DD-WRT GUI settings don't match CLI

1 post / 0 new
rycokelley
rycokelley's picture
DD-WRT GUI settings don't match CLI

 

Hello...I am trying to do something very basic in setting up port based vlans as outlined in this article.

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=637106

Here is how my GUI is setup.

  

I need port 1 and ports 2-4 to be on separate VLANs with filtering so that only outbound and return traffic can leave and enter those VLANS.   

Here is what the CLI shows

root@CoreNet01:~# nvram show | grep vlan.*ports
size: 37642 bytes (27894 left)
vlan2ports=0 5u
vlan1ports=1 2 3 4 5*
 
I would expect the output to be 
vlan2port=1 5u
vlan3ports=2 3 4 5*
 
In the end, this is what I want to accomplish
 
1) Device connected to port 1 on back of the router to only have Internet access and traffic leaving and returning to that vlan (vlan2). all other traffice denied/dropped.
2) Devices connected to ports 2-4 on the back of the rounter to have access to each other (VLAN3) , the Internet wireless devices (see steps 2 and 3 below).
3) Private Wifi in same VLAN (VLAN3) as ports 2-4 with access to those devices and the Internet.
4) Guest Wifi with only access to and from the Internet. 
 
I got as far as getting the physical ports configured as shown in the GUI.  I am able to communicate on the separate vlans/subnets (with fixed ips as desired). I put in some iptables rules which did not prevent access from VLAN2 to VLAN 3 and vice versa.  
 
I noticed that the GUI keeps forcing port 1 to be in the LAN bridge too. 
 
Is there a hardware schematic for the layout of the R7000 similar to this one.