Edit 2020-05-17: Changed from question to solution.
I "just" wanted to send my WAN traffic tagged with VLAN 101 required by my fiber net ISP.
I have spent days and days trying to get this to work and traversing the forums and wiki pages and finally it does, so thought I would share how and my learnings. I had no command line experience with routers and switches before.
Running V3.0-r43136 on WRT1900AC (first version v1).
Very first learning:
Work on this over WiFi connection to router. This keeps you connected, when you start messing up your switch settings, since WiFi ath0 and ath0 connects via the bridge br0 to the CPU and are not on the switch.
First learning:
The ports and interface names are different on WRT1900AC-v1, WRT1900AC-v2 and WRT3200ACM. So you need to know which router you have before you start. The command:
Code:
swconfig dev switch0
will reveal the organization to you but only when you have learned how to read the bit masks. The essens of the output of that command is:
Code:
Port Name Mask Port mask bit
0 LAN4 2e 0101110 0000001 1
1 LAN3 2d 0101101 0000010 2
2 LAN2 2b 0101011 0000100 3
3 LAN1 27 0011011 0001000 4
4 WAN 40 1000000 0010000 5
5 CPU for LAN (eth1) 0f 0001111 0100000 6
6 CPU for WAN (eth0) 10 0010000 1000000 7
The WRT1900AC v1 is arranged like this:
Code:
0: LAN4 port
1: LAN3 port
2: LAN2 port
3: LAN1 port
4: WAN port
5: CPU LAN port eth0
6: CPU WAN port eth1
and the v2 and WRT3200ACM like this (from reading the forums - but I cannot check since I don't have them):
Code:
0: LAN4 port
1: LAN3 port
2: LAN2 port
3: LAN1 port
4: WAN port
5: CPU WAN port
6: CPU LAN port
I'm not sure what the WAN and LAN ports are called interface wise on those (eth0 and eth1).
In contrast to several other routers, these do not use VLAN out of the box since there are two connections from the CPU / MCU to the switch (port 5 and port 6). So the LAN CPU port (5) is connected to the 4 LAN ports (0-3) and the WAN CPU port (6) is connected to the WAN port (4).
But to tag the WAN traffic to the ISP with (in my case the 101) vlan tag, you have to create a VLAN on the switch and when you enable vlan the switch connections decided by the bit masks stop working.
So to make it work you make one vlan connecting the 4 lan ports and the CPU (eth0) and one vlan connecting the CPU to the WAN port and you then tag (only) the traffic going in and out of the WAN port. Below you can see how. The commands can be entered in the router command line logging in with ssh, so you can check and see how it works or if you just want to do it and have not command line experience, then paste them into the dd-wrt GUI under Administration ->Commands. Enter them in the Commands field and click "Run commands" to execute AND "Save Startup" to make sure they run every time the router reboots. Ok - so here is how it works and my understanding of the commands.
Code:
swconfig dev switch0 set reset 1
simply resets the switch setting to start fresh
Code:
swconfig dev switch0 set enable_vlan 1
this enables vlan on the swithc
Code:
swconfig dev switch0 vlan 1 set ports "5 0 1 2 3"
this creates a vlan with number 1 and adds the ports 5 0 1 2 3 to this vlan, i.e. all the LAN ports and the CPU port for the LAN.
Code:
swconfig dev switch0 vlan 2 set ports "6 4t"
creates another vlan 2, with the CPU WAN port connected to the WAN (internet) port with a "t" so that traffic going in and out here is tagged with the vlan id
Code:
swconfig dev switch0 vlan 2 set vid 101
this sets the vlan id of vlan 2 to 101 (which is the vlan ID my ISP wants - yours is probably different)
Code:
swconfig dev switch0 set apply
and applies the new settings to the switch
This is actually all that is needed. If you have logged on to the switch you can see traffic will start on the WAN internface now the router and ISP talks on the samme "channel" (vlan). E.g. use
Code:
watch ifconfig
which will show interfaces and traffic
If you are logged in you can check connectivity by pinging a well-known host as
Code:
ping 8.8.8.8
and you can also ping devices on your LAN / WiFi
So the whole script is:
Code:
swconfig dev switch0 set reset 1
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "5 0 1 2 3"
swconfig dev switch0 vlan 2 set ports "6 4t"
swconfig dev switch0 vlan 2 set vid 101
swconfig dev switch0 set apply
Third learning
Several have described how to use the vconfig and ifconfig and brctl commands to add vlan as interfaces and adding them to the bridge (br0 that connects the wifi devices and lan ports to the same network), but that is not relevant in this case. The vlans are connected to the eth0 and eth1 ports respectively by the settings above and therefore all the routing, dhcp and so should work exactly as before.
Since my router did not work right away until I rebooted both my router and PC, I thought I had overlooked something, but I think it was simply a network switch between my router and PC that gave me problems. I could ping both internet and local PC from within the router, but I could not get to the internet from my PC. Now it works just fine.
I hope this can help people with the WRT1900AC v1 and maybe others and save them all the hours I spent
/Hoegge
Last edited by hoegge on Thu Jul 09, 2020 7:31; edited 4 times in total
So the ports for v1 of wrt1900ac are different. They look like this:
0: LAN4 port
1: LAN3 port
2: LAN2 port
3: LAN1 port
4: WAN port
5: CPU LAN port eth0
6: CPU WAN port eth1
So got get tagged (101) packets on WAN I would think this should work:
Code:
swconfig dev switch0 set reset 1
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "5 0 1 2 3"
swconfig dev switch0 vlan 2 set ports "6 4t"
swconfig dev switch0 vlan 2 set vid 101
swconfig dev switch0 set apply
and it almost does, I now have traffic to and from the internet from the router (got IP via DHCP) and I can ping 8.8.8.8 from the browser shell. There is no contact from LAN to WAN though, but there is contact from LAN to the router (SSH and web UI). So apparently no routing from LAN to WAN and opposite.
I’m basing that off nothing else except experience with these routers. As you said in your original comment, you may have a different version, but I have never seen any of these routers where the first cpu port is not eth0 and the second is eth1.
So switch port 5 is eth0 and switch port 6 is eth1.
Check your web GUI under Setup > Networking. Under port setup, if eth0 is selected as the WAN, then I would try the change I posted. If eth1 is selected, then you have a different issue.