Need help setting up ddwrt access point as vlan

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
ddwrtvlan
DD-WRT Novice


Joined: 05 Oct 2020
Posts: 11

PostPosted: Tue Oct 06, 2020 17:56    Post subject: Need help setting up ddwrt access point as vlan Reply with quote
From here on here.
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1218776
- Goals for ddwrt access point here.

With an original post starting over here.
https://www.reddit.com/r/PFSENSE/comments/ixvcyi/need_advice_setting_up_vlan_week_5_and_beyond/
- Includes pics of the pfsense set up.
- And more details about the whole set up.


Yes, the second access point I'm focusing on is a Broadcom chipset. So I'm here now.

I've a pfsense box (handles dhcp and firewall). That has a managed switch attached. I got the managed switch to work with a client to put that client test laptop, wired in, on vlan 33/.3. That works wired in. The next step is to add a second ddwrt access point. The first access point is being left alone for now.


I tried just plugging the second ddwrt access point into the managed switch on port 3. Port 3 is currently untagged/access. That worked for a client test laptop. Via wifi, I could only connect to the second ddwrt access point, no internet and no .3 or any ip address. It gave itself a 169 ip address. Wired into the second ddwrt access point, I got nothing from that. Setting a static ip address on .3 on the test laptop, wired in... That connected but there was no internet.

Anyone want to help with this? I think this is week 6 or 7 or working on this.

If I have the managed switch port 3 set as untagged/access on vlan 33/.3, and that works with a client test laptop wired in on that port 3, should the second ddwrt access point just work by running Ethernet from the ddwrt access point WAN out to port 3 on the managed switch? I'm guessing not since the managed switch and ddwrt access point are network devices... Meaning they need a trunk port on each side, correct? If I trunk/tag the managed switch port 3 for vlan 3, then that needs it's matching tagged port on the ddwrt access point. So how do I set the ddwrt access point with a tagged/trunk port? From what I experimented with before, I have to add a bridge on the wifi SSID, assign that bridge to a vlan...? or assign that bridge to a physical port on the ddwrt access point, and then enable mutliple dhcp. I probably will also need to set a startup script to configure things more since I think the gui is limited. And that would be the equivalent of making a trunk/tagged port on the second ddwrt access point.... I hope. Apparently you can't just tag/trunk a port on a ddwrt device?
Sponsor
ddwrtvlan
DD-WRT Novice


Joined: 05 Oct 2020
Posts: 11

PostPosted: Tue Oct 06, 2020 18:08    Post subject: Reply with quote
And if I wanted the client test laptop to be wired into the second ddwrt access point, then I think I'd have to configure that port or something on the ddwrt access point to bridge, etc., just like the wifi SSID. Otherwise it's only going to be wifi for getting what I want. Guest wifi is the goal, but being able to wire in would be nice too, although not necessary.

I do see set up -- networking -- VLAN tagging as an optio n there. Maybe there's an easier way to get the ports trunked.

Or do I need to put a tagged/trunked port on too....? And then connect with the SSID bridge so wifi uses that trunked port....?
ddwrtvlan
DD-WRT Novice


Joined: 05 Oct 2020
Posts: 11

PostPosted: Tue Oct 06, 2020 18:15    Post subject: Reply with quote
Quick test... failed. I tried on the managed switch, setting port 3 (that the second ddwrt access point is wired into) from untagged to tagged for vlan 33. Then on the second ddwrt access point, set up -- networking -- VLAN tagging -- I set VLAN 0 Interface to br0 tag number 33 (from 0 before). The test laptop wired in, on dynamic dhcp, did an ipconfig /release /renew.... Nothing. No ip. I was hoping that might tag/trunk the switch and ddwrt access point and wired would work that easily. Nope.
ddwrtvlan
DD-WRT Novice


Joined: 05 Oct 2020
Posts: 11

PostPosted: Tue Oct 06, 2020 18:18    Post subject: Reply with quote
Second quick test... also failed. Same thing, but with wifi. Managed switch port 3 set to tagged/trunked. ddwrt access point setup -- networking -- vlan tagging still on vlan 0 interface br0 tag number 33. Connected the test laptop to the ddwrt access point wifi. Nothing. 169 ip address again.
ddwrtvlan
DD-WRT Novice


Joined: 05 Oct 2020
Posts: 11

PostPosted: Tue Oct 06, 2020 18:44    Post subject: Reply with quote
And I broke it. Rolling Eyes I added the bridge. This model of hardware doesn't appear to be able to do vlans on the SSID page I noticed too. I assigned the bridge to br0 or br0.0 I think. That looked as close to wl0 from the SSID page as I could find. Lower on that network page it did let me set an ip address. Maybe I was missing seeing that on the first ddwrt access point for the .2 vlan, but I can check on that later. At the bottom of the page I clicked to enable multi dhcp. It was that or hitting apply settings and I lost the page. Maybe the box was restarting? I waited five minutes. Nothing. Pulled the power plug. Still nothing. No pings on 3.1 or 3.2. No webpage then. The wifi SSID is still there, so I tried connected to that. That does connect, but gets 169/no internet. Still nothing, even with closing and reopening the browser. I guess I'm resetting the second ddwrt access point.....
ddwrtvlan
DD-WRT Novice


Joined: 05 Oct 2020
Posts: 11

PostPosted: Tue Oct 06, 2020 19:11    Post subject: Reply with quote
Got it back with a 30-30-30 reset. It does have a vlan option under the SSID. I must have looked at the wrong page before. But I won't need that. Anything that connects to its main SSID should go on vlan 33/.3.

I wonder what I just did with enabling multi dhcp on it that blocked me out....

There's vlan tagging. I'm not sure if I'll need that.

Otherwise, create a bridge.
Assign bridge to an interface. Not sure which interface. It would be the main one though, main one for wifi I guess.
Then under the port set up there is an option for an ip address and subnet mask. I'm not sure my first ddwrt access point for .2 had that.
Then enable mutliple dhcp server.
And then probably something with the startup script to configure ports beyond what the gui can do.
ddwrtvlan
DD-WRT Novice


Joined: 05 Oct 2020
Posts: 11

PostPosted: Tue Oct 06, 2020 19:17    Post subject: Reply with quote
And back where I started. At least this made sense. Since I had the second ddwrt access point disconnected, I plugged the client test laptop in via Ethernet on port 3 of the managed switch. Port 3 was still set as vlan 33 but tagged. No connection there. So I set port 3 back to untagged again. And the client test laptop wired into port 3 has an ip address and internet again. So I'm back where I started, but at least I've got something working with it wired in.
ddwrtvlan
DD-WRT Novice


Joined: 05 Oct 2020
Posts: 11

PostPosted: Thu Oct 08, 2020 16:28    Post subject: Reply with quote
Next step is checking the managed switch settings more. If port 3 is set to vlan 33 and is untagged/access, and if a client test laptop does get a vlan33 .3 ip address, why doesn't anything on a nearly default access point set also get vlan 33 .3 when the access is wired into port 3? The access point should be sending untagged traffic. Unless it does tag it as LAN somehow by default...

If I have to set the access point for vlan 33 for wired or wireless, then the managed switch port 3 will also need to be tagged/trunked.
ddwrtvlan
DD-WRT Novice


Joined: 05 Oct 2020
Posts: 11

PostPosted: Thu Oct 08, 2020 19:02    Post subject: Reply with quote
Wow. It's actually working. I was browsing the ddwrt access point settings. I was under set up -- switch config. It looks like there's something for assigning vlans to ports.

For this vlan 33 .3 second ddwrt access point, that page had this for the chart.

VLAN W 1 2 3 4 Assigned to bridge
0 blank X X X X None ? Or was it LAN?
1 X LAN

I wasn't sure if the physical port labels matched was ddwrt uses so I switched all the... Actually I was off. I thought the VLAN column on the left was ports, but it's vlans. What I did at first was assign VLAN1, 2, 3, 4, 5 to LAN instead of None for the "Assigned to bridge" option. I lost my wired connection on the static 3.100 laptop, unplugged the ddwrt access point and plugged it back in. Still nothing wired. Then I remember I didn't change anything for wifi, so I was able to connect again on wifi and get back to the 3.2 config page. I set VLAN 1, 2, 3, 4, 5 back to what they where, which is just 1 being LAN.

Then I figured out the ports are on the top row, so made it this.

VLAN W 1 2 3 4 Assigned to bridge
0 blank for all None
1 X X X X X LAN

Because this looks like it would using LAN for all the ports. I'm blanking on what it was before now. I know the wired laptop still couldn't get to 3.2, but after I made this change and went on wifi, I was able to get on 3.2. I know the port was working. If I really wanted, I could 30-30-30 reset the second access point and know for sure.

For comparison, my first ddwrt access point (not the one I'm working with here) has ports 1, 2, 3, 4 assigned to LAN on the VLAN 1 line. The VLNA 2 line has W port set to LAN with the W port on VLAN 1 blank.


But it's working. This would be the easier way with port 3 on the managed switch set to vlan 3 untagged/access. The ddwrt access point has all ports (W,1,2,3,4) set to LAN, which could mean default/native/untagged, so what the access point thinks is sending unmarked on LAN is going into the managed switch port 3. Maybe this was a glitch with ddwrt being applied on the access point then, especially with VLAN 0 being one way on the first access point and different on the second access point, two different hardware models.


I think I'll leave it like this for today. I can copy config settings on the managed switch and second access point. This is the goal -- I have a wireless guest laptop on its own vlan, separated from the main computers on .1. At some point I would like to have the first access point use the original vlan 30 (not 33) on .2 (not .3). For the amount of effort this has taken though, there's not a lot of motivation to dive into this again. I do have a little home lab network thing here though. As long as I have the settings that worked, I could always experiment and revert back to what happened to work here.
ddwrtvlan
DD-WRT Novice


Joined: 05 Oct 2020
Posts: 11

PostPosted: Thu Oct 08, 2020 19:27    Post subject: Reply with quote
Just checked. This took six weeks and four days, working mainly on business days, with a couple weeks off after I attacked it for a few weeks at work but didn't get anywhere.
Krzat
DD-WRT Novice


Joined: 11 Oct 2020
Posts: 9

PostPosted: Sun Oct 11, 2020 19:35    Post subject: Reply with quote
Hi,

Here is my setup:
https://www.dropbox.com/sh/r2eg0jn1foy74g1/AAAgdCW9ItZvWzJS-VBjEVC2a?dl=0

If not a hardware you have got, I would say go UBIQUITI. But if you are here, you are crazy like all of us Laughing. Hope it help.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum