VLan routing setup

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Author Message
mmacnish
DD-WRT Novice


Joined: 10 Mar 2010
Posts: 7

PostPosted: Wed Mar 10, 2010 4:58    Post subject: VLan routing setup Reply with quote
I was advised to use ddwrt instead of a cheap cisco router for what I'm trying to do.

I've got a L2 switch that I setup 2 vlans with the router port 1 hooked up to the switch port 1.

Port 1 is on both vlans and I want ddwrt to rout vlan traffic. Port 2 is my server for dhcp and both ports are trunking.

I want to use the server for dhcp because I'm also going to use vmware to run ipcop and other stuff.

My big question is how can I setup ddwrt to route the vlans? I've only been able to find info on breaking up the router ports into vlans but not actual vlan routing through a single port.

Any links to tutorials or explanation would be great.
Sponsor
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1378
Location: Germany

PostPosted: Wed Mar 10, 2010 13:36    Post subject: Reply with quote
the inbuild switch cant handle vlans yet. kernel driver did not support tagging.
_________________
RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
mmacnish
DD-WRT Novice


Joined: 10 Mar 2010
Posts: 7

PostPosted: Wed Mar 10, 2010 23:21    Post subject: Reply with quote
so whats the vlan tagging settings under Setup->Networking?
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1378
Location: Germany

PostPosted: Wed Mar 10, 2010 23:42    Post subject: Reply with quote
its without function i guess Smile try it, but nothing will happen. you may create multiple vlans and bridge and unbridge ( seperating networks )them..but tagging will not work.

s.o. correct me, if i am wrong.

_________________
RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Sun Mar 14, 2010 5:00    Post subject: Reply with quote
VLAN's do work, but not all hardware fully/partially supports it. The old G spec models typically support VLAN's and a few N spec models with 100 base-T switches do to, but no gigabit switches do.

To get routing between the VLAN's, first assign your ports, save the settings, and reboot the router to make the VLAN assignment take affect. Then on the networking page make sure that you unbridge the VLAN's and assign them an IP address/subnet mask for their network segment. This will automatically add the routes to the routing table. Then you need to turn off the SPI firewall on the security page or add iptables rules to your firewall script.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
JayBird
DD-WRT Novice


Joined: 14 Mar 2010
Posts: 3

PostPosted: Sun Mar 14, 2010 19:39    Post subject: Reply with quote
phuzi0n wrote:
VLAN's do work, but not all hardware fully/partially supports it. The old G spec models typically support VLAN's and a few N spec models with 100 base-T switches do to, but no gigabit switches do.

To get routing between the VLAN's, first assign your ports, save the settings, and reboot the router to make the VLAN assignment take affect. Then on the networking page make sure that you unbridge the VLAN's and assign them an IP address/subnet mask for their network segment. This will automatically add the routes to the routing table. Then you need to turn off the SPI firewall on the security page or add iptables rules to your firewall script.


Thanks alot, you got me further with this than I was previously, much appreciated.
mmacnish
DD-WRT Novice


Joined: 10 Mar 2010
Posts: 7

PostPosted: Thu Mar 18, 2010 15:23    Post subject: Reply with quote
phuzi0n wrote:
VLAN's do work, but not all hardware fully/partially supports it. The old G spec models typically support VLAN's and a few N spec models with 100 base-T switches do to, but no gigabit switches do.

To get routing between the VLAN's, first assign your ports, save the settings, and reboot the router to make the VLAN assignment take affect. Then on the networking page make sure that you unbridge the VLAN's and assign them an IP address/subnet mask for their network segment. This will automatically add the routes to the routing table. Then you need to turn off the SPI firewall on the security page or add iptables rules to your firewall script.


Thanks but I've got a managed switch, any way to just use this for vlan routing? I've also got a server I'd like to use for dhcp and a couple vmachines I'd like to run on different vlans. So if I can get this to just route vlans I'd be all set.

Ideas?
mmacnish
DD-WRT Novice


Joined: 10 Mar 2010
Posts: 7

PostPosted: Thu Mar 18, 2010 20:00    Post subject: Reply with quote
I'm sorry maybe I'm stupid but the tutorial
http://www.dd-wrt.com/wiki/index.php/Default_Configuration_Overview
Is like Chinese to me. Does this make any sense to anyone that can translate?
Borage
DD-WRT User


Joined: 26 Nov 2006
Posts: 422

PostPosted: Thu Mar 18, 2010 20:27    Post subject: Reply with quote
mmacnish wrote:
I'm sorry maybe I'm stupid but the tutorial
http://www.dd-wrt.com/wiki/index.php/Default_Configuration_Overview
Is like Chinese to me. Does this make any sense to anyone that can translate?


Can you show us the configuration you have done so far (screenshots if possible)? Also include the switch maker, model and configuration (screenshots if possible).
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Fri Mar 19, 2010 0:00    Post subject: Reply with quote
mmacnish wrote:
phuzi0n wrote:
VLAN's do work, but not all hardware fully/partially supports it. The old G spec models typically support VLAN's and a few N spec models with 100 base-T switches do to, but no gigabit switches do.

To get routing between the VLAN's, first assign your ports, save the settings, and reboot the router to make the VLAN assignment take affect. Then on the networking page make sure that you unbridge the VLAN's and assign them an IP address/subnet mask for their network segment. This will automatically add the routes to the routing table. Then you need to turn off the SPI firewall on the security page or add iptables rules to your firewall script.


Thanks but I've got a managed switch, any way to just use this for vlan routing? I've also got a server I'd like to use for dhcp and a couple vmachines I'd like to run on different vlans. So if I can get this to just route vlans I'd be all set.

Ideas?

First setup your switch with a 802.11q trunk port. Then in dd-wrt on the VLAN page check the "Tagged" box for the port you want to trunk with, and then check every VLAN that you want it to trunk. Reboot it for the VLAN's to take affect, and then either do as I said above about assigning each VLAN and IP to automatically create the routes, or add static routes.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
blanchae
DD-WRT Novice


Joined: 16 Apr 2010
Posts: 1

PostPosted: Fri Apr 16, 2010 16:12    Post subject: WRT54G Architecture Reply with quote
mmacnish wrote:
I'm sorry maybe I'm stupid but the tutorial
http://www.dd-wrt.com/wiki/index.php/Default_Configuration_Overview
Is like Chinese to me. Does this make any sense to anyone that can translate?


Basically you have 3 devices: a router, a 6 port switch and a wireless port - see attached diagram.

The switch's ports are divided into port 0-3 (physical LAN ports are numbered differently) for the local LAN and Port 4 for the WAN. The switch's port 5 is connected to the router's eth0 port. Port 0 to 5 add up to 6 ports.

To separate the WAN traffic from the LAN traffic, the switch is divided into virtual LANs called VLANs. VLAN0 is LAN traffic (ports 0-3) and VLAN1 is WAN traffic (port 4). Each VLAN "appears" to be a totally separate switch - that's where the virtual part comes from.

NOTE: I've labelled the tagged VLANs as eth0.0 and eth0.1 on the following diagram which is a standard way of representing VLANs as subinterfaces on eth0 in routing BUT this is not the way that dd-wrt documentation represents them. The eth0.0 represents VLAN 0 and the eth0.1 represents VLAN 1

The connection between the switch (port 5) and the router (eth0) is called a trunk. A trunk is a connection that allows multiple VLAN traffic to pass through. In order for the trunk to identify which VLAN the data belongs to, the data frame is tagged with the VLAN number. This way when frame comes out an interface, it knows which VLAN it belongs to. Tagging only exists on the trunk.

What happens to trunk traffic that is not assigned (tagged) to a VLAN? By default it is assigned to VLAN0 (called the native VLAN or default ).

Traffic between the two VLANs is controlled by the router using iptable and ip route commands. So all data going to and from the LAN to the WAN port passes through the router.

Lastly, the wireless port eth1 (because it is not part of the switch) is bridged (using br0) to VLAN0 and is treated the same as any other port of the switch.

Now the fun part is that you are able to reconfigure and reassign any port to any VLAN and then apply new rules in the router to do the most amazing things!

One last point is that some versions of the hardware have the ports numbered differently. So in the original reference, you see [] brackets to add to the confusion ot reference the other versions of hardware.



wrt54G-Generic_internal_architecture.JPG
 Description:
Simplified wrt54g block diagram.
 Filesize:  52.99 KB
 Viewed:  77939 Time(s)

wrt54G-Generic_internal_architecture.JPG


nima2019
DD-WRT Novice


Joined: 13 Apr 2019
Posts: 16

PostPosted: Fri May 17, 2019 23:39    Post subject: Re: WRT54G Architecture Reply with quote
blanchae wrote:
mmacnish wrote:
I'm sorry maybe I'm stupid but the tutorial
http://www.dd-wrt.com/wiki/index.php/Default_Configuration_Overview
Is like Chinese to me. Does this make any sense to anyone that can translate?


Basically you have 3 devices: a router, a 6 port switch and a wireless port - see attached diagram.

The switch's ports are divided into port 0-3 (physical LAN ports are numbered differently) for the local LAN and Port 4 for the WAN. The switch's port 5 is connected to the router's eth0 port. Port 0 to 5 add up to 6 ports.

To separate the WAN traffic from the LAN traffic, the switch is divided into virtual LANs called VLANs. VLAN0 is LAN traffic (ports 0-3) and VLAN1 is WAN traffic (port 4). Each VLAN "appears" to be a totally separate switch - that's where the virtual part comes from.

NOTE: I've labelled the tagged VLANs as eth0.0 and eth0.1 on the following diagram which is a standard way of representing VLANs as subinterfaces on eth0 in routing BUT this is not the way that dd-wrt documentation represents them. The eth0.0 represents VLAN 0 and the eth0.1 represents VLAN 1

The connection between the switch (port 5) and the router (eth0) is called a trunk. A trunk is a connection that allows multiple VLAN traffic to pass through. In order for the trunk to identify which VLAN the data belongs to, the data frame is tagged with the VLAN number. This way when frame comes out an interface, it knows which VLAN it belongs to. Tagging only exists on the trunk.

What happens to trunk traffic that is not assigned (tagged) to a VLAN? By default it is assigned to VLAN0 (called the native VLAN or default ).

Traffic between the two VLANs is controlled by the router using iptable and ip route commands. So all data going to and from the LAN to the WAN port passes through the router.

Lastly, the wireless port eth1 (because it is not part of the switch) is bridged (using br0) to VLAN0 and is treated the same as any other port of the switch.

Now the fun part is that you are able to reconfigure and reassign any port to any VLAN and then apply new rules in the router to do the most amazing things!

One last point is that some versions of the hardware have the ports numbered differently. So in the original reference, you see [] brackets to add to the confusion ot reference the other versions of hardware.


This was such a helpful post in understanding the basics. Thank you
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1446
Location: Appalachian mountains, USA

PostPosted: Sat May 18, 2019 18:26    Post subject: Reply with quote
The original post in this thread doesn't appear to say which router model is under discussion. VLAN support is very router dependent. For example, the statement that the switches in the fast routers do not support VLAN trunking is clearly incorrect as a general statement. Depends on the router.

If you happen to be on a newer Linksys router, have a look at the posts by TheDude1864 in the thread at https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317199. (In my display they start at the bottom of the second page.) In addition to splitting up the router LAN ports into VLANs, he did some fancy things with tagging and trunking. All very specific to Linksys routers with Marvell processors though.

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum