Help verify VLAN design please?

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
Roger W
DD-WRT Novice


Joined: 23 Apr 2014
Posts: 22

PostPosted: Tue Jun 15, 2021 0:20    Post subject: Help verify VLAN design please? Reply with quote
Device A (primary): Asus RT-AC68U, DD-WRT v3.0-r46854 std (06/03/21)
Device B (secondary): Linksys E2000, dd-wrt.v24-46854_NEWD-2_K2.6_big-nv60k

Hi, I'm trying my first VLAN project and would appreciate a review of what I'm trying to do before I continue trying to troubleshoot it.

I'm trying to create a separate Guest/IoT network (which I'm designating as VLAN 3), but I want to place an AP for it in a room that also needs access to the main network, and there's only one cable connecting that room to the wiring cabinet. So, I think I want to trunk VLANs 1 and 3 from device A, my main router, to device B, an old device that I will use as a smart switch in the guest room. Reasonable so far?

So on device A (with CPU on port 5), and trunking port 3 to the guest room, I want VLAN 1 on ports (1 2 3 4 5), and VLAN 3 on ports (3 5). Now, it would have been nice if the software port numbers matched the physical layout, but on mine, ports 3 and 4 are reversed between the physical jacks and the software definition. (THAT didn't cause some extra debugging...)

And on device B (with CPU on port 8), and trunking port 1 from the wall, I want VLAN 1 on ports (1 2 3 8) and VLAN 3 on ports (1 4 8).

The VLAN3 is assigned to br1 with WL0.1 which is a correctly configured guest wireless network.

Is my plan sound?

Next, I need to configure some ports as tagged. I am setting both VLANs on each of the trunked ports as tagged. Aside from that configuration (via nvram variables, but I'll look into migrating to swconfig), do I ALSO need to use the GUI under Setup -> Networking -> VLAN Tagging to define tag numbers for this to work?

Also, I was extra-confused by the problem I noted above where ports 3 and 4 are wired "swapped", because the Switch Config GUI shows Port 3 having a link even when the cable is unplugged - is this related to VLAN settings? You can imagine the confusion where the GUI shows a link on Port 3, there is in fact a link on the port labeled 3, but these don't correspond, and by cable was contributing to the GUI showing a link on 4.

If I could get some confirmation from someone with experience that this plan is right, then I'll ask some troubleshooting questions next.

thanks!
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Tue Jun 15, 2021 7:04    Post subject: Reply with quote
Broadcom devices on recent new firmware's, you can use the GUI to do that...instead of CLI/start up script...
if you want to do it via start up script, Broadcom is using swconfig now...same as Atheros...
Personally i use similar set up with isolated devices on a VLAN related to one of the router switch ports, running a separate router, so all IoT/Smart goes there...
As well, you can make a guest WiFi with isolation, but this is different...best practice is to use a Vlan related to a physical port...

i guess on the new builds swapped ports ware fixed...
but, this is not a problem, as you can just change the numbers once you find those in GUI

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14102
Location: Texas, USA

PostPosted: Tue Jun 15, 2021 15:05    Post subject: Reply with quote
Please do a hard reset (nvram erase) and verify that the port orders are wrong and post pictures of the actual cable connected to the port and webUI page. That issue should've been fixed, but you may have some old nvram variable gremlins... or, in fact, the port orders are still reversed. Need 100% undeniable proof.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Roger W
DD-WRT Novice


Joined: 23 Apr 2014
Posts: 22

PostPosted: Wed Jun 16, 2021 7:24    Post subject: Reply with quote
Thanks, here's what I've found tonight:

I did a hard reset and found that the ports on this build (compared to my previous one from March) are pretty messed up. Port 3 isn't functional by at all (though it gives a link light), and the green/red port indicators in the GUI are all tied to the state of the WAN port! I've attached the photo evidence you requested. Left side has the WAN plugged in, right side a moment later has it unplugged. This is in a default config, re-verified a few times.

So I went back to build 46130, and everything is correct with the ports, their order, and their GUI indicators. Something broke after that. BTW, this is actually one of those rebadged-by-tmobile devices, if that matters.

I reconfigured my settings from scratch rather than restoring an nvram backup this time, but I still don't have the VLAN project working. Maybe I'll revert builds on device B too.



router-ports.png
 Description:
 Filesize:  1.2 MB
 Viewed:  1594 Time(s)

router-ports.png



router-ports2.png
 Description:
 Filesize:  1.08 MB
 Viewed:  1569 Time(s)

router-ports2.png


kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14102
Location: Texas, USA

PostPosted: Wed Jun 16, 2021 13:42    Post subject: Reply with quote
Somehow, I think your pictures don't quite line up; the one with all green should have all ports connected. Or, is this the issue - with WAN connected, all are green and with it disconnected, all are red?

I edited your post because of image width. Keep in mind max image width of attached images is 768 pixels per forum rules and guidelines; otherwise, use an image hosting site and link the full images, not the thumbnails.

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Roger W
DD-WRT Novice


Joined: 23 Apr 2014
Posts: 22

PostPosted: Wed Jun 16, 2021 19:09    Post subject: Reply with quote
Thanks. Yes, the port issue on current builds and clean flash is that (a) port 3 didn't work at all, and (b) the status in the GUI is incorrect; the actual status of the WAN port is replicated into the status of the LAN ports.

On a build from 3 months ago, neither of these were a problem.

But, I still haven't gotten my VLAN working on either build. Hoping for advice on my original questions from someone with experience at that.
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 7463
Location: Dresden, Germany

PostPosted: Thu Jun 17, 2021 4:58    Post subject: Reply with quote
please check the following (with telnet or ssh)
nvram get sw_lan1
nvram get sw_lan2
nvram get sw_lan3
nvram get sw_lan4
nvram get sw_wan

i assume that all the values are identical (which is wrong).
to correct this, you can do
nvram set sw_lan1=1
nvram set sw_lan2=2
nvram set sw_lan3=3
nvram set sw_lan4=4
nvram set sw_wan=0

(this value is for ac68 only, other routers are having different values)

these variables are used to show the correct order and port on the right position. consider that these values are generated at boot time. so its only a temporatily fix if you do not reboot the router in between

edit:
i installed the version now on a ac68. but all ports are working correct. no issues. no swapping. did you mess up with your nvram settings like vlan1ports and vlan2ports?

_________________
"So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
Roger W
DD-WRT Novice


Joined: 23 Apr 2014
Posts: 22

PostPosted: Thu Jun 17, 2021 7:56    Post subject: Reply with quote
Thanks, I can confirm there's something weird on mine -

When I install build 46854 and erase nvram and reboot, none of those variables are defined at all. That results in what I photographed above.

When I start with a clean configuration on build 46130, which is what I used previously, and then upgrade to 46854 without wiping nvram, then I have
sw_lan1 = 1
sw_lan2 = 2
sw_lan3 = 4
[sw_lan4 is not defined]
sw_wan = 0

setting sw_lan3 and 4 as you suggest does fix the display.

To reiterate what I mentioned somewhere above, my device is the "T-mobile AC-1900" which was apparently a rebadged RT-AC68U, but might in fact have some differences?

Meanwhile, I got *really* close to solving my vlan problem tonight - I got Device A trunking correctly, because I was able to access device B from vlan1, and also to get a PC on the vlan3 port of device B to be online. I *thought* I saved that config for both, but something is wrong because I can't get back to it now. And I never get Device B's other ports for vlan1 working.

I guess I need to go back to a previous checkpoint config and work forward from there again.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum