Posted: Sun May 01, 2022 0:21 Post subject: How to set up VLANs on a R7800 using only the GUI
[2022-09-07] Many months later, after writing this, I realize this only worked because I had the WAN port disabled. If you are creating a VAP/WAP with this router and NOT using it as an Internet gateway, this method should work fine. However, if you are going to use your R7800 as an Internet gateway, this method WILL NOT WORK and you are far better off to follow the guide that @egc wrote.
How to create vlans using the GUI on a Netgear R7800. Yes it's possible but it's also a Pain in the ASS!
Factory Reset - After a factory reset, the Switch Config tab will not be present (at least in my case it is not, after several attempts). If this is the case, you can only access it using http://192.168.1.1/Vlan.asp directly. Please note this is CaSe Sensitive.
EDIT:As mentioned by @ho1Aetoo below, you might get the Switch Config tab after a second reboot. This did not happen in my case.
Now that you are looking at the Switch Config tab, you will notice that the VLANs are appearing to not be correct by default. Ports 1-4 are on VLAN0 and the WAN is on VLAN1 (Not really, but the GUI says so). This is not correct and must be changed before doing anything else. (Photo 1) Note this is cosmetic only. In reality, the ports are correct internally. Enabling SSHd and logging into your router and doing this will prove it:
This is correct. It is just the GUI that is wrong and if you don't fix it first and foremost, nothing will ever work. Once this is corrected further down, the Switch Config tab should now show up after your reboot, with the correct settings. To correct this, you must put ports 1-4 on VLAN1 and the WAN on VLAN2. Do this then save. DO NOT CLICK APPLY. It will lock up if you do. Either power cycle the router or go to the Administrator tab and reboot from there (Photo 2).
Once it comes back up, go back to the Switch Config tab and create your new VLANs. Create all you need at the same time by clicking the ADD button as many times as necessary. They will be added as VLAN3, 4, 5 etc (I highly recommend starting with any number 10 or above). Next, assign them to whatever VLAN number you want, using 10 and above. Now click Save (again, do not click Apply) Power cycle or reboot your router (Photo 3).
Now, it's time to create your bridges and bridge assignments. Again, make as many changes/additions here as you need, click Save, reboot. Do Not Apply. Do bridges first, save/reboot, then your Bridge Assignments after it comes back up. Again, save/reboot.
I duplicated the VLANS on my R6250 which I was able to do completely via the GUI with no workarounds. the R7800 has been tested and working well.
Another bug: In this case, my cable is plugged into Port 4 and working, but the GUI shows it as disconnected in some of the screenshots. Another LIE!! Seems that it's intermittent. YMMV.
EDIT: While this method does work, it is time consuming to set up. Doing VLANs via Startup commands while somewhat challenging on this router, is by far a more efficient and faster method. This post was mostly done as a proof-of-concept therefore proving that while it is not a very efficient method, it is indeed quite possible. _________________ Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r53562
Features in use: WDS-AP, Multiple VLANs, Samba, WireGuard, Entware: mqtt, mlocate
Netgear R7800 (WDS-AP, WAP, VAP) - DD-WRT r53562
Features in use: multiple VLANs over single trunk port
Linksys EA8500 WDS Station x2 - DD-WRT r53562
Netgear R6400v2 WAP, VAP 2.4ghz only w/VLANs over single trunk port.
OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.
Forum member #248
Last edited by lexridge on Wed Sep 07, 2022 12:53; edited 5 times in total
Joined: 16 Nov 2015 Posts: 6411 Location: UK, London, just across the river..
Posted: Sun May 01, 2022 3:18 Post subject:
R6250 is Broadcom, where R7800 is Qualcomm-Atheros totally different routers/vendors..although on the new builds they both use the same command "swconfig" on Broadcom routers GUI for Vlans works out of the box...on R7800 your best bet is via start up commands...in fact for both best choice is start up commands...
as in the past R7800 was getting bootlooped using GUI for VLAN (that was fixed)
if this will help you out, this is what i have for 2 VLANs (on those 2 ports next to the WAN) ports 3,4...
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 10 set ports "3 6t"
swconfig dev switch0 vlan 20 set ports "4 6t"
swconfig dev switch0 set apply
vconfig add eth1 10
vconfig add eth1 20
brctl addif br1 eth1.10
brctl addif br2 eth1.20
ifconfig eth1.10 192.168.12.1 netmask 255.255.255.0
ifconfig eth1.20 192.168.16.1 netmask 255.255.255.0
ifconfig eth1.10 up
ifconfig eth1.20 up
bear in mind those are on separated bridges...so, you need to add dhcpd on their belonging br in order to get DHCP
and dont forget you'd need this line too
iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE
in fact there is a nice messy thread with all the knowledge about Vlans on R7800 (vlans in general)
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1122449 _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
R6250 is Broadcom, where R7800 is Qualcomm-Atheros totally different routers/vendors..although on the new builds they both use the same command "swconfig" on Broadcom routers GUI for Vlans works out of the box...on R7800 your best bet is via start up commands...in fact for both best choice is start up commands...
as in the past R7800 was getting bootlooped using GUI for VLAN (that was fixed)
if this will help you out, this is what i have for 2 VLANs (on those 2 ports next to the WAN) ports 3,4...
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 10 set ports "3 6t"
swconfig dev switch0 vlan 20 set ports "4 6t"
swconfig dev switch0 set apply
vconfig add eth1 10
vconfig add eth1 20
brctl addif br1 eth1.10
brctl addif br2 eth1.20
ifconfig eth1.10 192.168.12.1 netmask 255.255.255.0
ifconfig eth1.20 192.168.16.1 netmask 255.255.255.0
ifconfig eth1.10 up
ifconfig eth1.20 up
bear in mind those are on separated bridges...so, you need to add dhcpd on their belonging br in order to get DHCP
and dont forget you'd need this line too
iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE
I am aware of all of these threads. Plus, I configured this router (R7800) using startup commands successfully before spending 9.5 hours figuring out how to work thru the GUI bugs. There are so many posts talking about how it's impossible to use the GUI to set up VLANs on the R7800 (and the EA8500 for that matter), I was determined to figure out a way to make it work on it, and I did, finally.'
Yes, the 6250 is Broadcom. My goal was to replace the garage router (6250) with the r7800. I just tried to duplicate it on an Atheros platform. Successfully in the end.
The entire point of this thread was to bring attention to the fact that the Switch Config is totally fscked for the r7800. While it can be made to work, it is not ideal by long shot. _________________ Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r53562
Features in use: WDS-AP, Multiple VLANs, Samba, WireGuard, Entware: mqtt, mlocate
Netgear R7800 (WDS-AP, WAP, VAP) - DD-WRT r53562
Features in use: multiple VLANs over single trunk port
Linksys EA8500 WDS Station x2 - DD-WRT r53562
Netgear R6400v2 WAP, VAP 2.4ghz only w/VLANs over single trunk port.
OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.
Factory Reset - After a factory reset, the Switch Config tab will not be present (at least in my case it is not, after several attempts). If this is the case, you can only access it using http://192.168.1.1/Vlan.asp directly. Please note this is CaSe Sensitive.
Has been known for a long time and the switch config page is back after a second reboot.
Has been known for a long time and the switch config page is back after a second reboot.
I tried many things to retrieve the switch config page. Hardware resets (button), software resets (inside DDWRT), multiple boots, etc. Never could get it to show up. Then I looked at the URL on my EA8500 and entered that directly on the R7800, which of course works. Once it's changed and saved, it then shows up. I would say this probably differs depending on slight differences in the manufacturing process? Just a guess of course, but my EA8500 reacts in a very similar fashion. The vlans are wrong after a factory reset in the GUI, but not in the internals.
I will have to try another factory reset on this and compare the vlans as you provided above, compared to first boot, and sequential boots and see if this matches on mine. I tend to think it won't, since after multiple boots I was never able to get the switch config to show.
This does not explain the lock ups when Applying changes however. I don't recall having this problem at all on the 8500.
A big thanks to all for your replies. Really good information here. _________________ Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r53562
Features in use: WDS-AP, Multiple VLANs, Samba, WireGuard, Entware: mqtt, mlocate
Netgear R7800 (WDS-AP, WAP, VAP) - DD-WRT r53562
Features in use: multiple VLANs over single trunk port
Linksys EA8500 WDS Station x2 - DD-WRT r53562
Netgear R6400v2 WAP, VAP 2.4ghz only w/VLANs over single trunk port.
OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.
actually i just wanted to compare the nvram variables
since I have also noticed the problem with the missing switch tab
This issue has survived for a long time with no real effort to document the problem well enough to employ a fix in the code. I just really wanted to point out some of the bugs and a potential way to work around them. Not ideal by any means, and probably is a simple fix in the code base to correct it. As we both know, finding it is always the hard part. _________________ Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r53562
Features in use: WDS-AP, Multiple VLANs, Samba, WireGuard, Entware: mqtt, mlocate
Netgear R7800 (WDS-AP, WAP, VAP) - DD-WRT r53562
Features in use: multiple VLANs over single trunk port
Linksys EA8500 WDS Station x2 - DD-WRT r53562
Netgear R6400v2 WAP, VAP 2.4ghz only w/VLANs over single trunk port.
OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Tue May 10, 2022 7:06 Post subject:
Just simply wanted to add to the discussion above re VLANs using GUI.
Probably not what you want to hear but the post below by eibgrad provides some hints (read limitations) as to why.
Quote:-------
'I'll tell you what I tell everyone about VLANs w/ dd-wrt.
VLANs are hardware dependent, and as such, questions need to be asked in the relevant forum for your router's chipset (TP-Link is typically Qualcomm/Atheros). Each chipset has its own way of handling it. For example, in the case of Atheros (iirc), it uses its own switch utility called swconfig.
That's why VLAN (re)configuration rarely works using the GUI. It was originally designed for Broadcom routers, specifically the now ancient Linksys WRT54G series. As other brands w/ other chipsets got support from dd-wrt, little to no effort was made to keep the VLANs portion of the GUI compatible. It just fell by the wayside. And that's why nearly all VLAN support requires scripting and the CLI.
In short, it's NOT a pretty picture for anyone needing VLAN support and expecting to have it work w/ the GUI. And it's why many of us in tech support don't get involved in it (particularly in this forum). Even if we wanted to, it would likely mean needing access to the exact same hardware as you to diagnose any problems. And why it's best you address your issues in the relevant forum, where the likelihood of that happening is much greater.
Just simply wanted to add to the discussion above re VLANs using GUI.
Probably not what you want to hear but the post below by eibgrad provides some hints (read limitations) as to why.
Quote:-------
'I'll tell you what I tell everyone about VLANs w/ dd-wrt.
It was originally designed for Broadcom routers, specifically the now ancient Linksys WRT54G series. As other brands w/ other chipsets got support from dd-wrt, little to no effort was made to keep the VLANs portion of the GUI compatible. It just fell by the wayside. And that's why nearly all VLAN support requires scripting and the CLI.
---End quote
Coincidentally, I upgraded a WRT54GL v1.1 today to the latest DD-WRT release just for the hell of it (it is not in service), and discovered swconfig is nowhere to be found on this device. Also, the Switch Config tab was pretty useless. Any changes to this page yielded the router un-bootable. It didn't brick, but was only useful again after a full reset (via reset button). Weird thing, the VLAN I created, even though not at all functional, would not go away with a factory reset. I had to manually remove it to remove it from the GUI (it did not show at all with the "ip a" command). _________________ Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r53562
Features in use: WDS-AP, Multiple VLANs, Samba, WireGuard, Entware: mqtt, mlocate
Netgear R7800 (WDS-AP, WAP, VAP) - DD-WRT r53562
Features in use: multiple VLANs over single trunk port
Linksys EA8500 WDS Station x2 - DD-WRT r53562
Netgear R6400v2 WAP, VAP 2.4ghz only w/VLANs over single trunk port.
OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Thu May 12, 2022 1:54 Post subject:
lexridge wrote:
Coincidentally, I upgraded a WRT54GL v1.1 today to the latest DD-WRT release just for the hell of it (it is not in service), and discovered swconfig is nowhere to be found on this device. Also, the Switch Config tab was pretty useless. Any changes to this page yielded the router un-bootable. It didn't brick, but was only useful again after a full reset (via reset button). Weird thing, the VLAN I created, even though not at all functional, would not go away with a factory reset. I had to manually remove it to remove it from the GUI (it did not show at all with the "ip a" command).
I do feel and share your strong desire of wanting to make something simpler and easy to work by anybody. I am of a student of that school. But let me cite a short story.
I used to be an expert of DOS-based LOTUS 1-2-3 in the late 80s. I co-wrote its macros to transform a Lotus spreadsheet into a powerful tool to collect and consolidate the Annual Financial Results of >50 subsidiaries of the biggest corporation in Australia at a press of a few buttons. So to speak.
Then came along Windows-based Excel. My expertise in Lotus became redundant after Excel established its foothold in business. The increasing popularity of Windows as OS soon sent DOS-based Lotus to its graveyard.
My point is IT moves so fast that expecting every aspect of a software to be perfect may not be as wise as accepting its limitations and workaround it, which you did. Sony's Betamax was superior to VHF (both video formats). Betamax lost the race to VHF. Both are now obsolete.
And we moved on to DVD, then BLu-ray, and now streaming.
But it does not change the fact that we all want DDWRT to be the best alternative software for routers in the meantime. _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
Joined: 16 Nov 2015 Posts: 6411 Location: UK, London, just across the river..
Posted: Thu May 12, 2022 10:23 Post subject:
i was using/struggling GUI vlan config on my both routers R7800 as well R7000 until it got messy, than learned how to do it via swconfig commands and ever since no problems, especially since Broadcom moved to the use of swconfig too...
Now im using vlans on my R7800, R7000, 1043v2 all via commands instead of GUI...the good thing is it never fails and it works 100%, where via GUI there is always a function to translate those GUI values into a commands and there how it comes the trouble...and i guess to keep up those in order, it takes more effort in revising/revoking the code every time, where there is change or an update around those objects...like to swap the name of the interface from ath0 to wlan0...
So, yep i do agree there must be a more detailed wiki about VLAN's set up via start up commands, so the newcomers will get the free lunch and not bitching about it...sadly those can vary a bit, from router to router....
For me, it also took me a day to go trough, testing and reading/understanding it...but at the end, it's not a rocket science..once you learn the model/basics its easy.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Wed Sep 07, 2022 18:31; edited 1 time in total
Joined: 05 Oct 2008 Posts: 666 Location: Helsinki, Finland / nr. Alkmaar, Netherlands
Posted: Thu Aug 25, 2022 8:39 Post subject: Re: How to set up VLANs on a R7800 using only the GUI
lexridge wrote:
How to create vlans using the GUI on a Netgear R7800. Yes it's possible but it's also a Pain in the ASS!
This is correct. It is just the GUI that is wrong and if you don't fix it first and foremost, nothing will ever work. Once this is corrected further down, the Switch Config tab should now show up after your reboot, with the correct settings. To correct this, you must put ports 1-4 on VLAN1 and the WAN on VLAN2. Do this then save. DO NOT CLICK APPLY. It will lock up if you do. Either power cycle the router or go to the Administrator tab and reboot from there (Photo 2).
I figured I could try that first step on my R7800 running f/w 49866, even though I currently have no plans to set up a VLAN.
I made the changes in the GUI, saved and then rebooted.
No WAN access (no IP). I edited the switch settings back to what they were before, saved and rebooted.
Now I also lost access to the router. Laptop didn't get an IP.
So eventually had to reset the router and restore previously saved settings.
Joined: 18 Mar 2014 Posts: 12839 Location: Netherlands
Posted: Thu Aug 25, 2022 15:22 Post subject:
According to the OP you can use the Switch Config tab (and yes the switch config tab does something with the settings but it will always tag both CPU ports which is often unwanted and cannot be corrected with the GUI as the CPU ports are not shown).
I tried it with the same problems you had, maybe it is possible with tricks and magic and for very special setups but you are better of using a script.
From my notes (but that is just my opinion):
Quote:
As this is a two armed router (two physical CPU ports to the switch) it is behaving erratically when the GUI (Switch Config) is used.
So what ever happens DO NOT TOUCH the Switch Config tab (not after and not before midnight!)
Many months later, after writing this, I realize this only worked because I had the WAN port disabled. If you are creating a VAP/WAP with this router and NOT using it as an Internet gateway, this method should work fine. However, if you are going to use your R7800 as an Internet gateway, this method WILL NOT WORK and you are far better off to follow the guide that @egc wrote. This has also been added to the OP. _________________ Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r53562
Features in use: WDS-AP, Multiple VLANs, Samba, WireGuard, Entware: mqtt, mlocate
Netgear R7800 (WDS-AP, WAP, VAP) - DD-WRT r53562
Features in use: multiple VLANs over single trunk port
Linksys EA8500 WDS Station x2 - DD-WRT r53562
Netgear R6400v2 WAP, VAP 2.4ghz only w/VLANs over single trunk port.
OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.