dan/openwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4ee41bf8810ce1c39446ff51f0bf56a70a1d8b51
openwrt/docs/pre-implementation-findings.md
Dan Head 4ee41bf881 chore: initial repo setup with baseline config backup 
- Pull current config from router (OpenWRT 24.10.2)
- Add backup, safe-apply, and push-all scripts
- Add CLAUDE.md with workflow rules and context
- Add network-map.md with current topology and planned VLANs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-02 23:37:53 +01:00

2.9 KiB
Raw Blame History

Pre-Implementation Findings

Notes from live router investigation before VLAN implementation begins.

DSA and Bridge Architecture

Concern raised: OpenWRT 24.10+ uses DSA (Distributed Switch Architecture) on the MT7621. The implementation plan needed to be validated against the actual router interface naming and bridge support before work begins.

Finding: bridge-per-VLAN approach is confirmed valid.

ip link show output from the live router:

1: lo
2: eth0                          — uplink to MT7621 switch ASIC
3: wan                           — WAN port (PPPoE)
4: lan1@eth0  — UP              — LAN port 1 (wired, device connected)
5: lan2@eth0  — NO-CARRIER      — LAN port 2 (nothing plugged in)
6: lan3@eth0  — UP              — LAN port 3 (Sonos Connect)
7: lan4@eth0  — NO-CARRIER      — LAN port 4 (nothing plugged in)
8: br-guest                      — guest bridge (already live)
9: br-lan                        — main flat LAN bridge
10: pppoe-wan
11: phy0-ap0  → br-lan           — Moonshield (2.4GHz)
12: phy1-ap0  → br-lan           — Moonshield (5GHz)
13: phy0-ap1  → br-guest         — guest SSID (2.4GHz) — already attached
14: phy1-ap1  → br-guest         — guest SSID (5GHz) — already attached

Key conclusions:

  • DSA port names are lan1lan4 — use these in list ports when defining bridge devices in config/network.
  • br-guest is already running in production with two wireless VAPs attached — the bridge-per-VLAN pattern is proven on this hardware.
  • Both radios support AP and AP/VLAN modes with up to ~4 VAPs per radio, so adding Cloud Connected and Pinball Map SSIDs will not hit hardware limits.
  • The config/network entry for br-guest currently has no list ports entry (bridge_empty '1'), confirming that wireless-only bridges work fine without a wired port.

Pending Validation Test

Test: assign a physical port to br-guest, connect a device, verify it gets a 10.10.10.x IP.

This validates the full stack — port assignment, bridge isolation and DHCP — using a live but low-risk interface before touching the main VLAN work.

Steps (when physically at the router):

  1. Edit config/network — add list ports 'lan4' to the br-guest device block
  2. ./scripts/safe-apply.sh network 5
  3. Plug a device into LAN 4
  4. Confirm it gets an IP in 10.10.10.10010.10.10.249 (pool: start 100, limit 150)
  5. Verify on router: ssh openwrt "cat /tmp/dhcp.leases"
  6. Clean up: remove list ports 'lan4' and re-push before starting real implementation

Status: complete — passed 2026-04-02.

Result: device on LAN 4 was issued 10.10.10.101 (within pool 10.10.10.10010.10.10.249). Port assignment, bridge isolation and DHCP all confirmed working end-to-end.

Next step: remove list ports 'lan4' from the br-guest device block and re-push before starting VLAN implementation.

Reference in New Issue View Git Blame Copy Permalink