Posted: Thu Dec 20, 2018 10:32 Post subject: Problem with vlan (LAN)
I have set up wifi with vlan and they work properly. But when I try to create the Vlan on the LAN network it does not work. In fact, as photos attached, they appear correctly configured but in reality on port 1 I am not assigned the correct IP while on the other ports is assigned not the router addressing (eg 192.168.1.x) but that of the vlan (es 192.168.8.x).
What am I doing wrong
Try the following:
On the VLAN page set "Assign to bridge " for VLAN1 to None and for VLAN3 (port 1) to LAN (=assign to br0)
VLAN1 (with port 2,3,4) is on its own bridge with IP address of 192.168.8.1
For some routers the port numbers are in reverse order (physical port 1 has port number 4).
It does not work anyway. Port 1 does not navigate and does not receive, even if I put lan or none. I have also activated the dchp but it does not work.
I do not know.
I reset the router and started all over again. I started from the vlan connected via eth. After some hours of configuration of the whole router I noticed:
1) one of the Wifi networks does not go (2.4 mhz)
2) networks are not isolated.
So, for the second question, I used the firewall configuration:
iptables -I FORWARD -s 192.168.x.x / 255.255.255.0 -j DROP
and it seems that this problem is not overcome too, or do not browse ...
More tips
Last edited by Frakko on Fri Dec 21, 2018 13:43; edited 1 time in total
VAPs do not work on a lot of builds without some sort of workaround see the latest build thread for work arounds
Your firewall rule blocks all those IP adderesses to everywhere that is probably not what you want.
Isolation from your LAN can be done in the GUI: "Net Isolation: Enable"
done but it does not work. If you prefer I can attach the configuration that I have produced until now for any corrections. The router is Netgear R7000.
Joined: 18 Mar 2014 Posts: 12839 Location: Netherlands
Posted: Fri Dec 21, 2018 14:02 Post subject:
Sure it is always helpfull to post your settings on a R7000 especially runining Kong's builds (I use the latest)
It should be possible, although VAP's are real PITA lately.
I could only get it to work with @Quarkysg's patch
Quote:
Problems and workarounds:
1) When VAP is not working at boot; workaround startup command:
sleep 10; stopservice nas; stopservice wlconf; startservice wlconf; startservice nas;
2) Aternative way to get VAP working: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317181
I will do it as soon as possible. I will not change the firmware again because the tests done with Kong, if I remember correctly, had led more or less to the same result.
Unfortunately today I spent too much time on this configuration and if I do not want to get fired from my job I can not repeat the experience ...
As soon as possible maybe you give me an answer.
See you!
I did some more tests but in the end internet did not work.
I would like to practice:
Vlan1 only the first door, isolated and connected to the internet
Vlan2 the other 3 ports and possibility to manage the router
Wifi 2mhz isolated and connected to the internet
Wifi 5mhz isolated and connected to the internet
Thank you
Joined: 18 Mar 2014 Posts: 12839 Location: Netherlands
Posted: Sat Dec 22, 2018 15:36 Post subject:
Well I can not do much with your nvram.bak I have a different router and build.
Attached my setting for an unbridged radio (eth2 = wl1) with Net isolation (only internet access, isolated from the LAN).
Always reboot when done setting up.