Joined: 29 Jul 2018
|Posted: Sun Jul 29, 2018 2:00 Post subject: Linksys E900 VLAN SSH upgrade nightmares Help
|about 2? years ago I started out with just getting
onto the E900 ( I'm so frustrated and I don't see a hardware revision on the bottom ) box to use VLANs.
on and off 2 years later I'm still trying to figure out how VLANs work on DDWRT or just to get them to work .
after revisiting this multiple times and now getting nowhere on vlans and then recently trying to enable SSH and reading about the SSH issue with that version of firmware I decided it was time to learn how to update, so in comes
I thought it updated find but then I started having issues so I didn't think the upgrade went correct, this is also where I found out I've been hitting the stupid WPS button and not the reset button ( one button is on the bottom and it's not the button next to the power cord which makes more sense what a stupid concept for manufacturers. and a bit of a dumb sleep deprived moment because I knew that but have been so frustrated that I forgot it. ) At least it explained some of my issues with things not totally resetting but I was still having issues with the VLAN page tab not resetting. at one point in this mess I lost the capability to use virtual APs they were configured the same way I did in the past and worked before but now no matter what I did would get them to show up in a Wi-Fi menu.
not even the web GUI reset button was working a full reset.
so I took the plunge and went back to factory firmware
which is where I think I started having flashing failures both on Firefox Linux, Firefox Mac, Safari. I was able to get DD WRT back on but it wouldn't be fully reset, it would ask to set the password but it still didn't seem like a clean install so I tried going over it and I don't know anymore. I was having the flashing process sit there for 2 hours or more before coming back and saying it failed. it also didn't help that my Linux laptop decided every 5 min. to drop the ethernet connection then pop up a little blurb to tell me, this is when I decided to switch over to my Mac which has a stable connection and I've used many times for firmware updates before but I was still having the flashing process sit there for 2 hours or more before coming back and saying it failed.
so after a night of frustration I decided to go back to factory default firmware again.
I lost the LAN connections and had to reenable that through Wi-Fi to VLAN1.
hey guess what I lost the LAN connection then regained it and the settings went back to with it working on VLAN0 ????.
so I think I'm now finally back at a stable install???????????????
so here's the plan/goals/original intent.
I have now a dual WAN PFSense box 10.2.2.225 ( troubleshooting connectivity issues I ended up setting it up for some more redundancy ) set up to connect on WAN0 to a netgear cellular modem 10.2.2.1, and WAN1 10.3.3.43 DHCP connected to a Wi-Fi bridge 10.3.3.222 in client mode that connects wirelessly to a netgear Wi-Fi hotspot 10.3.3.1. this comes out the LAN port UTI 10.7.7.0 to my network mostly wired with a couple of access points 1 for me and 1 for my parents/guests.
on the opt1 port I have PFSense configured to have…
- UTI - untagged interface disabled.
- VLAN6 - currently bridged to the LAN 10.7.7.0, might eventually get broken off to its own segment for my parents/guest devices.
- VLAN7 - this is bridged to my LAN 10.7.7.0 and is also management.
- VLAN8 - this is the upcoming IOT segment 10.5.6.0.
- VLAN99 - printing this in here for completeness it is currently set up as a test VLAN and is temporary and will probably get deleted at some point as it bridges straight through to the opt2/WAN2 interface since that currently lies on a private 10.3.3.x network WANLAN-NAT-WAN connection to the outside world.
and as of yesterday Y180727 or 7/27/18 it now properly works passing all 4 VLANs that don't have a IP address conflicts on a Mac 10.6, Win XP and Ubuntu ( VLANs were much easier than I thought it would be to set up at least on computers that is ) systems.
the goal is to have one cable going from the PFsense box OPT1 to the WAN port of the E900.
the WAN port would be tagged to have…
- UTI - untagged interface disabled ( theoretically I would like to have this enabled on the E900 as a failsafe, plug-in computer, set IP manually, no VLAN settings to access GUI config. it seems as simple as bridging it to the LAN default and making sure it doesn't get disabled when enabling tagging on that port ).
- VLAN6 - bridged to wifi-1 and port-4.
- VLAN7 - bridged to the LAN, wifi-0 and is also management.
- VLAN8 - bridged wifi-2 IOT and port-1,2,3 for TV, DVR, att microcell M-cell, ring video doorbell.
Q1- So does the set up VLAN tab page interface work ( Now that it's properly installed I think it does but every time I move something out of it I can't seem to get my WAN port onto the LAN ports for testing)?
Q2- What's the difference between the "Setup>VLANs>Virtual Local Area Network (VLAN)" tab and the "Setup>Networking>VLAN Tagging" that showed up after the upgrade in the next tab over?
Q3- bridging seemed fairly easy on DDWRT ( then again so I thought everything else), was it too easy? pick the interfaces and assign to bridge. are there firewall rules that have to be in place to allow traffic to flow between VLAN, bridges, interfaces and ports?
Q4- which tab enables SSH? One "Services>SSHd" looks like it enables on LAN locally and the other tab "Administration>SSHd" looks like it enables on WAN. the wording is not very clear ( as everywhere else as well ) as to which one is which, some reports I read indicated that it needed to be on in both the WAN and LAN to work locally on the LAN which is a security risk although since I'm not using this as my primary router it won't be an issue it'll just be a annoyance.
A5- I have gone back and tried it and it actually worked this time. but earlier I kept getting either "connection refused" or "Permission denied" which may have to do with the fact that through telnet you have to use ROOT as user and not the given web admin account username (ADMIN) to log in. so "SSH ROOT@IP" not "SSH ADMIN@IP" OR "SSH USER@IP". p.s. it's been many years now since Windows ( I believe it was Vista ) has removed Telnet in favor of other alternatives, I don't see why SSH is not on by default for LAN. "SSH ROOT@IP" confirmed!!!!
now a very crude, hopefully understandable ASCII diagram
WAN0 - WAN1
+ - +
+2++- UTI - X - E900 WAN - UTI - ( VLAN failsafe ) BG0, Wlo0, LAN, management.
+2+++- VLAN6 - E900 WAN - VLAN6 - BG6, Wlo1, Port-4.
+2+++- VLAN7 - E900 WAN - VLAN7 - BG0, Wlo0, LAN, management.
+2+++- VLAN8 - E900 WAN - VLAN8 - BG8, Wlo2, Port1, Port2, Port3.
+2+++- VLAN99 - X
Joined: 29 Jul 2018
|Posted: Sun Jul 29, 2018 4:08 Post subject:
|Update Y180728 3:50GMT: enabling WPA2 or Any security on VAPs disables virtual APs and prevents logging in to the main wireless.
OH BUT WEP WORKS
1. enter captcha code.
2. "Enter the code exactly as you see it."
3. yeah yeah yeah everybody says that, I got it.
4. 102 years later, 2,000,000,453 attempts, in the fine print, in an obscure location…
"The code is case sensitive and zero has a diagonal line through it."
5. okay I'll try again.
6. all attempts exceeded…….
9. here is your password, e-mailed to you in plain text.