Posted: Wed Mar 20, 2024 4:05 Post subject: Can't figure out VLANs on Netgear R6400
• DD-WRT build -- r55363
• Hardware -- Netgear R6400 v1
• Operating Mode -- Router, WAP implementation
• Network Architecture -- Netgear (DD-WRT) (via Port 1) -> Managed Switch -> Firewall-Router -> Modem -> Internet
Note: Firewall-Router is handling DHCP for the whole network
• Goal: DD-WRT access point with 2.4/5 GHz regular LAN, plus VAPs bridged to VLANs (e.g. VLAN10 = IoT, VLAN20 = Guests) all via physical Port 1
Note: Port 3 is just my PC plugged in for troubleshooting
• Current Issue: Simply assigning VLANs 10 and 20 on Port 1 causes access to Internet on all ports to be cut off, regardless of whether or not I mark VLANS 10 and 20 as tagged.
Methods attempted:
• Superuser question -- This got me the closest: I was able to connect to the internet on VLANs 10 and 20. However, it didn't solve the problem of VLAN1 traffic being cut off.
• Switched Ports (nvram method) -- this shuts down my wireless interfaces and makes the router completely unreachable on all ports. Had to reset firmware a few times.
• swconfig -- similar results to first method (if I also supplement VAP bridging)
Main question: what are the most up-to-date guides that would help me accomplish my goal? Or perhaps I am overlooking something?
See this link to configure your VLANs on a single port CPU, which is what you have:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=335568 _________________ Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r53562
Features in use: WDS-AP, Multiple VLANs, Samba, WireGuard, Entware: mqtt, mlocate
Wireless 5ghz only
Netgear R7800 (WDS-AP, WAP, VAP) - DD-WRT r55779
Features in use: multiple VLANs over single trunk port
Linksys EA8500 WDS Station x2 - DD-WRT r55799
Netgear R6400v2 WAP, VAP 2.4ghz only w/VLANs over single trunk port. DD-WRT r55779
OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.
I'm following instructions under "Trunk-Port Link between Main-Router and Wireless-Access-Point (WAP)." -- my access points for VLANs 10 and 20 are working and can connect to the Internet. Furthermore I have Internet access on Port 3 (untagged VLAN1). However, my regular 2.4/5 GHz access points still can't get Internet (but, they are at least being broadcasted).
I don't understand, eth1 and eth2 are bridged to vlan1 in the default bridge. They should be working. DD-WRT is also unreachable from the LAN.
Edit/Temporary Solution: I bridged eth1 and eth2 into the new VLAN 5 and now all the access points can connect to the Internet.
The remaining issue is that the DD-WRT router is not reachable by the regular LAN over the Port 1 link when it's configured to carry tagged VLANs. If anyone knows a solution, please let me know.
By switch input and output, are you referring to the Ports that connect the DD-WRT router (Port 2) and the firewall router (Port 1) respectively? I have other devices connected to the switch that get disrupted if I only tag VLAN 1 for Port 1.
EDIT: I'd done the exact opposite of what you meant, likely. Tagging VLAN 1 on Port 2 did the trick! Thank you so much I've finally resolved it
EDIT2: I just tried unbridging eth1/eth2 from vlan5 and it broke vlan1. I re-bridged and everything works again. I seriously don't know what's happening anymore. But, it seems like that traffic has to stay tagged on its own VLAN. Not a big deal, but definitely strange.
EDIT: I'd done the exact opposite of what you meant, likely. Tagging VLAN 1 on Port 2 did the trick! Thank you so much I've finally resolved it Very Happy
firewall ---> switch input --> switch output --> WAP (a WAP is only an extension of the main router and not the other way round)
If the dd-wrt router is connected to port 2, then port 2 is the switch output! and VLAN1 must be tagged on this port.
but you can also try to misunderstand me on purpose
Quote:
EDIT2: I just tried unbridging eth1/eth2 from vlan5 and it broke vlan1. I re-bridged and everything works again. I seriously don't know what's happening anymore. But, it seems like that traffic has to stay tagged on its own VLAN. Not a big deal, but definitely strange.
bullshit
I repeat it again, it works exactly as I have shown it, all the necessary settings are shown
I myself use a trunk for my WAPs with VLAN1, many others use exactly the same configuration without any problems.
and that any WLAN interfaces should break VLAN interfaces is outrageous nonsense
delete the complete VLAN5 configuration
delete br3
delete the br3 assignments
firewall ---> switch input --> switch output --> WAP (a WAP is only an extension of the main router and not the other way round)
If the dd-wrt router is connected to port 2, then port 2 is the switch output! and VLAN1 must be tagged on this port.
but you can also try to misunderstand me on purpose
Sorry about my reading comprehension, that bit works just as you described.
Quote:
and that any WLAN interfaces should break VLAN interfaces is outrageous nonsense
I wholeheartedly agree with this statement.
Quote:
delete the complete VLAN5 configuration
delete br3
delete the br3 assignments
you need some patience, it takes a while after each step until the router has adopted the settings.