R7800 and VLAN

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware
Goto page 1, 2  Next
Author Message
mskjold
DD-WRT Novice


Joined: 23 Jan 2018
Posts: 2

PostPosted: Tue Jan 23, 2018 22:33    Post subject: R7800 and VLAN Reply with quote
Is it possible to use R7800 and Kong latest stabile build to do the following?

WAN port: Internet from ISP. IP from ISP's DHCP
LAN port 1: VLAN1. 192.168.10.0/24
LAN port 2: VLAN2. 192.168.20.0/24
LAN port 3: VLAN3. 192.168.30.0/24

All three VLAN's sharing internett on WAN port. R7800 acting as DHCP to the VLAN's.

Only VLAN1 and wireless can see each other and on the same network/ip range.

Need to add som QOS later on, but I think I can fix that if the VLAN get sorted.

Can I do this with R7800 or do I need another box/try pfSense? If its possible could someone please guide a lost soul? Have flashed the R7800 with DD-WRT but didn't get any further.
Sponsor
sweatbee
DD-WRT Novice


Joined: 17 Jan 2018
Posts: 32
Location: Georgia, USA

PostPosted: Wed Jan 24, 2018 17:48    Post subject: Post subject: R7800 and VLAN Reply with quote
Don't know the answer to your question, but below is a link I found related to what you are asking. Good luck.

https://www.flashrouters.com/blog/2015/04/06/what-is-a-vlan-how-to-setup-vlan-ddwrt/

_________________
R7800 v3.0-r35900M kongat (05/08/18)
Private network eth1 ath0 ath1 protected by PIA Openvpn with PBR
Guest network with bridged VLAN and VAPs for IOT devices (Roku's, Amazon Echos, switches, etc.) and guest.
Noob still finding my way.
mskjold
DD-WRT Novice


Joined: 23 Jan 2018
Posts: 2

PostPosted: Wed Jan 24, 2018 18:27    Post subject: Re: Post subject: R7800 and VLAN Reply with quote
Thanks for trying to help out. I'v also found and read that guide. Turns out the guide is for Broadcom firewall's and at the R78000 there are no GUI to sort out the VLAN.

My best bet so far is to use swconfig and follow this guide: http://mrjcd.com/EA8500_DD-WRT/vlans/

Will post result when I'v tried.
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 3511
Location: Texas

PostPosted: Wed Jan 24, 2018 19:31    Post subject: Re: Post subject: R7800 and VLAN Reply with quote
mskjold wrote:
Thanks for trying to help out. I'v also found and read that guide. Turns out the guide is for Broadcom firewall's and at the R78000 there are no GUI to sort out the VLAN.

My best bet so far is to use swconfig and follow this guide: http://mrjcd.com/EA8500_DD-WRT/vlans/

Will post result when I'v tried.

You can tinker with the r7800 and maybe get some useful info from that page but the same settings will not work on the r7800...
...same switch, and also in many top routers, but tis wired different....
good luck sorting it out Surprised

iffin I ever run across a r7800 to play with I'll look into it Twisted Evil
sweatbee
DD-WRT Novice


Joined: 17 Jan 2018
Posts: 32
Location: Georgia, USA

PostPosted: Wed Feb 28, 2018 23:27    Post subject: Re: Post subject: R7800 and VLAN Reply with quote
mskjold wrote:
Thanks for trying to help out. I'v also found and read that guide. Turns out the guide is for Broadcom firewall's and at the R78000 there are no GUI to sort out the VLAN.

My best bet so far is to use swconfig and follow this guide: http://mrjcd.com/EA8500_DD-WRT/vlans/

Will post result when I'v tried.


Have you made any further progress? I have been doing some research and have come up with the following:

The following code is from here:
http://svn.dd-wrt.com/browser/src/router/services/sysinit/sysinit-ipq806x.c#L482

This sets up the VLAN's on the router switch.

switch (board) {

case ROUTER_NETGEAR_R7800: // why is this extra? looks like the default one
eval("swconfig", "dev", "switch0", "set", "reset", "1");
eval("swconfig", "dev", "switch0", "set", "enable_vlan", "0");
eval("swconfig", "dev", "switch0", "vlan", "1", "set", "ports", "6 1 2 3 4");
eval("swconfig", "dev", "switch0", "vlan", "2", "set", "ports", "0 5");
eval("swconfig", "dev", "switch0", "set", "apply");
eval("ifconfig", "eth0", "up");
eval("ifconfig", "eth1", "up");
break;

case ROUTER_ASROCK_G10:
eval("swconfig", "dev", "switch0", "set", "reset", "1");
eval("swconfig", "dev", "switch0", "set", "enable_vlan", "1");
eval("swconfig", "dev", "switch0", "vlan", "1", "set", "ports", "2 3 4 5 6t");
eval("swconfig", "dev", "switch0", "vlan", "2", "set", "ports", "1 6t");
eval("swconfig", "dev", "switch0", "set", "apply");
eval("ifconfig", "eth1", "up");
eval("vconfig", "set_name_type", "VLAN_PLUS_VID_NO_PAD");
eval("vconfig", "add", "eth1", "1");
eval("vconfig", "add", "eth1", "2");
break;

case ROUTER_LINKSYS_EA8500:
eval("swconfig", "dev", "switch0", "set", "reset", "1");
eval("swconfig", "dev", "switch0", "set", "enable_vlan", "1");
eval("swconfig", "dev", "switch0", "vlan", "1", "set", "ports", "0t 1 2 3 4");
eval("swconfig", "dev", "switch0", "vlan", "2", "set", "ports", "0t 5");
eval("swconfig", "dev", "switch0", "set", "apply");
eval("ifconfig", "eth0", "up");
eval("vconfig", "set_name_type", "VLAN_PLUS_VID_NO_PAD");
eval("vconfig", "add", "eth0", "1");
eval("vconfig", "add", "eth0", "2");
break;

default:
eval("swconfig", "dev", "switch0", "set", "reset", "1");
eval("swconfig", "dev", "switch0", "set", "enable_vlan", "0");
eval("swconfig", "dev", "switch0", "vlan", "1", "set", "ports", "6 1 2 3 4");
eval("swconfig", "dev", "switch0", "vlan", "2", "set", "ports", "5 0");
eval("swconfig", "dev", "switch0", "set", "apply");
eval("ifconfig", "eth0", "up");
eval("ifconfig", "eth1", "up");
break;
}


The following information is from here:
https://openwrt.org/toh/hwdata/netgear/netgear_r7800
Model: R7800
Comments: The port mapping on this device is backwards relative to the printed numbers 1-4 on the device. This can be important when configuring LEDE's switch features since Physical 1 --> LAN4, Physical 2 --> LAN3, Physical 3 --> LAN2, and Physical 4 --> LAN1.


Below/attached is a block diagram of the QCA8337 switch in the r7800 (from datasheet)


Using the foundational information provided by “mrjcd” on his site below, it might be possible to replicate his programming for the EA8500 and substitute the appropriate port numbers on the r7800.
http://mrjcd.com/EA8500_DD-WRT/vlans/

NOOB SPECULATION - USE AT YOUR OWN RISK! (edit 3/02/18 6t for 6 previously used in vlan22)
I’m guessing mrjcd’s first example might look like this when changed for the r7800. Substitute the number "6t" for the number "0t" in the ports configuration.

swconfig dev eth0 vlan 1 set ports "6 1 3 4"
swconfig dev eth0 vlan 22 set ports "6t 2"
swconfig dev eth0 set enable_vlan 22
swconfig dev eth0 set apply
vconfig add eth0 22
ifconfig vlan22 192.168.22.1 /28

You would need to follow the rest of mrjcd’s instructions to complete the setup.

Anyway, I am not allowed to take down our r7800 and do anything to knock us off the internet. Our Roku’s are constantly streaming. Plus, I am not a programmer and anytime I make changes it has the potential to take down our r7800 for hours or days.

I’m willing to do what research I can, but I need someone to develop a proven recipe that I can follow.

_________________
R7800 v3.0-r35900M kongat (05/08/18)
Private network eth1 ath0 ath1 protected by PIA Openvpn with PBR
Guest network with bridged VLAN and VAPs for IOT devices (Roku's, Amazon Echos, switches, etc.) and guest.
Noob still finding my way.


Last edited by sweatbee on Fri Mar 02, 2018 19:44; edited 2 times in total
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4044
Location: Germany

PostPosted: Thu Mar 01, 2018 14:45    Post subject: Reply with quote
VLANs are working fine on it, just use swconfig and add the commands to startup.
_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
sweatbee
DD-WRT Novice


Joined: 17 Jan 2018
Posts: 32
Location: Georgia, USA

PostPosted: Thu Mar 01, 2018 15:11    Post subject: Reply with quote
<Kong> wrote:
VLANs are working fine on it, just use swconfig and add the commands to startup.


Thanks Kong. All of us really appreciate the work you and BS do on our behalf.

Half the battle with any problem is just knowing a solution is available. That it's not impossible.

My problem is I'm not a programmer or that familiar with Linux and need someone to lay it out with detailed directions for me. I have enough challenges following the GUI with all the options available. I'm still acquiring an understanding/definition of all the terms I read.

What commands and in what sequence, etc.? Is there a tutorial on this I missed or is it so basic that I am just expected to understand? Sample scripts for this purpose?

A trip of 100 miles starts with one step. I'm on the trip.

_________________
R7800 v3.0-r35900M kongat (05/08/18)
Private network eth1 ath0 ath1 protected by PIA Openvpn with PBR
Guest network with bridged VLAN and VAPs for IOT devices (Roku's, Amazon Echos, switches, etc.) and guest.
Noob still finding my way.
kammerma
DD-WRT Novice


Joined: 27 Dec 2016
Posts: 23

PostPosted: Thu Mar 01, 2018 19:18    Post subject: Reply with quote
This thread provides some background on how to configure VLANs on the R9000. Approach should be the same for the R7800, with different port assignments, though.

https://www.dd-wrt.com/phpBB2/viewtopic.php?t=309730&highlight=
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 3922
Location: Akershus, Norway

PostPosted: Thu Mar 01, 2018 19:31    Post subject: Reply with quote
Working example for the R7800:

Code:
wconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "3 4t 6"
swconfig dev switch0 vlan 3 set ports "1 2 4t 6t"
swconfig dev switch0 set apply
vconfig add eth1 3
ifconfig eth1.3 192.168.3.1 netmask 255.255.255.0



Note that the processor port for LAN is 6, but 5 for the WAN

Port 6 is not tagged for VLAN1, but tagged for the other VLANs.

I have a managed switch on port 4, that's why it's tagged.
sweatbee
DD-WRT Novice


Joined: 17 Jan 2018
Posts: 32
Location: Georgia, USA

PostPosted: Thu Mar 01, 2018 21:04    Post subject: Reply with quote
Thank you kammerma and Per. This really helps.

r7800 code for working configurations is a great help. If anyone else has r7800 working code they could share as examples it would be appreciated.

Noob question - When do you tag a port? For what purpose?

_________________
R7800 v3.0-r35900M kongat (05/08/18)
Private network eth1 ath0 ath1 protected by PIA Openvpn with PBR
Guest network with bridged VLAN and VAPs for IOT devices (Roku's, Amazon Echos, switches, etc.) and guest.
Noob still finding my way.
sweatbee
DD-WRT Novice


Joined: 17 Jan 2018
Posts: 32
Location: Georgia, USA

PostPosted: Sat Mar 03, 2018 16:56    Post subject: Reply with quote
Per Yngve Berg wrote:
Working example for the R7800:

Code:
wconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "3 4t 6"
swconfig dev switch0 vlan 3 set ports "1 2 4t 6t"
swconfig dev switch0 set apply
vconfig add eth1 3
ifconfig eth1.3 192.168.3.1 netmask 255.255.255.0



Note that the processor port for LAN is 6, but 5 for the WAN

Port 6 is not tagged for VLAN1, but tagged for the other VLANs.

I have a managed switch on port 4, that's why it's tagged.


I want to set up two extra VLANs on my r7800
VLAN 1 will remain as main network (including default bridge with wireless)
VLAN 10 will serve a VOIP phone
VLAN 20 will serve some wired connected IOT devices

Will use physical port 1 (switch port 4) for phone
Will use physical port 2 (switch port 3) for IOT devices
Physical ports 3 and 4 (switch port 2 and 1) will remain as main network

Will the following code/procedure work?

Computer’s wired connection is in physical port 4 (switch port 1) which does not change VLAN or subnet throughout this process thereby maintaining its connection.
Copy text below and paste into the 'Administration/Commands' window of GUI.

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 10 set ports "3 6t"
swconfig dev switch0 vlan 20 set ports "4 6t"
swconfig dev switch0 set apply
vconfig add eth1 10
vconfig add eth1 20
ifconfig eth1.10 192.168.10.1 netmask 255.255.255.0
ifconfig eth1.20 192.168.20.1 netmask 255.255.255.0
Click the 'Save Startup' button
Reboot router.

Go to Setup/Networking window of GUI to find the newly created interface Network Configuration vlan10
Click the 'unbridge' button associated with Network Configuration vlan10
Masquerade / NAT should be Enabled
Net Isolation should be Enabled
Put in IP Address 192.168.10.1
Put in subnetmask 255.255.255.0
Click the 'Save' button at bottom of page.
Click Add in the Multiple DHCP Server section
Select vlan10
Click the 'Apply Settings' button.

Follow same procedure with vlan20
Reboot the router.

As a noob I don’t want to do something to brick my router (and interrupt wife’s Roku streams). I want some extra eyes to look this over before I attempt it. Thanks for your help!

(correction - edited wconfig to swconfig per Per Yngve Berg)

_________________
R7800 v3.0-r35900M kongat (05/08/18)
Private network eth1 ath0 ath1 protected by PIA Openvpn with PBR
Guest network with bridged VLAN and VAPs for IOT devices (Roku's, Amazon Echos, switches, etc.) and guest.
Noob still finding my way.


Last edited by sweatbee on Mon Mar 05, 2018 0:01; edited 2 times in total
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 3922
Location: Akershus, Norway

PostPosted: Sat Mar 03, 2018 18:50    Post subject: Reply with quote
That is correct. I see only one error: the first letter of the first command is missing.
sweatbee
DD-WRT Novice


Joined: 17 Jan 2018
Posts: 32
Location: Georgia, USA

PostPosted: Mon Mar 05, 2018 10:50    Post subject: Reply with quote
After thinking some more I’ve decided to only set up one extra VLAN for my router. I will split the ports and have two in each VLAN. Then I will have my VOIP phone and my IOT devices together in the new VLAN and my computers, tablets, printers, etc. in the existing VLAN 1.

Based on the previous example (not tested) the following should work. (It didn’t – see below)

Computer’s wired connection is in physical port 4 (switch port 1) which does not change VLAN or subnet throughout this process thereby maintaining its connection.
Copy text below and paste into the 'Administration/Commands' window of GUI.

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 25 set ports "3 4 6t"
swconfig dev switch0 set apply
vconfig add eth1 25
ifconfig eth1.25 192.168.25.1 netmask 255.255.255.0

Click the 'Save Startup' button
Reboot router.

Go to Setup/Networking window of GUI to find the newly created interface Network Configuration vlan25 (shows as - Network Configuration eth1.25)
Click the 'unbridge' button associated with Network Configuration eth1.25
Masquerade / NAT should be Enabled
Net Isolation should be Enabled
Put in IP Address 192.168.25.1
Put in subnetmask 255.255.255.0
Click the 'Save' button at bottom of page.
Click Add in the Multiple DHCP Server section
Select vlan25 (shows as eth1.25)
Click the 'Apply Settings' button.
Reboot router

While everything appeared to go smoothly in the set-up procedure I received the following message in Syslog.

Dec 31 19:00:37 DD-WRT daemon.warn dnsmasq[1295]: warning: interface eth1.25 does not currently exist
Dec 31 19:00:37 DD-WRT daemon.info dnsmasq-dhcp[1295]: DHCP, IP range 192.168.25.100 -- 192.168.25.149, lease time 1d

Checking the attached devices I get errors showing no internet connection.

What do I need to change/add to the above procedure to get the interface to work?

_________________
R7800 v3.0-r35900M kongat (05/08/18)
Private network eth1 ath0 ath1 protected by PIA Openvpn with PBR
Guest network with bridged VLAN and VAPs for IOT devices (Roku's, Amazon Echos, switches, etc.) and guest.
Noob still finding my way.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 3922
Location: Akershus, Norway

PostPosted: Mon Mar 05, 2018 15:19    Post subject: Reply with quote
Run the command "ifconfig". It will list the interfaces with ip address and other info.

Is it only Internet access that are missing?

Paste in command and Save as firewall:

iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE

This will NAT all local IP sub-nets that are going out the WAN.

PS. I have the same error. It's because DHCPd starts before the startup script is run.
sweatbee
DD-WRT Novice


Joined: 17 Jan 2018
Posts: 32
Location: Georgia, USA

PostPosted: Mon Mar 05, 2018 18:32    Post subject: Reply with quote
Per Yngve Berg wrote:
Run the command "ifconfig". It will list the interfaces with ip address and other info.

Is it only Internet access that are missing?

Paste in command and Save as firewall:

iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE

This will NAT all local IP sub-nets that are going out the WAN.

PS. I have the same error. It's because DHCPd starts before the startup script is run.


Pasted in command and Saved as firewall:
iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE
rebooted

root@DD-WRT:~# ifconfig
Above gives info on all interfaces (ath0 ath0.1 ath1 ath1.1 br0 br0:0 eth0 eth1 eth1.25 lo tun1). Below shows eth1.25 (vlan 25) which is the only one not working.

eth1.25 Link encap:Ethernet HWaddr B0:B9:8A:6F:0F:47
inet addr:192.168.25.1 Bcast:192.168.25.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:90 errors:0 dropped:0 overruns:0 frame:0
TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:24784 (24.2 KiB) TX bytes:5231 (5.1 KiB)

I should see a VOIP phone, an Audio Receiver, and a Blu-Ray player on the network. Prior to change they showed up. Now they don’t. They do not receive internet access. Previously they were given static leases on the DHCP Server. At first reboot I did not remove the static leases and they showed up as available hosts for Wake-On-Lan under their old IPs. I deleted the static leases and rebooted. The audio receiver is still showing up under Wake-On-Lan with its old IP. However, I’ve noticed this FW version does not show all connected hosts as available for Wake-On-Lan. This may be a bug.

192.168.25.1 subnet is not in the PBR range to go through OpenVPN.

Any other suggestions? Thanks for helping!

_________________
R7800 v3.0-r35900M kongat (05/08/18)
Private network eth1 ath0 ath1 protected by PIA Openvpn with PBR
Guest network with bridged VLAN and VAPs for IOT devices (Roku's, Amazon Echos, switches, etc.) and guest.
Noob still finding my way.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum