DD-WRT GUI settings don't match CLI

1 post / 0 new
rycokelley's picture
DD-WRT GUI settings don't match CLI


Hello...I am trying to do something very basic in setting up port based vlans as outlined in this article.


Here is how my GUI is setup.


I need port 1 and ports 2-4 to be on separate VLANs with filtering so that only outbound and return traffic can leave and enter those VLANS.   

Here is what the CLI shows

root@CoreNet01:~# nvram show | grep vlan.*ports
size: 37642 bytes (27894 left)
vlan2ports=0 5u
vlan1ports=1 2 3 4 5*
I would expect the output to be 
vlan2port=1 5u
vlan3ports=2 3 4 5*
In the end, this is what I want to accomplish
1) Device connected to port 1 on back of the router to only have Internet access and traffic leaving and returning to that vlan (vlan2). all other traffice denied/dropped.
2) Devices connected to ports 2-4 on the back of the rounter to have access to each other (VLAN3) , the Internet wireless devices (see steps 2 and 3 below).
3) Private Wifi in same VLAN (VLAN3) as ports 2-4 with access to those devices and the Internet.
4) Guest Wifi with only access to and from the Internet. 
I got as far as getting the physical ports configured as shown in the GUI.  I am able to communicate on the separate vlans/subnets (with fixed ips as desired). I put in some iptables rules which did not prevent access from VLAN2 to VLAN 3 and vice versa.  
I noticed that the GUI keeps forcing port 1 to be in the LAN bridge too. 
Is there a hardware schematic for the layout of the R7000 similar to this one.