802.1q VLAN tagging on Netgear r7000 and r8000

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
Cobra1582
DD-WRT User


Joined: 29 Nov 2011
Posts: 104

PostPosted: Mon Oct 31, 2022 21:14    Post subject: 802.1q VLAN tagging on Netgear r7000 and r8000 Reply with quote
hi does either or both above devices support vlan tagging or is it only port based, from what i can see looks like it is only port based?


Cheers

D
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Mon Oct 31, 2022 21:52    Post subject: Reply with quote
They both support vlan tagging, that is to say I have an R7000 so for that one I am sure, but the R8000 is similar.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Wed Nov 23, 2022 16:51; edited 1 time in total
Hapi12021
DD-WRT User


Joined: 22 Jul 2021
Posts: 84

PostPosted: Mon Oct 31, 2022 22:16    Post subject: Re: 802.1q VLAN tagging on Netgear r7000 and r8000 Reply with quote
Cobra1582 wrote:
hi does either or both above devices support vlan tagging or is it only port based, from what i can see looks like it is only port based?


Cheers

D


Yes, R8000 supports 802.1q tags and mine has a mix of single VLAN ports and trunks. The trunks go to other devices that natively support .1q and have sub-interfaces on different logical LANs.

Where you may need to be more “hands-on” and fine-tune is in the bridging and firewall tables to get the exact access you need (or wish to prevent), between VLANs, while the GUI is good for general setup. You might also find that the switch-config page in the GUI still lists the physical ports in reverse-order, possibly, temporarily, confounding any testing.
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Wed Nov 23, 2022 12:13    Post subject: Re: 802.1q VLAN tagging on Netgear r7000 and r8000 Reply with quote
Hapi12021 wrote:
Cobra1582 wrote:
hi does either or both above devices support vlan tagging or is it only port based, from what i can see looks like it is only port based?


Cheers

D


Yes, R8000 supports 802.1q tags and mine has a mix of single VLAN ports and trunks. The trunks go to other devices that natively support .1q and have sub-interfaces on different logical LANs.

Where you may need to be more “hands-on” and fine-tune is in the bridging and firewall tables to get the exact access you need (or wish to prevent), between VLANs, while the GUI is good for general setup. You might also find that the switch-config page in the GUI still lists the physical ports in reverse-order, possibly, temporarily, confounding any testing.


Since you've experience with the R7000 can you check my posts here? https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1272667

I've had issues making it tag some some ports and dump the traffic untagged in others... Thank you.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
Hapi12021
DD-WRT User


Joined: 22 Jul 2021
Posts: 84

PostPosted: Wed Nov 23, 2022 15:26    Post subject: Re: 802.1q VLAN tagging on Netgear r7000 and r8000 Reply with quote
TCB13 wrote:

Since you've experience with the R7000 can you check my posts here? https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1272667

I've had issues making it tag some some ports and dump the traffic untagged in others... Thank you.


I don’t have any experience with the R7000, only R8000. EGC commented on the 7000.

In my config, I don’t have any untagged ports that are on VLAN 0, if that’s what you are looking for. My untagged ports sit on specific VLANs.

I’m not sure in DD you could just have a “real” VLAN 0, with tagged and untagged traffic, like you do on managed switches. In DD, for a trunk, you simply tag all the VLANs you want on the port, and pick them up on the other device. Note that the other device must support 802.1q to unwind the trunk into sub-interfaces or onto separate bridges, locally. You might be able to do something like what you want with Linux’s VSwitch, on top of the physical switch, for creating entry and exit policy and other advanced features. However, I haven’t tested if VSwitch is even compiled and present in DD to begin with.

The “switch” inside of most consumer routers is still fairly limited in capability and features, compared to a dedicated managed switch. Think of the device as a router with extra ports, and not a full-blown switching device, and that’s a more accurate framework to configure its hardware. That means a bridge per VLAN and making sure all the bridges are set up on the networking tabs before heading to the switch config tab to tag ports.

If you are using the router with the firewall enabled for NAT, e.g. a typical internet gateway, stay away from VLANs 2 and 1 and 0 as they are used by the firmware for WAN and LAN, default, respectively. Traffic on the default VLAN is highly discouraged due to inherent security problems with VLAN-hopping.

Start your VLAN assignments consecutively at 3. PVID and overloading the VID has a bad history on consumer routers and not every device is compatible. If you test and know it works, great, but don’t start out that way for testing.


Last edited by Hapi12021 on Thu Nov 24, 2022 15:39; edited 7 times in total
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 704
Location: Earth

PostPosted: Wed Nov 23, 2022 15:39    Post subject: Reply with quote
R8000 is really just R7000 with extra (gimmick) 5.0Ghz Wifi radio band.
_________________
Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.

No one can build you the bridge on which you, and only you, must cross the river of life!
Hapi12021
DD-WRT User


Joined: 22 Jul 2021
Posts: 84

PostPosted: Wed Nov 23, 2022 19:59    Post subject: Reply with quote
foz111 wrote:
R8000 is really just R7000 with extra (gimmick) 5.0Ghz Wifi radio band.


Gimmick or not, I use low 5GHz as a backhaul and the high 5GHz and 2.4 as client WLANs and it works fine.
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 704
Location: Earth

PostPosted: Fri Nov 25, 2022 10:38    Post subject: Reply with quote
When i say gimmick, i mean the WAN is the bottle neck, but if using spare radio for BH then that's a great option. Wink
_________________
Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.

No one can build you the bridge on which you, and only you, must cross the river of life!
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum