Posted: Tue Oct 29, 2019 0:13 Post subject: Help with VLAN Tagging
Sorry, I'm a newb with all of this and I'm just trying to make sure my fundamental understanding is correct or I'm going about this all the wrong way.
What I want to do is take my AP (TP-LINK EAP225v3) and connect it to my Buffalo WZR-300HP (atheros based ddwrt router; version v3.0-r30356 std (11/30/17) if it helps), then add a guest network SSID on the TP-Link and tell the Buffalo router that the guest SSID belongs to a different subnet.
It seems like I can accomplish this by using 802.1Q VLAN tagging which both devices support. My AP is connected to the router via an ethernet cable on one of the LAN ports.
My understanding is that if I tell the TP-LINK AP that it belongs to VLAN ID 22 (which I have done) it will tell my Buffalo router (via packet headers) that the traffic belongs to VLAN 22. So, what I've done (starting from default settings using the GUI) is created a new VLAN tag (22) off of "vlan1" and out comes a new interface: "vlan1.22". As far as I understand, "vlan1" is the virtual interface for the ethernet ports.
I then created a bridge "br1". It has the following properties: IP Address: 192.168.22.1 Subnet mask: 255.255.255.0
I then assigned the bridge "br1" to "vlan1.22". I also created a new DHCP server to "br1".
I kinda feel like that's all I need to do here, but connecting to the guest SSID assigns me no IP address and I can't ping either 192.168.22.1 or 192.168.11.1 when assigning an address manually. Am I missing something fundamental here? What would be the procedure to diagnose?
Hi Per Yngve Berg, appreciate the assist. I figured it'd be best to show some screen shots to show what I've got. I've attached them to the post but also hosted them on imgur should the attachment feature not work.
I assigned vlan1 to bridge br1, but I am connecting the AP to the router via an ethernet cable. I assumed (perhaps incorrectly) that if I tag my traffic with vlan Id 22 that any traffic tagged that way would be re-routed to br1. As I understand it, I can't with an Atheros based router do port based VLANs and I have to mark the whole interface (vlan1 being the ethernet ports) as vlan 22 capable.
Again, I'm a bit outside my depth here so I'm not sure if what I'm trying to do is the way this is intended to work.
Thanks. Here's the output (minus mac addresses). Sorry, I did forget to mention that I disabled the wireless radio. I wanted to upgrade the radio while keeping ddwrt on the router (the route itself is great, the radio can be hit or miss with some devices). That's why I purchased the TPLINK wireless AP anyway.
Quote:
root@DD-WRT:~# swconfig dev switch0 show
Global attributes:
enable_vlan: 1
enable_mirror_rx: 0
enable_mirror_tx: 0
mirror_monitor_port: 0
mirror_source_port: 0
arl_table: address resolution table
Port 0: MAC xxxxx
Port 1: MAC yyyyy
Port 4: MAC zzzzz
Joined: 13 Aug 2013 Posts: 6872 Location: Romerike, Norway
Posted: Sat Nov 02, 2019 20:03 Post subject:
swconfig dev switch0 vlan 1 set ports "0t 1t 3 4 5"
swconfig dev switch0 vlan 3 set ports "0t 1t"
swconfig dev switch0 vlan 3 set vid 22
swconfig dev switch0 set apply
Both VLAN 1 and VLAN3 with tag 22 will be tagged on port 1. Put in Command and save as Statup.