How to VLAN tag WAN traffic for ISP on WRT1900AC v1 - SOLVED

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Author Message
hoegge
DD-WRT Novice


Joined: 26 Mar 2020
Posts: 24

PostPosted: Thu May 14, 2020 19:04    Post subject: How to VLAN tag WAN traffic for ISP on WRT1900AC v1 - SOLVED Reply with quote
Update 10.23.23: This information is retained for legacy vestigial purposes. Refer to the following regarding 802.1q VLAN Tagging on WAN -kp69

VLAN configuration via GUI- 2 CPU ports (all Marvel routers)

Edit 2020-05-17: Changed from question to solution.

I "just" wanted to send my WAN traffic tagged with VLAN 101 required by my fiber net ISP.

I have spent days and days trying to get this to work and traversing the forums and wiki pages and finally it does, so thought I would share how and my learnings. I had no command line experience with routers and switches before.

Running V3.0-r43136 on WRT1900AC (first version v1).

Very first learning:
Work on this over WiFi connection to router. This keeps you connected, when you start messing up your switch settings, since WiFi ath0 and ath0 connects via the bridge br0 to the CPU and are not on the switch.

First learning:

The ports and interface names are different on WRT1900AC-v1, WRT1900AC-v2 and WRT3200ACM. So you need to know which router you have before you start. The command:
Code:
swconfig dev switch0

will reveal the organization to you but only when you have learned how to read the bit masks. The essens of the output of that command is:

Code:
Port   Name   Mask   Port mask bit
0   LAN4   2e ‭0101110   0000001 1
1   LAN3   2d ‭0101101‬    0000010 2
2   LAN2   ‭2b 0101011‬    0000100 3
3   LAN1   ‭27 0011011   0001000 4
4   WAN   ‭40 1000000‬   0010000 5
5   CPU for LAN (eth1)   0f 000‭1111‬    0100000 6
6   CPU for WAN (eth0)   10 ‭0010000‬   1000000 7


The WRT1900AC v1 is arranged like this:

Code:
0: LAN4 port
1: LAN3 port
2: LAN2 port
3: LAN1 port
4: WAN port
5: CPU LAN port eth0
6: CPU WAN port eth1


and the v2 and WRT3200ACM like this (from reading the forums - but I cannot check since I don't have them):

Code:
0: LAN4 port
1: LAN3 port
2: LAN2 port
3: LAN1 port
4: WAN port
5: CPU WAN port
6: CPU LAN port


I'm not sure what the WAN and LAN ports are called interface wise on those (eth0 and eth1).

I have drawn two diagrams showing the internal connections of the router (default settings and vlan tagged wan) here: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324848


Second learning:

In contrast to several other routers, these do not use VLAN out of the box since there are two connections from the CPU / MCU to the switch (port 5 and port 6). So the LAN CPU port (5) is connected to the 4 LAN ports (0-3) and the WAN CPU port (6) is connected to the WAN port (4).

But to tag the WAN traffic to the ISP with (in my case the 101) vlan tag, you have to create a VLAN on the switch and when you enable vlan the switch connections decided by the bit masks stop working.

So to make it work you make one vlan connecting the 4 lan ports and the CPU (eth0) and one vlan connecting the CPU to the WAN port and you then tag (only) the traffic going in and out of the WAN port. Below you can see how. The commands can be entered in the router command line logging in with ssh, so you can check and see how it works or if you just want to do it and have not command line experience, then paste them into the dd-wrt GUI under Administration ->Commands. Enter them in the Commands field and click "Run commands" to execute AND "Save Startup" to make sure they run every time the router reboots. Ok - so here is how it works and my understanding of the commands.

Code:
swconfig dev switch0 set reset 1


simply resets the switch setting to start fresh

Code:
swconfig dev switch0 set enable_vlan 1


this enables vlan on the swithc

Code:
swconfig dev switch0 vlan 1 set ports "5 0 1 2 3"

this creates a vlan with number 1 and adds the ports 5 0 1 2 3 to this vlan, i.e. all the LAN ports and the CPU port for the LAN.

Code:
swconfig dev switch0 vlan 2 set ports "6 4t"

creates another vlan 2, with the CPU WAN port connected to the WAN (internet) port with a "t" so that traffic going in and out here is tagged with the vlan id

Code:
swconfig dev switch0 vlan 2 set vid 101

this sets the vlan id of vlan 2 to 101 (which is the vlan ID my ISP wants - yours is probably different)

Code:
swconfig dev switch0 set apply


and applies the new settings to the switch

This is actually all that is needed. If you have logged on to the switch you can see traffic will start on the WAN internface now the router and ISP talks on the samme "channel" (vlan). E.g. use

Code:
watch ifconfig


which will show interfaces and traffic

If you are logged in you can check connectivity by pinging a well-known host as

Code:
ping 8.8.8.8


and you can also ping devices on your LAN / WiFi

So the whole script is:

Code:

swconfig dev switch0 set reset 1
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "5 0 1 2 3"
swconfig dev switch0 vlan 2 set ports "6 4t"
swconfig dev switch0 vlan 2 set vid 101
swconfig dev switch0 set apply



Third learning

Several have described how to use the vconfig and ifconfig and brctl commands to add vlan as interfaces and adding them to the bridge (br0 that connects the wifi devices and lan ports to the same network), but that is not relevant in this case. The vlans are connected to the eth0 and eth1 ports respectively by the settings above and therefore all the routing, dhcp and so should work exactly as before.
Since my router did not work right away until I rebooted both my router and PC, I thought I had overlooked something, but I think it was simply a network switch between my router and PC that gave me problems. I could ping both internet and local PC from within the router, but I could not get to the internet from my PC. Now it works just fine.

I hope this can help people with the WRT1900AC v1 and maybe others and save them all the hours I spent

/Hoegge


Last edited by hoegge on Thu Jul 09, 2020 7:31; edited 4 times in total
Sponsor
hoegge
DD-WRT Novice


Joined: 26 Mar 2020
Posts: 24

PostPosted: Fri May 15, 2020 9:37    Post subject: Reply with quote
So the ports for v1 of wrt1900ac are different. They look like this:
0: LAN4 port
1: LAN3 port
2: LAN2 port
3: LAN1 port
4: WAN port
5: CPU LAN port eth0
6: CPU WAN port eth1

So got get tagged (101) packets on WAN I would think this should work:
Code:
swconfig dev switch0 set reset 1
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "5 0 1 2 3"
swconfig dev switch0 vlan 2 set ports "6 4t"
swconfig dev switch0 vlan 2 set vid 101
swconfig dev switch0 set apply


and it almost does, I now have traffic to and from the internet from the router (got IP via DHCP) and I can ping 8.8.8.8 from the browser shell. There is no contact from LAN to WAN though, but there is contact from LAN to the router (SSH and web UI). So apparently no routing from LAN to WAN and opposite.

What am I missing?

best
Hoegge
TheDude1864
DD-WRT Novice


Joined: 26 Jan 2012
Posts: 6

PostPosted: Sat May 16, 2020 1:04    Post subject: Reply with quote
Your LAN and wan ports are switched. Eth0 should be your wan and eth1 should be your LAN. For the normal routing to work it has to be that way.

So switch the 5 and 6 in your port config and you should be good to go.
hoegge
DD-WRT Novice


Joined: 26 Mar 2020
Posts: 24

PostPosted: Sat May 16, 2020 9:13    Post subject: Reply with quote
Hi

Why do you think that? It does not match the bitmask in the default setup. What do you base that on?


Best
/hoegge
TheDude1864
DD-WRT Novice


Joined: 26 Jan 2012
Posts: 6

PostPosted: Tue May 19, 2020 23:33    Post subject: Reply with quote
I’m basing that off nothing else except experience with these routers. As you said in your original comment, you may have a different version, but I have never seen any of these routers where the first cpu port is not eth0 and the second is eth1.

So switch port 5 is eth0 and switch port 6 is eth1.

Check your web GUI under Setup > Networking. Under port setup, if eth0 is selected as the WAN, then I would try the change I posted. If eth1 is selected, then you have a different issue.
Display posts from previous:    Page 1 of 1
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum