vlans not getting DHCP on guest

[stiffbeta]

For some reason clients aren't getting address on guest wl0.1. I can them connect and syslogs show a scope is up for it. Some history of the set up is I created a vlan and moved wl0.1 to and created a bridge br1 with it added following this thread:
[URL="http://www.snbforums.com/threads/ssid-to-vlan.24791/#post-191187"]SSID to VLAN[/URL]
log entries:
dnsmasq-dhcp[758]: DHCP, IP range 192.168.100.5 -- 192.168.100.10, lease time 1d
Jul 31 19:00:24 dnsmasq-dhcp[758]: DHCP, IP range 192.168.10.100 -- 192.168.10.125, lease time 1d
Jul 31 19:00:24 dnsmasq-dhcp[758]: DHCP, IP range 192.168.1.75 -- 192.168.1.100, lease time 1d
Jul 31 19:00:24 dnsmasq[758]: read /etc/hosts - 5 addresses
Jul 31 19:00:24 dnsmasq[758]: using nameserver 192.168.0.254#53
Jul 31 19:00:24 dnsmasq[758]: using nameserver 192.168.0.254#53
>dnsmasq.conf:

 dnsmasq.conf
pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic
interface=br0
interface=ppp1*
no-dhcp-interface=ppp1*
resolv-file=/tmp/resolv.conf
servers-file=/tmp/resolv.dnsmasq
no-poll
no-negcache
cache-size=1500
min-port=4096
dhcp-range=lan,192.168.1.75,192.168.1.100,255.255.255.0,86400s
dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,252,"\n"
dhcp-authoritative
conf-file=/etc/dnssec-trust-anchors
dnssec
dnssec-no-timecheck
interface=br1
dhcp-range=tag:br1,192.168.10.100,192.168.10.125,255.255.255.0,1440m
dhcp-option=tag:br1,3,192.168.10.254
interface=br2
dhcp-range=tag:br2,192.168.100.5,192.168.100.10,255.255.255.128,1440m
dhcp-option=tag:br2,3,192.168.100.126
dhcp-lease-max=255
dhcp-authoritative

 services-start
#!/bin/sh
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"

#robocfg vlan 1 ports "0 1 2 4 5t"
#robocfg vlan 2 ports "0 5"
#robocfg vlan 40 ports "4t 5t"
robocfg vlan 50 ports "4t 5t"

#vconfig add eth0 40
#ifconfig vlan40 up

vconfig add eth0 50
ifconfig vlan50 up

brctl addbr br1
brctl delif br0 wl0.1
brctl addif br1 wl0.1
#brctl delif br0 wl1.1
#brctl addbr br2
#brctl addif br2 wl1.1
brctl addif br1 vlan50
#brctl addif br2 vlan40
ifconfig br1 192.168.10.254 netmask 255.255.255.0
ifconfig br1 up
#ifconfig br2 192.168.100.126 netmask 255.255.255.128
#ifconfig br2 up

nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set lan_ifname="br0"
nvram set lan1_ifnames="vlan50 wl0.1"
nvram set lan1_ifname="br1"

#nvram set lan2_ifnames="vlan40 wl1.1"
#nvram set lan2_ifname="br2"

nvram commit

killall eapd
eapd

I do find this weird/scary though as I have a 68p but robocfg shows

admin@RT-AC68P-2B80:/tmp/home/root# robocfg show
Switch: enabled
Port 0: 1000FD enabled stp: none vlan: 2 jumbo: off mac: 00:00:00:00:00:00
Port 1:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 2:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 3:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 4: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00 
Port 8: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 1 2 3 4 8t
   2: vlan2: 0 8t
  50: vlan50: 4t 5t
1045: vlan1045: 0t 2t 3 4t 5t
1046: vlan1046: 1 2 3t 4 5 8t
1047: vlan1047: 0 2 4
1099: vlan1099: 0 1 5t 7
1100: vlan1100: 0 1 2 3t 4
1101: vlan1101: 1 2t 5 8t
1102: vlan1102: 2t 5t 7 8t
1103: vlan1103: 1t 4 7t 8t

I am FINALLY so so so close to get this to work but cant figure out what or where I.m going wrong. Any thoughts? thanks

 

[stiffbeta]

I have never felt stupider than now as I cant get anything to work. I finally found all the info I needed and proceeded to use scripts that work and still fail. if any one can help it would be greatly appreciated and I'm not looking to have my learning done for me but I'm at a brick wall as I learn this. I found this and modified accordingly but have to clear nvram every time and the one thing I'm noticing is my port 5 is changing to port 8???

#!/bin/sh

# Credit the contributions of SNB forum Members Batking, Coldwizard and starfall etc. that provided the bulk of these commands.

robocfg vlan 1 ports "1 2 3 4 5"
robocfg vlan 40 ports "4t 5t"
robocfg vlan 50 ports "4t 5t"
vconfig et0 40
vconfig et0 50
ifconfig vlan40 up
ifconfig vlan50 up

logger -st "($(basename $0))" $$ "Martineau Wifi Bridge configuration Starting...." [$@]

WAN_IF=$(nvram get wan0_interface)
WANIP=$(/sbin/ifconfig $WAN_IF | grep 'inet addr' | cut -d':' -f2 | awk '{print $1}')
robo
logger -st "($(basename $0))" $$ " Create br1 and br2...." [$@]

# Remove WiFi 2.4Ghz and 5Ghz Guests 1 and 2 from br0
brctl delif br0 wl0.1
brctl delif br0 wl1.1


# Create br1 for WiFi 2.4Ghz and 5Ghz Guest 1
brctl addbr br1
brctl addif br1 wl0.1


# Create br2 for WiFi 2.4Ghz and 5Ghz Guest 2
brctl addbr br2
brctl addif br2 wl1.1


logger -st "($(basename $0))" $$ " Ifconfig...." [$@]

ifconfig br1 10.1.254.1 netmask 255.255.255.0 broadcast 10.1.254.255
ifconfig br2 10.2.254.1 netmask 255.255.255.0 broadcast 10.2.254.255

# Fix WPA2 on Guest WiFi
nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set lan_ifname="br0"
nvram set lan1_ifnames="wl0.1 vlan50"
nvram set lan1_ifname="br1"
nvram set lan2_ifnames="wl1.1 vlan40"
nvram set lan2_ifname="br2"
nvram commit
killall eapd
eapd

# Allow dnsmasq to listen to br1 and br2
iptables -D INPUT -i br1 -j ACCEPT 2> /dev/null > /dev/null
iptables -I INPUT -i br1 -j ACCEPT
iptables -D INPUT -i br2 -j ACCEPT 2> /dev/null > /dev/null
iptables -I INPUT -i br2 -j ACCEPT

ebtables -t broute -D BROUTING -i br1 -p ipv4 -j DROP 2> /dev/null > /dev/null
ebtables -t broute -I BROUTING -i br1 -p ipv4 -j DROP
ebtables -t broute -D BROUTING -i br2 -p ipv4 -j DROP 2> /dev/null > /dev/null
ebtables -t broute -I BROUTING -i br2 -p ipv4 -j DROP


# Allow br1 and br2 WAN access
iptables -t nat -I POSTROUTING -o $WAN_IF -j SNAT --to $WANIP
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br2 -m state --state NEW -j ACCEPT

# Block br1 and br2 access to br0
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP
iptables -I FORWARD -i br2 -o br0 -m state --state NEW -j DROP


# Isolate br1 and br2 from each other
iptables -I FORWARD -i br1 -o br2 -m state --state NEW -j DROP
iptables -I FORWARD -i br2 -o br1 -m state --state NEW -j DROP

# Block br1 and br2 from accessing the router
#iptables -I FORWARD -i br1 -d 192.168.1.0/24 -m state --state NEW -j DROP
#iptables -I FORWARD -i br2 -d 192.168.1.0/24 -m state --state NEW -j DROP


# Block br1 from accessing the router by port:
iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset

# Block br2 from accessing the router by port:
iptables -I INPUT -i br2 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br2 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br2 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br2 -p tcp --dport https -j REJECT --reject-with tcp-reset

service restart_dnsmasq

logger -st "($(basename $0))" $$ "Martineau Wifi Bridge configuration Complete."