Thanks everyone who made suggestions but I wasn't able to config vlans on my R7800 so they would survive a reboot. But I did learn a lot about vlans in the process! I will use @sweatbee's advice (provided in another thread a couple of years ago) and press Apply Settings on the Networking page after rebooting. The Interfaces in the Current Bridging Table show up properly in less than a minute.
Joined: 21 Aug 2019 Posts: 120 Location: Here, There And Everywhere
Posted: Sun Feb 19, 2023 0:49 Post subject:
Well, I've been playing with VLANs last days and it works for me (R7800, r51530). The code below goes into startup commands. But I had to be very patient with the bridge configuration (GUI). Create the bridge, wait a few minutes, reboot. Add to the bridge, wait a few minutes, reboot. And backup settings after each (minimal) step. I managed to mess it up completely only once .
Code:
sleep 3
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 3 4 6"
swconfig dev switch0 vlan 2 set ports "0 5"
swconfig dev switch0 vlan 8 set ports "1t 6t"
swconfig dev switch0 set apply
vconfig set_name_type VLAN_PLUS_VID_NO_PAD
vconfig add eth1 8
ifconfig vlan8 up
brctl addif br8 vlan8
Thanks for that, @ho1Aetoo. The issue with the R7800 was that on reboot the bridging table wouldn't reflect the bridging config. But @matjazk has found the answer to that.
Thanks for posting your config, @matjazk. I started from scratch with the config you see immediately below, but added your sleep 3 and waited for 2 minutes after each change, and, as you recommended, rebooted after each change too. Still no joy!
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "2 3 4 6"
swconfig dev switch0 vlan 3 set ports "1 6t"
swconfig dev switch0 set apply
vconfig set_name_type VLAN_PLUS_VID_NO_PAD
vconfig add eth1 3
ifconfig eth1.3 up
Then I made the last two commands mirror yours and now it works perfectly.
sleep 3
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "2 3 4 6"
swconfig dev switch0 vlan 3 set ports "1 6t"
swconfig dev switch0 set apply
vconfig set_name_type VLAN_PLUS_VID_NO_PAD
vconfig add eth1 3
ifconfig vlan3 up
brctl addif br1 vlan3
I didn't add the iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE firewall command. Did you? Did you make any changes to the firewall when you added your vlans? Cheers!
"As @Per Yngve Berg suggests, devices that share the same ethernet segment (VLAN) are *bridged*, NOT routed, among themselves, and the router's firewall only gets involved when routing is required. Bridged/switched devices always communicate *directly*, without any need for the router's firewall. In order to prevent communications between switched devices, you either have to use personal firewalls on those devices, or ebtables (an ethernet/bridged based firewall). I'm not a fan of using ebtables for various reasons, but for completeness, I'm still mentioning it.
P.S. For any *wireless* devices that share a bridge w/ that VLAN (e.g., br1), AP isolation will work, but only between the wireless clients. Wired devices always remain accesible. And that's because AP isolation is (essentially) a firewall managed by the wireless driver, NOT the router (iptables) or the switch (ebtables)."
Do you mean the bridge assignment of the new vlan? If so, I've added net isolation and a new IP, but whether default or unbridged I get an IP from the new subnet when connected to LAN port 1/4 via ethernet cable.
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Mon Feb 20, 2023 20:30 Post subject:
Ontarier wrote:
Do you mean the bridge assignment of the new vlan?
Yes.
Quote:
... but whether default or unbridged I get an IP from the new subnet when connected to LAN port 1/4 via ethernet cable.
because of a conflicting option with a higher priority (CLI) enabled by you. _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
When connected to the VLAN by ethernet cable I get an IP from the VLAN and can't ping the router whether Default or Unbridged in the GUI. Other than the IP address difference, when connected to a non-VLAN port I can ping the router in Default and cannot in Unbridged. So I think leaving the setting at Default gets me what I want, but I don't want any conflicts in my config. What would you suggest to make this right?
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Tue Feb 21, 2023 18:29 Post subject:
By design,
VLAN creates a network, separate from another.
Router's mgt GUI is in main network.
Bridge joins different interfaces together in one network.
You confuse about their functions. I let you read up on fundamentals of VLAN and bridge. _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
Both @matjazk’s and @ho1Aetoo’s recommendations solve the problem of the VLAN config not surviving a reboot on the R7800. I stayed with @ho1Aetoo’s for the following...
Startup Commands:
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "3 4 6"
swconfig dev switch0 vlan 3 set ports "2 6t"
swconfig dev switch0 vlan 4 set ports "1 6t"
swconfig dev switch0 set apply
(I didn’t add any firewall commands.)
Networking/VLAN Tagging:
Interface eth1 Tag Number 3
and
Interface eth1 Tag Number 4
Bridging
Created br1 and br2
Assign to Bridge
br1 and eth1.3
br1 and wlan0.1
br2 and eth1.4
br2 and wlan1.1
Interface Setup
Left eth1.3 and eth1.4 at Default
br1 and br 2: Added Net Isolation and new IPs on different subnets
Networking DHCPD
Added br1 and br2
Any other thoughts/recommendations?
Thanks again ho1Aetoo, matjazk, Per Yngve Berg, DWCruiser, Alozaros, and blkt!!!