Posted: Wed Mar 10, 2010 4:58 Post subject: VLan routing setup
I was advised to use ddwrt instead of a cheap cisco router for what I'm trying to do.
I've got a L2 switch that I setup 2 vlans with the router port 1 hooked up to the switch port 1.
Port 1 is on both vlans and I want ddwrt to rout vlan traffic. Port 2 is my server for dhcp and both ports are trunking.
I want to use the server for dhcp because I'm also going to use vmware to run ipcop and other stuff.
My big question is how can I setup ddwrt to route the vlans? I've only been able to find info on breaking up the router ports into vlans but not actual vlan routing through a single port.
Any links to tutorials or explanation would be great.
its without function i guess try it, but nothing will happen. you may create multiple vlans and bridge and unbridge ( seperating networks )them..but tagging will not work.
s.o. correct me, if i am wrong. _________________ RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
VLAN's do work, but not all hardware fully/partially supports it. The old G spec models typically support VLAN's and a few N spec models with 100 base-T switches do to, but no gigabit switches do.
To get routing between the VLAN's, first assign your ports, save the settings, and reboot the router to make the VLAN assignment take affect. Then on the networking page make sure that you unbridge the VLAN's and assign them an IP address/subnet mask for their network segment. This will automatically add the routes to the routing table. Then you need to turn off the SPI firewall on the security page or add iptables rules to your firewall script. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
VLAN's do work, but not all hardware fully/partially supports it. The old G spec models typically support VLAN's and a few N spec models with 100 base-T switches do to, but no gigabit switches do.
To get routing between the VLAN's, first assign your ports, save the settings, and reboot the router to make the VLAN assignment take affect. Then on the networking page make sure that you unbridge the VLAN's and assign them an IP address/subnet mask for their network segment. This will automatically add the routes to the routing table. Then you need to turn off the SPI firewall on the security page or add iptables rules to your firewall script.
Thanks alot, you got me further with this than I was previously, much appreciated.
VLAN's do work, but not all hardware fully/partially supports it. The old G spec models typically support VLAN's and a few N spec models with 100 base-T switches do to, but no gigabit switches do.
To get routing between the VLAN's, first assign your ports, save the settings, and reboot the router to make the VLAN assignment take affect. Then on the networking page make sure that you unbridge the VLAN's and assign them an IP address/subnet mask for their network segment. This will automatically add the routes to the routing table. Then you need to turn off the SPI firewall on the security page or add iptables rules to your firewall script.
Thanks but I've got a managed switch, any way to just use this for vlan routing? I've also got a server I'd like to use for dhcp and a couple vmachines I'd like to run on different vlans. So if I can get this to just route vlans I'd be all set.
Can you show us the configuration you have done so far (screenshots if possible)? Also include the switch maker, model and configuration (screenshots if possible).
VLAN's do work, but not all hardware fully/partially supports it. The old G spec models typically support VLAN's and a few N spec models with 100 base-T switches do to, but no gigabit switches do.
To get routing between the VLAN's, first assign your ports, save the settings, and reboot the router to make the VLAN assignment take affect. Then on the networking page make sure that you unbridge the VLAN's and assign them an IP address/subnet mask for their network segment. This will automatically add the routes to the routing table. Then you need to turn off the SPI firewall on the security page or add iptables rules to your firewall script.
Thanks but I've got a managed switch, any way to just use this for vlan routing? I've also got a server I'd like to use for dhcp and a couple vmachines I'd like to run on different vlans. So if I can get this to just route vlans I'd be all set.
Ideas?
First setup your switch with a 802.11q trunk port. Then in dd-wrt on the VLAN page check the "Tagged" box for the port you want to trunk with, and then check every VLAN that you want it to trunk. Reboot it for the VLAN's to take affect, and then either do as I said above about assigning each VLAN and IP to automatically create the routes, or add static routes. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Basically you have 3 devices: a router, a 6 port switch and a wireless port - see attached diagram.
The switch's ports are divided into port 0-3 (physical LAN ports are numbered differently) for the local LAN and Port 4 for the WAN. The switch's port 5 is connected to the router's eth0 port. Port 0 to 5 add up to 6 ports.
To separate the WAN traffic from the LAN traffic, the switch is divided into virtual LANs called VLANs. VLAN0 is LAN traffic (ports 0-3) and VLAN1 is WAN traffic (port 4). Each VLAN "appears" to be a totally separate switch - that's where the virtual part comes from.
NOTE: I've labelled the tagged VLANs as eth0.0 and eth0.1 on the following diagram which is a standard way of representing VLANs as subinterfaces on eth0 in routing BUT this is not the way that dd-wrt documentation represents them. The eth0.0 represents VLAN 0 and the eth0.1 represents VLAN 1
The connection between the switch (port 5) and the router (eth0) is called a trunk. A trunk is a connection that allows multiple VLAN traffic to pass through. In order for the trunk to identify which VLAN the data belongs to, the data frame is tagged with the VLAN number. This way when frame comes out an interface, it knows which VLAN it belongs to. Tagging only exists on the trunk.
What happens to trunk traffic that is not assigned (tagged) to a VLAN? By default it is assigned to VLAN0 (called the native VLAN or default ).
Traffic between the two VLANs is controlled by the router using iptable and ip route commands. So all data going to and from the LAN to the WAN port passes through the router.
Lastly, the wireless port eth1 (because it is not part of the switch) is bridged (using br0) to VLAN0 and is treated the same as any other port of the switch.
Now the fun part is that you are able to reconfigure and reassign any port to any VLAN and then apply new rules in the router to do the most amazing things!
One last point is that some versions of the hardware have the ports numbered differently. So in the original reference, you see [] brackets to add to the confusion ot reference the other versions of hardware.
Basically you have 3 devices: a router, a 6 port switch and a wireless port - see attached diagram.
The switch's ports are divided into port 0-3 (physical LAN ports are numbered differently) for the local LAN and Port 4 for the WAN. The switch's port 5 is connected to the router's eth0 port. Port 0 to 5 add up to 6 ports.
To separate the WAN traffic from the LAN traffic, the switch is divided into virtual LANs called VLANs. VLAN0 is LAN traffic (ports 0-3) and VLAN1 is WAN traffic (port 4). Each VLAN "appears" to be a totally separate switch - that's where the virtual part comes from.
NOTE: I've labelled the tagged VLANs as eth0.0 and eth0.1 on the following diagram which is a standard way of representing VLANs as subinterfaces on eth0 in routing BUT this is not the way that dd-wrt documentation represents them. The eth0.0 represents VLAN 0 and the eth0.1 represents VLAN 1
The connection between the switch (port 5) and the router (eth0) is called a trunk. A trunk is a connection that allows multiple VLAN traffic to pass through. In order for the trunk to identify which VLAN the data belongs to, the data frame is tagged with the VLAN number. This way when frame comes out an interface, it knows which VLAN it belongs to. Tagging only exists on the trunk.
What happens to trunk traffic that is not assigned (tagged) to a VLAN? By default it is assigned to VLAN0 (called the native VLAN or default ).
Traffic between the two VLANs is controlled by the router using iptable and ip route commands. So all data going to and from the LAN to the WAN port passes through the router.
Lastly, the wireless port eth1 (because it is not part of the switch) is bridged (using br0) to VLAN0 and is treated the same as any other port of the switch.
Now the fun part is that you are able to reconfigure and reassign any port to any VLAN and then apply new rules in the router to do the most amazing things!
One last point is that some versions of the hardware have the ports numbered differently. So in the original reference, you see [] brackets to add to the confusion ot reference the other versions of hardware.
This was such a helpful post in understanding the basics. Thank you
Joined: 04 Aug 2018 Posts: 1526 Location: Appalachian mountains, USA
Posted: Sat May 18, 2019 18:26 Post subject:
The original post in this thread doesn't appear to say which router model is under discussion. VLAN support is very router dependent. For example, the statement that the switches in the fast routers do not support VLAN trunking is clearly incorrect as a general statement. Depends on the router.
If you happen to be on a newer Linksys router, have a look at the posts by TheDude1864 in the thread at https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317199. (In my display they start at the bottom of the second page.) In addition to splitting up the router LAN ports into VLANs, he did some fancy things with tagging and trunking. All very specific to Linksys routers with Marvell processors though. _________________ Dynalink DL-WRX36 on 58753, Linksys MR7350 and MX4200v2 on 59171, Netgear XR500 and 3x Linksys WRT1900ACSv2 on 57200: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
try it, but nothing will happen. you may create multiple vlans and bridge and unbridge ( seperating networks )them..but tagging will not work.
