vlan - really confused and needing assitance

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
nicolasdiogo
DD-WRT Novice


Joined: 15 Feb 2011
Posts: 22

PostPosted: Sun Mar 13, 2011 8:56    Post subject: vlan - really confused and needing assitance Reply with quote
hello,

just discovered that my router WNR3500L supports vlan (thanks to dd-wrt)

i am looking to use a vlan to create a DMZ on my KVM system.

my setup is as follows:

WEB
, |--> modem (192.168.1.1)
, | network (192.168.1.0/24)
, |
, |--> DD-WRT router (192.168.1.2, 192.168.17.1, 10.0.1.1)
, | DMZ network (192.168.17.0/24)
, | Local network (10.0.1.0/24)

i have tried using the webGUI to configure the vlan but these do not seem to work! i have read the docs:
http://www.dd-wrt.com/wiki/index.php/Switched_Ports
http://www.geek-pages.com/articles-for-geeks-mainmenu-2/1-latest/27-dd-wrt-setting-up-a-separate--isolated-vlan-on-port-4-with-dhcp?start=1

but i can not get it to work on my router.

would someone be able to explain me how to get port 4 to work with vlan? Please.

many thanks,

Nicolas
Sponsor
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Sun Mar 13, 2011 22:58    Post subject: Reply with quote
Use build 15508 or higher to fix the VLAN GUI for that model.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
nicolasdiogo
DD-WRT Novice


Joined: 15 Feb 2011
Posts: 22

PostPosted: Mon Mar 14, 2011 8:19    Post subject: Reply with quote
my dd-wrt has the following info on the about page:

DD-WRT v24-sp2 (08/07/10) std-usb-ftp
(SVN revision 14896).

which i presume to be lower then the one you mentioned.
but this is the highest it is shown on the router database.

BUT after going through the documentation, it states that what revision to use don't trust the Router Database.
which seems a little confusing..

but i am reading the posting 'Peacock Thread-FAQ: EVERYTHING you NEED to know! Really!!'


and i will post back when i manage to go through all that information

thanks,


Nicolas
nicolasdiogo
DD-WRT Novice


Joined: 15 Feb 2011
Posts: 22

PostPosted: Mon Mar 14, 2011 9:10    Post subject: Reply with quote
so i went through the docs.

the docs suggest using one of the builds available here:
ftp://dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2010/08-12-10-r14929/broadcom_K26/

which is the same as i currently have it.

navigating the ftp, i can find newer builds, and as per suggestion, higher than 15508:

ftp://dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2010/
11-06-10-r15693
11-09-10-r15704
11-21-10-r15778
12-18-10-r15940
12-24-10-r15962


i did search through the forum to find out if anyone has had anything to say about these. could not find anything particularly bad or good.

any suggestion on which one to use?

many thanks,

Nicolas
nicolasdiogo
DD-WRT Novice


Joined: 15 Feb 2011
Posts: 22

PostPosted: Tue Mar 15, 2011 9:35    Post subject: Reply with quote
hi

this is what i have done so far.

upgrading dd-wrt to a new version of k26 build

To do a 30-30-30 reset you must push the reset button with your router powered on.

NOTICE: you have to use a WIRED connection

with current build
hard-reset for 35 seconds

without turning it off-line, refresh IP and connecting to 192.168.1.1
password page is display and details entered - using simple name and password (no funky characters like %$)

now for a full hard-reset
35 seconds pressing reset button WITH power on
turning power OFF AND CONTINUE pressing reset button for another 35 seconds
turning power ON AND CONTINUE pressing reset button for another 35 seconds

change password again - it should request it when you access it

after, unplug the power cable for at least 30 seconds, physically pull the cable out

bring it power on-line

i am using a WNR3500L, and following advice from the Guru's at DD-WRT forum, i will be installing:
dd-wrt.v24-15940_NEWD-2_K2.6_big.bin

login into the router and upgrade the firmware with the of above. choose to reset the configuration at the same time.

the page goes into the usual horizontal bar, telling us to wait and after a while but eventually it comes back (or stops - just goto to http://192.168.1.1 manually)

login back in, and check your update by clicking on the right-upper corner on the firmware link. on the new page you will find your build details. in this case:
DD-WRT v24-sp2 (12/18/10) big
(SVN revision 15940)

so it is working again!!


now for the vlan setup configuration

objective
set a vlan to be a DMZ subnet

ideally i would like to make this to a single port; having two networks available through the same physical port.

but i could not work out how to do that. instead i will try to do it against all ports

firstly i have setup my laptop to have a vlan with VLAN TAGGING 9 (using ubuntu 10.10)
~# vconfig add eth0 9
~# ifconfig eth0.9 192.168.13.89


in the router using the web UI

on page VLANs, all ports are kept together on vlan1

on page Networking, i did the following:
on VLAN TAGGING (matching the tagging on my laptop)
add VLAN0 interface with VLAN1, tag number 9 prio 1
save and apply

on port setup
Network Configuration vlan1.9 = Unbridged
Masquerade / NAT = Enable
IP = 192.168.13.1
subnet mask = 255.255.255.0
save, apply and then rebooted

my latpop received the correct dhcp offer with ip range of 192.168.1.0/24
But i can not ping 192.168.13.1 (router IP on vlan1.9)
and i can find the correct entry on my laptop on the route

Destination Gateway Genmask Flags Metric Ref Use Iface
...
192.168.13.0 * 255.255.255.0 U 0 0 0 eth0.9


on the router ssh i find the following info:
192.168.13.1
root@DD-WRT:~# nvram show | grep vlan1.9
vlan1.9_mtu=1500
vlan1.9_nat=1
vlan1.9_multicast=0
vlan1.9_bridged=0
vlan1.9_ipaddr=192.168.13.1
vlan1.9_netmask=255.255.255.0
vlan_tags=vlan1>9>1
size: 24824 bytes (7944 left)

port5vlans=1 2 16
port3vlans=1 18 19
port1vlans=1 18 19
port4vlans=1 18 19
vlans=1
port2vlans=1 18 19
port0vlans=2 18 19
size: 24824 bytes (7944 left)

root@DD-WRT:~# nvram show | grep ports
vlan2ports=0 8
wshaper_noprioportsrc=
vlan1ports=4 3 2 1 8*
size: 24824 bytes (7944 left)


i have deduced that my vlan is created with tagging 9.
but it does not work as i expected.

using wireshark on my laptop, i can see the broadcasts from the router originating from IP => 192.168.13.1

i am new to VLAN and how to setup them up - but i would appreciate some assistance on getting started.

any suggestion on what is wrong here?
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Tue Mar 15, 2011 18:54    Post subject: Reply with quote
Don't use VLAN tagging on the networking page for Broadcom based routers, use the VLAN page. See the wiki for more info.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
nicolasdiogo
DD-WRT Novice


Joined: 15 Feb 2011
Posts: 22

PostPosted: Wed Mar 16, 2011 16:57    Post subject: Reply with quote
i did and this is what i got:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=89570
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum