Posted: Fri May 15, 2020 7:30 Post subject: VLAN configuration Linksys WRT3200ACM r43099 [SOLVED]
I need your help guy, I have a Linksys WRT3200ACM router running : DD-WRT v3.0-r43099 configured as a Gateway and it is hosting my satellite internet, I need to share my internet via Lan port number 4 to my neighbor to enable him to use the internet but without giving him access to my local network and NAS. Please help.does this do:
#switch config
swconfig dev switch0 set reset 1
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "6t 0t 1 2 3"
swconfig dev switch0 vlan 2 set ports "6t 0t 5 4"
swconfig dev switch0 vlan 3 set ports "6t 0t"
swconfig dev switch0 vlan 4 set ports "6t 0t"
swconfig dev switch0 set apply
#vlan config
vconfig set_name_type VLAN_PLUS_VID_NO_PAD
vconfig add eth1 1
vconfig add eth1 2
vconfig add eth1 3
vconfig add eth2 4
ifconfig vlan1 up
ifconfig vlan2 up
ifconfig vlan3 up
ifconfig vlan4 up
#bridge config
brctl addif br0 vlan1
brctl addif br1 vlan2
brctl addif br2 vlan3
brctl addif br3 vlan4
brctl delif br0 eth1
brctl delif br0 eth0
brctl delif br1 eth0
#wan service restart
(stopservice wan;startservice wan) 2>&1 | logger -t startup[$$]
I have so many questions.... but I'll take a stab at it.
I think you have the ports confused. The ports are backwards as in eth0 is port 5 and eth1 is port 6 but 0 1 2 3 in the configuration is actually port 4 3 2 1 respectively, and port 4 is the wan port.
I'm assuming what you are trying to do is give your neighbor internet without letting them on your network. You probably want something like this:
Code:
swconfig dev switch0 set reset 1
swconfig dev switch0 set enable_vlan 1
# Your local network - eth0 br0 and wifis - untagged physical ports 1,2,3
swconfig dev switch0 vlan 1 set ports "6 1 2 3"
# Wan connection - physical wan and eth0 connection
swconfig dev switch0 vlan 2 set ports "5 4"
# Your neighbors vlan - physical port 4 connected to vlan3
swconfig dev switch0 vlan 3 set ports "6t 0”
swconfig dev switch0 set apply
eth0 will still be your wan. Vlan3 needs to be set to unbridged in the web UI to isolate it from you lan. Also, In the web UI, you need to setup br1 (dont add anything. the script will do that.) and then set up another DHCP service on br1 so your neighbor will get dhcp.
also, you will need a firewall rule added so vlan3 has internet.
This is all assuming that your ISP only assigns you 1 IP and not a block of IPs.(Which is probably true)
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Sat May 16, 2020 15:28 Post subject:
FWIW, here's what my daughter's (IT-aware young adult) WRT1900ACSv2 has had running,for over a year (builds 38159, 39144, 40009 so far) to split off port 4 to br1 for her roommate. She also puts ath1 on br1 to give the roomie wifi while keeping ath0 for herself, but there's no need to involve wifi of course. After she created a bridge br1 (GUI>Setup>Networking), gave it a subnet (same page, in Port Setup) by specifying an IP Address and Subnet Mask, and gave it a DHCP server (same page, at bottom), the code at the beginning of the Startup section in GUI>Administration>commands was then
Code:
#split the LAN on the port 6 cpu into eth1 (untagged) and vlan3 (tagged)
swconfig dev switch0 set reset 1
swconfig dev switch0 set enable_vlan 1
#vlans 1 and 2 connect eth1 and eth0 to the correct ports
swconfig dev switch0 vlan 1 set ports "6 1 2 3"
swconfig dev switch0 vlan 2 set ports "5 4"
#a new vlan 3 interface will handle the remaining port
swconfig dev switch0 vlan 3 set ports "6t 0"
swconfig dev switch0 set apply
vconfig set_name_type VLAN_PLUS_VID_NO_PAD
vconfig add eth1 3
ifconfig vlan3 up
brctl addif br1 vlan3 )
The roomie then gets vlan3. This setup was heavily influenced by TheDude1864 when it was set up, so read his notes above well. He has a clue. The long discussion of all this (in my case oriented towards a 2-port split off) is at the VLANs link in my sig. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Finally it worked but with another issue, I am not able to receive dynamic IP address from the first three ports nor wan connection, please see the code on the startup:
swconfig dev switch0 set reset 1
swconfig dev switch0 set enable_vlan 1
# Your local network - eth0 br0 and wifis - untagged physical ports 1,2,3
swconfig dev switch0 vlan 1 set ports "6t 1 2 3"
# Wan connection - physical wan and eth0 connection
swconfig dev switch0 vlan 2 set ports "5 4"
# Your neighbors vlan - physical port 4 connected to vlan3
swconfig dev switch0 vlan 3 set ports "6t 0"
swconfig dev switch0 set apply
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Mon May 18, 2020 17:32 Post subject:
LearnDev wrote:
Finally it worked but with another issue, I am not able to receive dynamic IP address from the first three ports nor wan connection, please see the code on the startup:
What I suggested above was my complete setup. No other ifconfig or brctl commands were needed (and your brctl to add vlan1 to br0 seems to not work anyway). So just to have a starting point... what happens if you delete the red bits (including the "t" in the third swconfig command) and just try a minimal approach? I initially had more there, similar to you, but TheDude1864 explained (VLANs thread in my sig) how to do without much of it and go for the simpler path I'm suggesting. It even allowed me to skip restarting the wan service! And leaving stuff out turned out to have an important side benefit: it eliminated a potential race condition that was quite troublesome.
swconfig dev switch0 set reset 1
swconfig dev switch0 set enable_vlan 1
# Your local network - eth0 br0 and wifis - untagged physical ports 1,2,3
swconfig dev switch0 vlan 1 set ports "6t 1 2 3"
# Wan connection - physical wan and eth0 connection
swconfig dev switch0 vlan 2 set ports "5 4"
# Your neighbors vlan - physical port 4 connected to vlan3
swconfig dev switch0 vlan 3 set ports "6t 0"
swconfig dev switch0 set apply
It's been so long since I've looked at any of this that to say more, I'd have to go back and study my own VLANs thread, so I'll leave that to you if you are inclined. If you do, be sure to digest TheDude1864's contributions, as they were the streamlining factor. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Finally it worked but with another issue, I am not able to receive dynamic IP address from the first three ports nor wan connection, please see the code on the startup:
What I suggested above was my complete setup. No other ifconfig or brctl commands were needed (and your brctl to add vlan1 to br0 seems to not work anyway). So just to have a starting point... what happens if you delete the red bits (including the "t" in the third swconfig command) and just try a minimal approach? I initially had more there, similar to you, but TheDude1864 explained (VLANs thread in my sig) how to do without much of it and go for the simpler path I'm suggesting. It even allowed me to skip restarting the wan service! And leaving stuff out turned out to have an important side benefit: it eliminated a potential race condition that was quite troublesome.
swconfig dev switch0 set reset 1
swconfig dev switch0 set enable_vlan 1
# Your local network - eth0 br0 and wifis - untagged physical ports 1,2,3
swconfig dev switch0 vlan 1 set ports "6t 1 2 3"
# Wan connection - physical wan and eth0 connection
swconfig dev switch0 vlan 2 set ports "5 4"
# Your neighbors vlan - physical port 4 connected to vlan3
swconfig dev switch0 vlan 3 set ports "6t 0"
swconfig dev switch0 set apply
It's been so long since I've looked at any of this that to say more, I'd have to go back and study my own VLANs thread, so I'll leave that to you if you are inclined. If you do, be sure to digest TheDude1864's contributions, as they were the streamlining factor.
I really appreciate your help (You and TheDude1864)Thank you very much, it is working perfectly now!