: 20 Sep 2017
Posts: 11

PostPosted: Wed Oct 02, 2019 5:26    Post subject: Same Issue Reply with quote
I tried the exact same steps and can't get this to work. I am trying to create a guest network and clients can't connect as it seems dhcp never hands out an ip address.

I tried in earlier build (r40559) as well and still does not work.

I keep seeing this error in my log
error, CTL_set_cist_bridge_config: Couldn't find bridge with index 18

it looks as if it can't find the new br1 I added and gets an index error.

Let me know if you solve it.
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1461
Location: Belgrade

PostPosted: Wed Oct 02, 2019 8:46    Post subject: Re: Same Issue Reply with quote
nmarmolejo wrote:
I am trying to create a guest network and clients can't connect it looks as if it can't find the new br1 I added and gets an index error.

On broadcom, VAP (guest network) works ONLY on unbridged interface (unbridge wl0.1 from br0)...
this is known and problem is broadcom driver...
forget about mstp, it has nothing todo with this problem...
nmarmolejo
DD-WRT Novice


Joined: 20 Sep 2017
Posts: 11

PostPosted: Mon Oct 07, 2019 3:40    Post subject: Re: Same Issue Reply with quote
Mile-Lile wrote:
nmarmolejo wrote:
I am trying to create a guest network and clients can't connect it looks as if it can't find the new br1 I added and gets an index error.

On broadcom, VAP (guest network) works ONLY on unbridged interface (unbridge wl0.1 from br0)...
this is known and problem is broadcom driver...
forget about mstp, it has nothing todo with this problem...


thanks Mile-lile, is there updated instructions to make this work on unbridged or are you saying VAP (guest network) is not possible with broadcom based router?
MDA400
DD-WRT User


Joined: 10 Jan 2015
Posts: 236
Location: Minnesota

PostPosted: Wed Oct 09, 2019 3:03    Post subject: Re: Same Issue Reply with quote
nmarmolejo wrote:
Mile-Lile wrote:
nmarmolejo wrote:
I am trying to create a guest network and clients can't connect it looks as if it can't find the new br1 I added and gets an index error.

On broadcom, VAP (guest network) works ONLY on unbridged interface (unbridge wl0.1 from br0)...
this is known and problem is broadcom driver...
forget about mstp, it has nothing todo with this problem...


thanks Mile-lile, is there updated instructions to make this work on unbridged or are you saying VAP (guest network) is not possible with broadcom based router?


I just setup a guest network that can't talk to my LAN or other clients connected to the guest network (also added a few firewall rules so that guest network clients couldn't access SSH or the router's web interface).

These are the instructions I used from the DD-WRT wiki, that suggest unbridged configuration: Guest WiFi + abuse control for beginners


(saved as firewall script under Administration>Commands. Interface for me is wl0.1 [2.4ghz] and guest network is set as 192.168.10.1)


iptables -I INPUT -i wl0.1 -m state --state NEW -j DROP

(rule to deny guest clients to router web interface)

iptables -I INPUT -i wl0.1 -p udp -m multiport --dports 53,67 -j ACCEPT

(rule that permits guest clients to receive DHCP and DNS information, else they wouldn't get internet connection due to web interface rule)


iptables -I INPUT -i wl0.1 -p tcp --dport 22 -d 192.168.10.1 -j REJECT --reject-with tcp-reset

iptables -I FORWARD -i wl0.1 -p tcp --dport 22 -d 192.168.10.1 -j REJECT --reject-with tcp-reset


(rules to deny SSH access on the guest network. dport is the protocol port which can be changed to any other protocol you want to block)


If anyone knows how to give a guest network/VAP IPv6 access using SLAAC (DNSmasq or radvd?), it would be most appreciated.
I know Per Yngve Berg has a configuration for DHCP6C, but devices like Android that do not support DHCPv6 would not work in that situation.

_________________
LATEST DD-WRT FW IS LOCATED HERE: ftp://ftp.dd-wrt.com/betas
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum