Reason: i found that by placing each VLAN on a bridge, specifically in R9000 case, it becomes stable and works nicely with vAPs: WLAN0, WLAN0.1, WLAN1 and WLAN1.1, in the end. (By contrast, i did not need to use bridges in setting up R7800 VLANs at all due its simpler design than the R9000).
Hence the brctl commands above in R9000.
please note, as VLANs are subsumed by corresponding bridges, you'll need to fill in details for each bridge instead of VLANS (on Networking under Setup tab). In other words, the bridges are taking over the control of the corresponding VLAN interfaces. This is a standard networking protocol, of course.
See attached pic. for example.
I then use the following commands to separate the bridges from one another which was lost due to VLANS being subsumed by bridges.
# block traffic from crossing bridge boundaries
iptables -I FORWARD -i br5 -o br+ -m state --state NEW -j REJECT
iptables -I FORWARD -i br6 -o br+ -m state --state NEW -j REJECT
iptables -I FORWARD -i br10 -o br+ -m state --state NEW -j REJECT
iptables -I FORWARD -i br12 -o br+ -m state --state NEW -j REJECT
(As detailed in V4.1. Now in one spot on page 5)
Lastly, i have no idea of how pfSense fits into your setup so i can't comment on your last point. Perhaps you want to post a simple diagram?
Sorry, I was trying to copy / paste from mobile while in train yesterday... and I forgot the br part:
# Bridging vlans for connection in the recalcitrant R9000
brctl addif br5 vlan5
brctl addif br6 vlan6
brctl addif br10 vlan10
brctl addif br12 vlan12
I will better explain with a diagram the configuration. I just discovered that if I unbridge (from networking tab) the eth0 port (SFP+), I don't get the dhcp from pfSense anymore.
FINALLY!!!
I got everything working. The only issue was related to eth0 tags. Under networking tab, I did add multiple tags for eth0 (exactly 5,6,8,10,12 as my VLANS), so that eth0.5 eth0.6 eth0.8 eth0.10 eth0.12 interfaces were created. Then, I assigned eth0.5 interface to related bridge br5, eth0.6 to bridge br6 and so on. I also removed every DCHP server under networking tab and...tadaaaaan...everything working: DHCP is being assigned via SFP+ trunk connection, for both WAPs and LAN ports.
Reason: i found that by placing each VLAN on a bridge, specifically in R9000 case, it becomes stable and works nicely with vAPs: WLAN0, WLAN0.1, WLAN1 and WLAN1.1, in the end. (By contrast, i did not need to use bridges in setting up R7800 VLANs at all due its simpler design than the R9000).
Hence the brctl commands above in R9000.
please note, as VLANs are subsumed by corresponding bridges, you'll need to fill in details for each bridge instead of VLANS (on Networking under Setup tab). In other words, the bridges are taking over the control of the corresponding VLAN interfaces. This is a standard networking protocol, of course.
See attached pic. for example.
I then use the following commands to separate the bridges from one another which was lost due to VLANS being subsumed by bridges.
# block traffic from crossing bridge boundaries
iptables -I FORWARD -i br5 -o br+ -m state --state NEW -j REJECT
iptables -I FORWARD -i br6 -o br+ -m state --state NEW -j REJECT
iptables -I FORWARD -i br10 -o br+ -m state --state NEW -j REJECT
iptables -I FORWARD -i br12 -o br+ -m state --state NEW -j REJECT
(As detailed in V4.1. Now in one spot on page 5)
Lastly, i have no idea of how pfSense fits into your setup so i can't comment on your last point. Perhaps you want to post a simple diagram?
Sorry, I was trying to copy / paste from mobile while in train yesterday... and I forgot the br part:
# Bridging vlans for connection in the recalcitrant R9000
brctl addif br5 vlan5
brctl addif br6 vlan6
brctl addif br10 vlan10
brctl addif br12 vlan12
I will better explain with a diagram the configuration. I just discovered that if I unbridge (from networking tab) the eth0 port (SFP+), I don't get the dhcp from pfSense anymore.
FINALLY!!!
I got everything working. The only issue was related to eth0 tags. Under networking tab, I did add multiple tags for eth0 (exactly 5,6,8,10,12 as my VLANS), so that eth0.5 eth0.6 eth0.8 eth0.10 eth0.12 interfaces were created. Then, I assigned eth0.5 interface to related bridge br5, eth0.6 to bridge br6 and so on. I also removed every DCHP server under networking tab and...tadaaaaan...everything working: DHCP is being assigned via SFP+ trunk connection, for both WAPs and LAN ports.
UPDATE: I had to remove "vconfig add eth1 x" commands, as they got broken after adding vlan tags within networking tab (the issue showed only after rebooting, when I noticed that vlans created by commands had disappeared). Then I decided to tag eth1 same method as eth0, thus creating eth1.5 eth1.6 eth1.10 eth.12....and finally I did include the newly created interfaces as before...so:
eth0.5 / eth1.5 to br5
eth0.6 / eth1.6 to br6
eth0.10 / eth1.10 to br10
eth0.12 / eth1.12 to br12
A Netgear R9000 came into my possession recently. And i researched about it online. My research went to various places. Numerous other posts by various posters, together with VLAN settings on my current R7800 shed a good light on the path to my VLAN solution.
The only way (i think) to make VLANs work as 'normally' as possible on R9000 is placing them on bridges. But then not totally on bridge if i can put it that way.
In a nutshell, Netgear R9000 is an unusual wireless router (with two internal switches) that it requires an unusual approach to tackle it. I call it the Recalcitrant R9000.
See attached PDF file. It's 5-page long.
I spent nearly two weeks on resolving it. So it should cover most relevant issues that i'm aware of. Especially for those not familiar with R9000. Lost a few hairs in the process so you don't have to.
P.S. Need to sign in to see the attached PDF file. Version 3 to visually aid setup process.
Hello.
I would like to replace my ISP's router with the netgear r9000. My fiber connection is PPPoE with VLAN 20.
I have been reading old threads about VLANs but nothing is clear to me and I am quite confused. One of them took me here. Great job from you.
I have read your guide and, to be honest, I don't know if it is possible to configure my router as the main router. I don't need to separate the vlans. Could you tell me if this is possible and how to do it?
I also have a linksys wrt32x router which is currently working perfectly as my main router. After much thought, I put the appropriate configuration:
swconfig dev switch0 set reset 1
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "6 0 1 2 3"
swconfig dev switch0 vlan 2 set ports "5 4t"
swconfig dev switch0 vlan 2 set vid 20
swconfig dev switch0 set apply
but I suspect that this will not be valid for the r9000 as it has 2 switches.
Any little help is welcome as I'm not very computer savvy.
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Sun Oct 02, 2022 23:51 Post subject:
Boassss wrote:
...
Any little help is welcome ...
Your ISP requires the WAN port to be tagged (i) and at VLAN20 (ii). Similar to what is depicted in the attached picture taken from Netgear R7800. And life would be much easier
But as ho1Aetoo mentioned, R9000 has two internal switches. It becomes a bit tricky to handle. And, i am far from being an expert. But we all start somewhere. So the saying goes.
Note that my R9000 is in production. It uses DHCP, not PPPoE as in your case, so i cannot take it off line, and test at will. However, if you're prepared to accept my trial-and-error method for, hopefully, a potential solution, i don't mind helping a traveler with my limited knowledge of R9000.
For a start, i amended your initial script to take into account the fact that:
- (i) No other VLAN needed, except the default VLANS, and VLAN20,
- (ii) Only port 3 of Switch 0 (i.e. WAN port) is needed to be tagged, everything else remains unchanged. So try the following script:
# Switch0 Config
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "0t 1 2 4t 6t"
swconfig dev switch0 vlan 20 set ports "3t"
swconfig dev switch0 set apply
Note: Please do not use the power on/off to reboot the R9000. Only use software function as described in my doc.
And let me know how it goes. _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
Your ISP requires the WAN port to be tagged (i) and at VLAN20 (ii). Similar to what is depicted in the attached picture taken from Netgear R7800. And life would be much easier
But as ho1Aetoo mentioned, R9000 has two internal switches. It becomes a bit tricky to handle. And, i am far from being an expert. But we all start somewhere. So the saying goes.
Note that my R9000 is in production. It uses DHCP, not PPPoE as in your case, so i cannot take it off line, and test at will. However, if you're prepared to accept my trial-and-error method for, hopefully, a potential solution, i don't mind helping a traveler with my limited knowledge of R9000.
For a start, i amended your initial script to take into account the fact that:
- (i) No other VLAN needed, except the default VLANS, and VLAN20,
- (ii) Only port 3 of Switch 0 (i.e. WAN port) is needed to be tagged, everything else remains unchanged. So try the following script:
# Switch0 Config
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "0t 1 2 4t 6t"
swconfig dev switch0 vlan 20 set ports "3t"
swconfig dev switch0 set apply
Note: Please do not use the power on/off to reboot the R9000. Only use software function as described in my doc.
And let me know how it goes.
First of all I would like to thank you for your collaboration.
Maybe I didn't explain myself well. My internet connection is PPPoE with VLAN 802.1Q = 20 (VLAN ID is 20), maybe that's why I should use
swconfig dev switch0 vlan 2 set ports "3t"
swconfig dev switch0 vlan 2 set vid 20
Just to make sure.
Tonight when everyone sleeps I will try and give my feedback. I can't leave my whole family offline. They would kill me...lol
# Switch0 Config
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "0t 1 2 4t 6t"
swconfig dev switch0 vlan 20 set ports "3t"
swconfig dev switch0 set apply
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Mon Oct 03, 2022 23:05 Post subject:
I assume that you forced a REBOOT of the router after saving the Startup script.
(The reboot, AFTER changes are made to its settings, is important. It may be seen as cumbersome upfront, but it was necessary to eliminate any unintended hiccups from the delayed internal processing of the R9000 due to its dual-switch design. That's what i found out during my two weeks of taming it).
With that agreement out of the way. I noticed that your router does not get an WAP IP of 0.0.0.0.
So let's approach from a different angle (based on suggestion by Per Yngve Berg with my modification):
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 2 set vid 20
swconfig dev switch0 vlan 2 set ports "3t 5t"
swconfig dev switch0 set apply
Save Startup, then followed by a reboot (from Admin/Management/Reboot Router).
and see how it goes.
BTW, what DDWRT version is it on now? _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
I assume that you forced a REBOOT of the router after saving the Startup script.
(The reboot, AFTER changes are made to its settings, is important. It may be seen as cumbersome upfront, but it was necessary to eliminate any unintended hiccups from the delayed internal processing of the R9000 due to its dual-switch design. That's what i found out during my two weeks of taming it).
With that agreement out of the way. I noticed that your router does not get an WAP IP of 0.0.0.0.
So let's approach from a different angle (based on suggestion by Per Yngve Berg with my modification):
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 2 set vid 20
swconfig dev switch0 vlan 2 set ports "3t 5t"
swconfig dev switch0 set apply
Save Startup, then followed by a reboot (from Admin/Management/Reboot Router).
and see how it goes.
BTW, what DDWRT version is it on now?
Good morning from Spain.
yeah sure, i rebooted 2 times and waited about 5 minutes.
my dd-wrt version is the newest (october 3).
thanks for your patience and advice.
tonight when everyone sleeps we will continue with the tests.
Can you show the full settings of your PPPoE as required by your ISP.
This gives a clearer picture in case i miss something critical along the way.
P.S. You'll need to black out username and password, of course.
No luck again.
After entering the startup and rebooting, my laptop could not get an ip address through ethernet (port 1), so I had to connect to wifi to access the GUI again and do a factory reset again.
The switch config tab apparently never changes, it always has the same options selected (before and after running the commands on startup).
One question: in the network tab -> wan port assignment, which option should I choose? vlan2 is always selected (other options are eth0, eth1, eth2, vlan1, etc)
Thank you very much for your great effort to help me. I am at your disposal to continue testing.
