(DGA4130)constant ~0.50 CPU load in bridge mode, GUI Version: 8.6.21

[Kherby]

I've installed the latest GUI and for some reason i do have a constant sys load of about 11-14%. I always had like ~Cpu Load: 0.10 with my DGA4132 and i wonder what is causing this high CPU load at my DGA4130. Im using fw 1.1.0 on both devices with the latest GUI (8.6.21).

(GUI) Cpu Load: 0.46 0.52 0.51

Mem: 249400K used, 234896K free, 0K shrd, 9920K buff, 42572K cached
CPU:   0% usr  11% sys   0% nic  88% idle   0% io   0% irq   0% sirq
Load average: 0.38 0.47 0.49 2/92 29236
  PID  PPID USER     STAT   VSZ %VSZ %CPU COMMAND
24705     2 root     SW       0   0%  11% [kworker/1:1]
  607     2 root     SW       0   0%   0% [bcmxtm_rx]
 1457     1 root     S     6128   1%   0% /usr/bin/swmdk
29193 29184 root     R     1724   0%   0% top
  627     2 root     SW       0   0%   0% [bcmsw_rx]
   94     2 root     SW       0   0%   0% [skbFreeTask]
29181  3007 root     S     1492   0%   0% /usr/sbin/dropbear -F -P /var/run/dro
 4484     1 root     S     1284   0%   0% /sbin/mountd -f
 3102     1 root     S    22272   5%   0% lua /usr/bin/transformer
 1988     1 root     S    14264   3%   0% hostapd -bund -p /var/run/hostapd.pid
 4242  3864 nobody   S    11540   2%   0% nginx: worker process
 4344     1 root     S N  10892   2%   0% /usr/bin/mud -d -t /etc/mud/mud_file_
 4263     1 root     S     6328   1%   0% /usr/bin/mvfs -o config=/tmp/.mvfs/mv
 3146     1 root     S     6276   1%   0% {datausaged} /usr/bin/lua /usr/bin/da
 3975     1 root     S     5752   1%   0% lua /usr/bin/gre-hotspotd.lua
 3864     1 root     S     5420   1%   0% nginx: master process /usr/sbin/nginx
 1446     1 root     S     5416   1%   0% /sbin/logd -S 4096
  415     1 root     S     4468   1%   0% /usr/sbin/cgrulesengd -n -Q -u root
 3944     1 root     S     4216   1%   0% /usr/sbin/urlfilterd
^C522     1 root     S     4168   1%   0% lua /usr/bin/hostmanager.lua

htop screenshot (imho there is a lot of stuff running for just using the device in bridge mode!): https://imgur.com/a/Q5ngYOc

Any idea is causing this constant CPU load, is this a bug ?

[Kherby]

I fixed it by adding eth5 back to the lan section in the network config (list ifname 'eth5').

Mem: 260620K used, 223676K free, 0K shrd, 15368K buff, 43992K cached
CPU:   0% usr   0% sys   0% nic  98% idle   0% io   0% irq   0% sirq
Load average: 0.24 0.25 0.23 2/102 5548

Finally no more 15% sys usage when the device is idling! But now i do recieve these kernel warnings "dosprotect rpfilter drop IN=br-lan" in my log again and that was the reason that i've deleted eth5 from the lan section!

So does anyone know how to get rid of these kernel warnings without deleting eth5 from the lan section? It seems to only affect the DGA4130 because i've done the same thing with my DGA4132 (eth4 in this case) and there is no such a high sys usage when the device is idling...

[Ansuel]

Think the problem is that when you remove eth5 the CPU needs to drop any packet (and this consume resources) You should try to also disable the load of the quantenna firmware so eth5 should not produce any extra packet... You need to find the process in the RC.d dir... When you find it just remove the link there

[Kherby]

There is a link called "S18quantenna" with the following content:

#!/bin/sh /etc/rc.common
#set -x
START=18

start() {
    local shell_access
    shell_access="$(uci get -q quantenna.qtn.disable_shell_access)"
    if [[ -n "$shell_access" ]]; then
        if [[ -s /qtn/qtn_custo.env ]]; then
            sed -i -n -e "/DISABLE_SHELL_ACCESS=/!p;\$aDISABLE_SHELL_ACCESS=$shell_access" /qtn/qtn_custo.env
        else
            echo "DISABLE_SHELL_ACCESS=$shell_access" > /qtn/qtn_custo.env
        fi
    fi

    mkdir -p /tmp/qtn
    qual_wlan=`uci get env.qual.qual_wlan 2> /dev/null`

    ln -s /qtn/qtn-linux.lzma /tmp/qtn/qtn-linux.lzma
    if [ -f "/qtn/qtn-uboot" ]; then
        ln -s /qtn/qtn-uboot /tmp/qtn/qtn-uboot
    fi
    ln -s /qtn/qtn_custo.sh /tmp/qtn/qtn_custo.sh

    if [ "$?" == "0" ] && [ "$qual_wlan" == "1" ]
    then
        cp /qtn/qtn_custo.env /tmp/qtn/qtn_custo.env
        echo "QUAL_BUILD=1"  >> /tmp/qtn/qtn_custo.env
    else
        ln -s /qtn/qtn_custo.env /tmp/qtn/qtn_custo.env
    fi

    #Experimental: NPU hostapd
    if [ -e "/qtn/qtn_hostapd" ]; then
        #Prepare config file
        cp /qtn/qtn_hostapd.conf /tmp/qtn
        qtn_mac=`uci get env.var.qtn_eth_mac`

        sed -i "s/%QLINK_SERVER_ADDR%/qlink_server_addr=$qtn_mac/g" /tmp/qtn/qtn_hostapd.conf

        #Start hostapd loop
        /qtn/qtn_hostapd_loop.sh &

    fi

}

stop() {
    if [ -e "/qtn/qtn_hostapd" ]; then
        killall qtn_hostapd_loop.sh
        killall qtn_hostapd
    fi
}

So it is safe to delete that link and do i also need to delete list ifname 'eth5' out of the lan section again to get rid of the kernel warning message "dosprotect rpfilter drop IN=br-lan" ?

[Ansuel]

Yes do both and it should fix... You know that you will lose 5ghz WiFi

[Kherby]

Yes i do know this... And i dont need WiFi anyway as i'm using my DGA only in bridge mode with a dedicated and powerful OpenWRT router in front (WRT3200acm). Thanks for your quick help!

[Kherby]

@Ansuel your suggested fix changes the kernel warning output to from "dosprotect rpfilter drop IN=br-lan" to "dosprotect rpfilter drop IN=eth5"

Deleting the S18quantenna link does cause the ~15% sys load even after reboot without deleting list ifname 'eth5' from the lan section.

Do you know any other way to disable the load of quantenna firmware and fix this "dosprotect rpfilter drop IN" kernel warnings ?

I'm going to try edit the dosprotect config file and set:

config globals 'globals'
    option enabled '0'
    option rpfilter 0'

Maybe that will fix this annoying kernel warning message... If it cannot be fixed I hope this kernel warning is just a cosmetic thing.

[Kherby]

I have disabled dosprotection via the config (/etc/config/dosprotect) and it finally fixed the kernel warnings... So there is no need to delete the quantenna link or delete eth5 from the lan section. Maybe it's only needed to set option rpfilter 0' but i dont think dosprotection is useful in bridge mode so i have completly disabled it.

@Ansuel Maybe dosprotection/rpfilter should be automatically disabled in bridge mode... Or is there any need to have dosprotection enabled when using the device in bridge mode only?

[Kherby]

To further reduce cpu load (and heat) in bridge mode i've also deactivated some tasks via init.d which results in a slightly lower cpu load over time... Here is the htop output before deactivating all those tasks: https://imgur.com/a/Q5ngYOc And here is the new output of htop: https://imgur.com/a/sZaIhgg

@Ansuel I guess that you haven't tweaked the bridge mode as most people use the DGA's as real routers? Imho there shouldn't be so many tasks running when using the device in bridge mode as it just creates unnecessary cpu load, heat and slightly more power consumption. There are like more tasks running at my DGA than on my main OpenWRT router using dnscrypt-poxy, sqm-qos, wireguard-vpn, adblock, dyndns, collectd, network-shares aso. and i find this quite strange for a device in pure bridge mode...

List of the deactivated tasks:

/etc/init.d/odhcpd stop
/etc/init.d/odhcpd disable
/etc/init.d/dnsmasq stop
/etc/init.d/dnsmasq disable
/etc/init.d/dhcpsnooper stop
/etc/init.d/dhcpsnooper disable
/etc/init.d/mcsnooper stop
/etc/init.d/mcsnooper disable
/etc/init.d/mobiled stop
/etc/init.d/mobiled disable
/etc/init.d/lte-doctor-logger stop
/etc/init.d/lte-doctor-logger disable
/etc/init.d/wansensing stop     
/etc/init.d/wansensing disable
/etc/init.d/watchdog-tch stop
/etc/init.d/watchdog-tch disable
/etc/init.d/hostapd stop                  #caution: disables wifi at the GUI!
/etc/init.d/hostapd disable               #caution: disables wifi at the GUI!
/etc/init.d/neighm stop
/etc/init.d/neighm disable
/etc/init.d/igmpproxy stop
/etc/init.d/igmpproxy disable
/etc/init.d/mldproxy stop
/etc/init.d/mldproxy disable

CWMPD was also running for some reason, so i deactivated it as well...

/etc/init.d/cwmpd stop
/etc/init.d/cwmpd disable
/etc/init.d/cwmpdboot disable
uci set cwmpd.cwmpd_config.state='0'
uci commit

I haven't encountered any problems so far and the device is running fine and it doesn't get as warm as before. Anyway do you see any task that shouldn't be deactivated in bridge mode? The only thing i would also like to completely shut down is this quantenna stuff... Any hints?

Mem: 257848K used, 226448K free, 0K shrd, 14924K buff, 48252K cached
CPU:   0% usr   0% sys   0% nic  98% idle   0% io   0% irq   0% sirq
Load average: 0.11 0.11 0.07 2/79 2420

[1of16]

@Kherby thank you for your post, since you're not the only one using the DGA just in bridge-mode ;) if there are more people like us, a minimal-bridge-mode would be amazing!

[Kherby]

I guess there is a lot of room for improvements at the Bridge Mode... ;) For example inserting a non deafault vlan tag via GUI is still not working as it should and some people are not able to connect via pppoe over their external routers without heavily modifiying the default bridge config + enable "pppoerelayd". Some routers also doesn't seem to work with the default bridge config, even with the right vlan tag configured in the network config(pppoe timeout)...

The good news are that there is a universal bridge config that works with and without vlan tag, so basicaly for anyone (with any router)! https://forum.kitz.co.uk/index.php/topic,20343.msg373800.html#msg373800

As i said this also works with ptm0.x for people that require a vlan tag for their pppoe connection. This config just has to be implemented correctly into the bridge mode and anyone should recieve a working pppoe connection (with and without vlan tag) right out of the box!

[1of16]

So I guess we want exactly the same :) I noticed the VLAN-bug as well, after some hours I found a blog describing the problem an a solution: editing /etc/config/network and changing ptm.0835 to my vlan-tag.

your link seems even more interesting, but it isn't working here? I c&p the whole config and restarted my router, but as far as I can see it, only this got changed: /etc/config/network

option pppoerelay '<set by script>'
list ifname 'eth0'
list ifname 'eth1'
list ifname 'eth2'
list ifname 'eth3'
list ifname 'eth5'
list ifname 'ptm0.835'

to

option ifname 'eth0 eth1 eth2 eth3 eth5'
list pppoerelay 'ptm0'

and in /etc/config/pppoerelayd option enable '0' to option enable '1' still got no connection, with or without the VLAN-tag at my router.

if I am using this and no VLAN-tag at my router, it works:

list ifname 'eth0'
list ifname 'eth1'
list ifname 'eth2'
list ifname 'eth3'
list ifname 'eth5'
list ifname 'ptm0.7'

my dream would be a modem-only-mode, no VLAN tag, WLAN or anything we don't need at the DGA. The router should be connected with eth0/wan (would be fool-proof) and eth1-eth4 are working as normal switch-ports. I still would like to connect my DGA to my network, just to take a look at the DSL-sync informations.

[Kherby]

@1of16 Don't copy the whole config, just modify your own config to match this one (and always make a backup of the old network config, just in case).

Keep in mind that the modified pppoe relay config was originally designed for a pppoe connection which doesn't require a vlan tag (ptm0) but this config also happens to work with a vlan tag. And that's why i think the modified pppoerelayd config should be the default config for the bridge mode because it will allow anyone to establish a pppoe connection (with or without vlan tag). Afaik if your connection does require a vlan tag ptm0 will just not work, even if you use the correct vlan tag at the wan side of your external router. This seems to be a limitation of the DGA, probably a config related limitation...

If I understand you correctly you are looking for a config where the vlan tag will be used on the external router. I'm going to try and figure out a working config where the tagging would work on the external router, which could be usefull if there is more than one vlan tag in play (for example IPTV). But to be honest i never heard of anyone successfully using a vlan tag on the external router when the DGA was in bridge mode, so maybe it's just not possible at all... :/

Anyway in your case the following (pppoerleayd) config should work (i'm using this config atm, just with a different vlan tag):

1. enable pppoerelayd (option enable '1')
2. Delete the whole "config device 'wanptm0'" section at your network config
3. Modify your network config with the following entries:

config interface 'wan'
    option macaddr 'YOUR DGA MAC ADDRESS'
    option proto 'bridge'
    option ifname 'ptm0.7'

config interface 'lan'
    option type 'bridge'
    option proto 'static'
    option ipaddr 'YOUR MODEM IP'
    option netmask '255.255.255.0'
    option ip6assign '64'
    option force_link '0'
    option ipv6 '0'
    option ifname 'eth0 eth1 eth2 eth3 eth5'
    list pppoerelay 'ptm0'

4. run /etc/init.d/network restart from the commandline

[1of16]

@Kherby either I misread something or your description doesn't work :( I did exactly what you wrote, my DGA was synced an showed "brdige connected" but my router still got pppe timeouts. I tried to set and remove the VLAN tag on my router, used eth0 and eth1 to connect the router, without success. am I missing anything?

additional, since I guess I wasn't able to tell you my point: setting the VLAN tag on my router and using eth0 to connect the router and the DGA just would be for perfection. there is no technical reason for me, that the DGA shouldn't and the router should set the VLAN tag. at the moment my modem doens't set the tag so it is easier for me to switch the modems, if the router sets the tag. maybe I just should try to set the tag on my other modem ;) tbh: there wasn't enough time to change at that, since my wife wasn't happy about the downtime... I hope I got more time an the weekend.

again: thank you so far!

[Kherby]

That's weird because the config should definitely work but as i said it doesn't work when u set the vlan tag at your external router! Keep in mind that you won't have any benifits with the pppoerelayd enabled config. Anyway this config should also work for you as for anyone else...

Here is my full config (DGA4130) with vlan tag set to 7(you just have to change the MAC address and your Modem IP address):

Network config:

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'none'
    option default_ps '0'

config device 'waneth4'
    option type '8021q'
    option name 'waneth4'
    option macaddr 'CHANGE TO YOUR MAC ADDRESS'
    option ifname 'eth4'
    option vid '835'
    option ipv6 '0'

config interface 'wan'
    option macaddr 'CHANGE TO YOUR MAC ADDRESS'
    option proto 'bridge'
    option ifname 'ptm0.7'

config config 'config'
    option wan_mode 'bridge'

config interface 'wwan'
    option auto '1'
    option proto 'mobiled'
    option session_id '0'
    option profile '1'
    option enabled '0'

config interface 'wan6'
    option proto 'dhcpv6'
    option reqopts '12 21 22 23 24 25 31 56 64 67 82 83'
    option noslaaconly '1'
    option iface_464xlat '0'
    option auto '0'
    option dns_metric '20'
    option ifname '@wan_ipv6'
    option enabled '0'

config interface 'lan'
    option type 'bridge'
    option proto 'static'
    option ipaddr 'CHANGE TO YOUR MODEM IP ADDRESS'
    option netmask '255.255.255.0'
    option ip6assign '64'
    option force_link '0'
    option ipv6 '0'
    option ifname 'eth0 eth1 eth2 eth3 eth5'
    list pppoerelay 'ptm0'

config switch 'bcmsw'
    option reset '1'
    option enable_vlan '0'
    option qosimppauseenable '0'
    option jumbo '0'

config interface 'wlnet_b_24'
    option proto 'static'
    option ip6assign '64'
    option ipv6 '0'
    option ip6hint '1'
    option netmask '255.255.255.128'
    option ipaddr '192.168.168.1'
    option ifname 'wl0_1'
    option force_link '0'
    option name 'Ospiti-TIM-24205319'
    option enabled '0'

config interface 'wlnet_b_5'
    option proto 'static'
    option ip6assign '64'
    option ipv6 '0'
    option ip6hint '2'
    option netmask '255.255.255.128'
    option ipaddr '192.168.168.129'
    option ifname 'wl1_1'
    option force_link '0'
    option name 'Ospiti-TIM-24205319'
    option enabled '0'

config device 'wlnet_b_5eth5'
    option type '8021q'
    option name 'wl1_1'
    option enabled '0'
    option ifname 'eth5'
    option vid '3'
    option ipv6 '0'

config interface 'wan_ipv6'
    option auto '0'
    option proto 'pppoe'
    option demand '0'
    option password 'IPV6@alice6'
    option macaddr 'CHANGE TO YOUR MAC ADDRESS'
    option ipv6 '1'
    option peerdns '1'
    option keepalive_adaptive '0'
    option dns_metric '0'
    option ifname 'wanptm0'
    option username 'YOUR-SERIAL-NUMBER-xxxxxx@alice6.it'
    option metric '10'

config interface 'ipoe'
    option proto 'dhcp'
    option metric '1'
    option reqopts '1 3 6 43 51 58 59'
    option release '1'
    option neighreachabletime '1200000'
    option neighgcstaletime '2400'
    option ipv6 '1'

pppoerelayd config:

config pppoerelayd 'config'
        option enable '1'
        option server_intf 'wan'
        option client_intf 'lan'
        option timeout '0'
        option nsessions '32'

Try this config, reboot the modem + external router and let me know if you are able to establish a pppoe connection with your external router. If the normal bridge config works, this one should work as well... Btw, what router model are you using?

[1of16]

just a short answer, since I won't be able to test anything today: I am using a ubiquiti unifi USG

[kevdagoat]

I can say from my experience the cpu normally hangs around that unless doing transfers or dumping partitions, then it rises to 2-3% load!

Sent from my iPhone

On 4 Aug 2018, at 3:44 am, 1of16 notifications@github.com wrote:

just a short answer, since I won't be able to test anything today: I am using a ubiquiti unifi USG

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[Kherby]

CPU:   0% usr  20% sys   0% nic  79% idle   0% io   0% irq   0% sirq
Load average: 0.07 0.06 0.11 1/82 8538

This is my DGA4130 when downloading at full speed (~90Mbps)...

[3x3cut0r]

@Kherby i also don't get the bridge mode working with your steps at all!

[Kherby]

@3x3cut0r That's kinda weird, what config does work for you and does your pppoe connection require a vlan tag?

[3x3cut0r]

@Kherby actually i haven't found a working config for pppoe atm. still get pppoe timeouts or auth failures. but with other router np. i tryed with and without vlan tag on both sides (with 1.1.0 and gui 8.6.4)

[Kherby]

@3x3cut0r What Router Model are you using and does your connection require a vlan tag? The pppoerelayd config is known to work with some routers where the normal bridge config didn't worked for some reason... But it seems that some routers still have problems with the DGA@Bridge Mode, even with the modified pppoerelayd config. :/

[1of16]

first of all the good news: it finally works! I dunno if there was a typo, the moon on the wrong side of the earth or anything.....but anyways, here some infos:

first of all I set the VLAN tag on my "old" modem and removed it on my router...so I don't have to change that all the time. after verifying my connection still works, I used a DGA without your suggestions, only changed in /etc/config/network in the section config interface 'lan' the ptm0.xxx part to list ifname 'ptm0.7' I hooked up the modem to my router and I got a connection! but the internet-led on my DGA always blinked red....kinda annoying

so I used my 2. DGA (you never should have only one ;) ) and tried your suggestions. It seems this time I did everything by-the-book and I got a connection! and: the internet-led is blinking green! so looks good :)

on both setups I assigned the WAN port to LAN to use it to connect the DGA with my router, but again: only cosmetics now I will follow your suggestions and disable all the useless services. additional I will hook the DGA up to my syslog-server to get some easy logging.

a few things are missing right now, but again nothing important: /etc/resolve.conf uses the loopback for DNS, is there a better way to change that other then change it? and I need to change the DGAs gateway, so I can play around with opkg maybe ;)

THANK YOU!

[3x3cut0r]

@Kherby I‘m using an AVM Fritzbox 7490. This Router trys to connect with and without a vlan tag. And if I export the config then I can see the vlan 7 is always set. So I think I need one. I still got no workoing config at all with the DGA except of using it on ethernet/clientmode ...

[Kherby]

so I used my 2. DGA (you never should have only one ;) ) and tried your suggestions. It seems this time I did everything by-the-book and I got a connection! and: the internet-led is blinking green! so looks good :)

My internet LED was also blinking red with the default bridge config and changed to green with the modified pppoerelayd config. This is only a cosmetic thing but green looks better for sure! Imho that's another reason to replace the default config with the modified pppoerleayd one... ;)

on both setups I assigned the WAN port to LAN to use it to connect the DGA with my router

Could you tell me how to setup the WAN port as LAN port? I haven't tried that yet and i'm not even sure if this will also work with my DGA4130...

a few things are missing right now, but again nothing important: /etc/resolve.conf uses the loopback for DNS, is there a better way to change that other then change it? and I need to change the DGAs gateway, so I can play around with opkg maybe ;)

At my setup (Main Router @OpenWRT) i've setup a second interface on the WAN side to access the DGA over my private LAN subnet.

DGA: 192.168.254.254
Main Router: 192.168.1.1
Second interface on the WAN side: 192.168.254.1

To get internet access with my DGA i've added a new route:

root@DGA:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.254.1   0.0.0.0         UG    1      0        0 br-lan
192.168.254.0   *               255.255.255.0   U     0      0        0 br-lan

And at my network config i've added option dns '192.168.254.1' under the config interface 'lan' section (this will change the default resolv.conf). That's how it works for me and i was able to install Luci in bridge mode, which requires a successfull opkg update command.

My next step will be to restrict internet access to repository.ilpuntotecnico.com only (for *.ipk installs and GUI updates) via firewall rules on my main router as i don't want the DGA to have access to the whole internet.

Keep in mind that there is currently an issue when running the opkg update over https, see: https://github.com/Ansuel/tch-nginx-gui/issues/93 But there is already a workaround available: https://www.ilpuntotecnico.com/forum/index.php/topic,78585.msg239805.html#msg239805

[1of16]

as far as I can see it, there is a button in the GUI to assign the WAN port to LAN, or you change this:

/etc/config/ethernet
config globals 'globals'
        option eth4lanwanmode '1'

a using the 2. interface at my router or even using a VLAN is a good idea...or maybe, as you suggest, the DGA doesn't need to talk too much with the outside world ;)

[Kherby]

If anyone is interested, here is a working bridge config (without pppoerelayd) where all LEDs will switch to green after DSL has been synchronised. In my case i need vlan tag 7(ptm0.7)* to establish a pppoe connection with my main router:

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'none'
    option default_ps '0'

config device 'waneth4'
    option type '8021q'
    option name 'waneth4'
    option macaddr 'INSERT YOUR MAC ADDRESS'
    option ifname 'eth4'
    option vid '835'
    option ipv6 '0'

config device 'wanptm0'
    option type '8021q'
    option name 'wanptm0'
    option macaddr 'INSERT YOUR MAC ADDRESS'
    option vid '7'
    option ipv6 '0'

config interface 'wan'
    option proto 'bridge'
    option demand '0'
    option macaddr 'INSERT YOUR MAC ADDRESS'
    option keepalive_adaptive '0'
    option auto '1'
    option enabled '1'
    option ifname 'ptm0.7'

config config 'config'
    option wan_mode 'bridge'

config interface 'wwan'
    option auto '1'
    option proto 'mobiled'
    option session_id '0'
    option profile '1'
    option enabled '0'

config interface 'wan6'
    option proto 'dhcpv6'
    option reqopts '12 21 22 23 24 25 31 56 64 67 82 83'
    option noslaaconly '1'
    option iface_464xlat '0'
    option auto '0'
    option dns_metric '20'
    option ifname '@wan_ipv6'
    option enabled '0'

config interface 'lan'
    option type 'bridge'
    option proto 'static'
    option netmask '255.255.255.0'
    option ip6assign '64'
    option force_link '0'
    option ipv6 '0'
    option ipaddr '10.0.0.1'
    list ifname 'eth0'
    list ifname 'eth1'
    list ifname 'eth2'
    list ifname 'eth3'
    list ifname 'eth5'
    list ifname 'ptm0.7'

config switch 'bcmsw'
    option reset '1'
    option enable_vlan '0'
    option qosimppauseenable '0'
    option jumbo '0'

config interface 'wlnet_b_24'
    option proto 'static'
    option ip6assign '64'
    option ipv6 '0'
    option ip6hint '1'
    option netmask '255.255.255.128'
    option ipaddr '192.168.168.1'
    option ifname 'wl0_1'
    option force_link '0'
    option name 'INSERT YOUR GUEST SSID'

config interface 'wlnet_b_5'
    option proto 'static'
    option ip6assign '64'
    option ipv6 '0'
    option ip6hint '2'
    option netmask '255.255.255.128'
    option ipaddr '192.168.168.129'
    option ifname 'wl1_1'
    option force_link '0'
    option name 'INSERT YOUR GUEST SSID'

config device 'wlnet_b_5eth5'
    option type '8021q'
    option name 'wl1_1'
    option ifname 'eth5'
    option vid '3'
    option ipv6 '0'

config interface 'ipoe'
    option proto 'dhcp'
    option metric '1'
    option reqopts '1 3 6 43 51 58 59'
    option release '1'
    option neighreachabletime '1200000'
    option neighgcstaletime '2400'
    option ipv6 '1'

*I can't verify if this config works without vlan tag (ptm0) and without option vid '7' but there is a good chance that it will work

[kevdagoat]

Is this ok to close now?

[Kherby]

Yes sure feel free to close it.

My last comment was just for the people with the DGA4130/4132 in bridge mode. IMHO the default bridge mode config isn't very well and there are way too many useless services running by default. Anyway i guess the devs won't put much effort into the bridge mode config because most people are using their device in router mode...

[kevdagoat]

You will have to close as I don’t own the repo :)

[FrancYescO]

i think we can take this opened because if we have a better way to do the bridge mode is good to implemnt it

[FrancYescO]

Closing as all suggestions by @Kherby basically got implemented with https://github.com/Ansuel/tch-nginx-gui/commit/cb32868ca128a77f8e28bd9215d373c9e6906da7

(after setting the correct broadband mode, setting the bridge mode from internet modal will result in the broadband interface bridged to lan and all leds in an OK status)