Posted: Sat Apr 10, 2021 13:03 Post subject: WRT3200ACM - VLAN has no internet connection [SOLVED]
Hi,
I'm pretty sure I'm missing something very obvious, but for some reason I'm not able to access any public website from my newly created vlan.
I followed the excellent guide of SurprisedItWorks https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317199 to get up and running with vlans. The goal was to create a separated vlan for my homelab, to isolate it from my main day-to-day network.
As of now my main vlan (vlan1) is working as expected, and the vlan for my homelab (vlan30) is providing ip addresses as expected via dhcp, but no access to the internet.
I'm on DD-WRT v3.0-r45735 on the said router.
My startup config looks as follows:
Code:
#split switch to tagged vlan and create separate vlan
swconfig dev switch0 set reset 1
swconfig dev switch0 set enable_vlan 1
#set WAN to vlan10, as we are sending untagged we can use eth0
swconfig dev switch0 vlan 10 set ports "4 5"
swconfig dev switch0 vlan 1 set ports "0 1 2t 3 6"
swconfig dev switch0 vlan 30 set ports "2t 0 6t"
swconfig dev switch0 set apply
Joined: 04 Aug 2018 Posts: 1446 Location: Appalachian mountains, USA
Posted: Sun Apr 11, 2021 19:28 Post subject:
In GUI>Setup>Networking in the br1 section, is "Masquerade / NAT" enabled? You won't get internet without it. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Joined: 04 Aug 2018 Posts: 1446 Location: Appalachian mountains, USA
Posted: Mon Apr 12, 2021 0:31 Post subject:
So what's the deal with LAN port 2? You seem to be trying to assign it to two VLANs, and your big listing of port status from swconfig shows pid -- primary VID -- of zero. Notice that other ports have pids corresponding to the VLANs they are in. This suggests to me that your port 2 might not actually be in any VLAN.
Please understand though that I am not an expert here. I really haven't paid attention to VLANs in about 2 1/2 years, and my brain isn't sticky enough to remember much from back then! Maybe someone whose experience is more recent or deeper will jump in. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
As the saying goes ... in the land of the blind, the one-eyed man is king
Port 2 is used as trunk port, that carries both VLAN1 and VLAN30 to a managed switch. To rule out the switch as source of problem, I added Port 0 on the router to VLAN30, to be able to test things first directly on the router.
Nevertheless, based on my observations (VLAN1 seems to work fine behind the switch and I get the correct ip address on the port of the switch that is assigned to VLAN30) I would guess, that this seems to work. I observed the missing internet connection both on the switch and directly on the router.
Apart from that ... do you think I'm missing something for a properly configured trunk port?
Joined: 04 Aug 2018 Posts: 1446 Location: Appalachian mountains, USA
Posted: Mon Apr 12, 2021 13:56 Post subject:
Port 0 appears to be in two VLANs also, but without either instance tagged.
(Good thing I'm happy to show my ignorance.) _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Really ... stupid me ... fixed it and you know what ... internet works . Interesting conclusion is that despite the misconfiguration dhcp worked fine, but just the internet access for the second VLAN was broken ... doesn't feel very consistent for me ...
Nevertheless thx for borrowing your one eye! As I expected ... something stupid simple right in front of my eyes ...
Joined: 04 Aug 2018 Posts: 1446 Location: Appalachian mountains, USA
Posted: Mon Apr 12, 2021 17:05 Post subject:
People typically edit the original post to put [Solved] at the beginning of the subject line.
The one eye is curious... was it anything in what you posted? Can we learn something about what not to do from your experience?
(And of course anyone who's coded or configured anything knows all about making dumb errors. We all do it.) _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Joined: 08 May 2018 Posts: 14129 Location: Texas, USA
Posted: Mon Apr 12, 2021 17:32 Post subject:
I already edited the OP so the [SOLVED] would fit properly. That is covered in the forum rules and guidelines, as to how to mark topics and why you should. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Well ... in the end it looks like the misconfiguration with port0 (having it untagged in 2 VLANs) caused the problem. But I don't understand exactly why VLAN1 was working properly and just VLAN30 had problems. So I fear that apart from don't do wrong configurations as they are not working there is not so much to learn.
@kernel-panic69 ... thx for pointing that out and editing!
Joined: 04 Aug 2018 Posts: 1446 Location: Appalachian mountains, USA
Posted: Mon Apr 12, 2021 18:19 Post subject:
5t0ne wrote:
Well ... in the end it looks like the misconfiguration with port0 (having it untagged in 2 VLANs) caused the problem. But I don't understand exactly why VLAN1 was working properly and just VLAN30 had problems. So I fear that apart from don't do wrong configurations as they are not working there is not so much to learn.
@kernel-panic69 ... thx for pointing that out and editing!
Thanks. Maybe for someone just figuring it all out will reinforce that a port number can appear in only one VLAN untagged! _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.