[Pat_Rich]

Hi,
I have a Dlink DIR868L Rev A with DDWRT r45767 installed.
I read a lot of posts and spent many hours to fix the VLAN issue. I hope someone would be able to help.

I use a start up script to setup the VLAN and not using the NVRAM method. I will explain why it is not working for me.

I would like to have the following:
LAN port 1 VLAN20
LAN port 2 VLAN20
LAN port 3 VLAN1
LAN port 4 VLAN1(trunk)

VAP VLAN30

The startup script as follow:
# Clear VLAN 0
echo "" > /proc/switch/eth0/vlan/0/ports

# Configure VLAN 1 with LAN port 2, 3 and CPU port
echo "2 3 5*" > /proc/switch/eth0/vlan/1/ports
echo "4 5u" > /proc/switch/eth0/vlan/2/ports

# Configure VLAN 20 Cam with LAN port 0, 1 and CPU port

echo "0 1 3t 5" > /proc/switch/eth0/vlan/20/ports

# Configure VLAN 30 Cam with LAN port 3 and CPU port
echo "3t 5" > /proc/switch/eth0/vlan/30/ports

# Setting up VLAN interfaces ...
# We don't need the vlan0 interface now ...
/sbin/ifconfig vlan0 down
/sbin/vconfig rem vlan0

# Setup vlan20 interface
/sbin/vconfig add eth0 20
/sbin/ifconfig vlan20 up
/sbin/ifconfig vlan20 txqueuelen 0
# Setup vlan30 interface
/sbin/vconfig add eth0 30
/sbin/ifconfig vlan30 up
/sbin/ifconfig vlan30 txqueuelen 0

I was able to get the LAN port 1 & 2(VLAN20) working fine.
I went to Setup >Networking >Assign to Bridge to create a connection for Wl0.1(VAP) to VLAN30.
But the client was not able to connect to the VAP.

After a reboot of the DDWRT device, the VLAN30 is disappeared from the "current bridging table". (see attached pic.

I have tried to change VLAN30 port be "3t 5t" and it did not make any difference.

If the Wl0.1(VAP) stay on the default bridge br0, there is no problem to get connected.The client receives an IP address from the default VLAN DHCP.

The current NVRAM value as follow:
vlan1ports= 0 1 2 3 5*
vlan2ports= 4 5u

port0vlans=1
port1vlans=1
port2vlans=1
port3vlans=1
port3vlans=1
port4vlans=2
port5vlans=1 2 16

I tired nvram method, hoping it could fix the VAP problem.

vlan1ports= 2 3 5*
vlan2ports= 4 5u
vlan20ports=0 1 3t 5
vlan30ports=3t 5

Then I discovered a problem on the webGUI of the switch config.For some unknown reason, the order of the LAN port reversed.

Originally

Port W 1 2 3 4
R R R G G
After the NVRAM set vlan.*ports

Port W 1 2 3 4
R G G R R

The original port.*vlans value
port0vlans=1
port1vlans=1
port2vlans=1
port3vlans=1
port4vlans=2
port5vlans=1 2 16

I tried both sets of values and I were not able to get the LAN port working, let alone with VAP. That is why I stay with the startup script method.
Set 1
port0vlans=20
port1vlans=20
port2vlans=1
port3vlans=1 2 20 30 16
port4vlans=2
port5vlans=1 2 20 30 16

Set 2
port0vlans=1 2 20 30 16
port1vlans=1
port2vlans=20
port3vlans=20
port4vlans=2
port5vlans=1 2 20 30 16

With the startup script, i have the LAN port works as it should be, but not VAP. Whereas with NVRAM method, I got nothing working.

BTW, I have this script to start the VAP.

sleep 20
nvram set wl1.1_hwaddr=
nvram commit
stopservice nas; wlconf eth1 down; wlconf eth2 down; wlconf eth1 up; wlconf eth2 up; startservice nas; logger "VAP workaround executed";

With startup script, the LAN port works, but not VAP.

With NVRAM method, not able to geth LAN and VAP work.

I hope someone would be able to give me some suggestion to try.

Best Regards

[CtrlAltBeer]

VLAN / VAP connectivity seems to be an ongoing issue. I'm struggling at the same point myself.

It sounds like you've been through much the same reading material as me, but in case any of these are new:

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317181
https://wiki.dd-wrt.com/wiki/index.php/Guest_Network
https://wiki.dd-wrt.com/wiki/index.php/Multiple_WLANs

Frustratingly, this guide https://netosec.com/dd-wrt-wifi-vlans/ makes it sound fairly straightforward. However, in that scenario DD-WRT was acting as a router rather than a gateway and DNS was provided by a separate machine. I wonder if that's relevant.

[CtrlAltBeer]

I probably should have said that that bridge / VAP connectivity seems to be an ongoing issue. There seem to be two symptoms and, based on my limited understanding, it's possible that these have distinct causes.

1) Cannot connect to VAP after reboot (hence the workaround in the start-up scripts)
2) Cannot connect to VAP if bridged and wireless security is enabled.

I've found that I have the second issue: either removing the bridge assignment (sending it back to br0) or removing security (WPA, WEP, anything) allows it to work.

Worryingly if this is also your problem, someone was having this issue in 2010 (https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=537215) and another in 2012 (https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=713846). There's also a ticket open (https://svn.dd-wrt.com/ticket/6404)

Hopefully it's not still because...

[Pat_Rich]

The VAP was able to connect with the default VLAN with no issue. The DHCP is on the primary router. I wonder if this could be an issue for VAP.

The reason to have a VAP is to put it into a difference VLAN to separate the 2 traffic. Default VLAN for main network. VAP for IoT and guest network.

I just do not understand why it does not work with the new bridge.
I can create VAP1 and VAP2, both will work with default VLAN. but not VAP1 for VLAN-A and VAP2 for VLAN-B, for example, with new bridge BrA and BrB.

is it because of the hardware? on some model of router would work, but some don't.

someone have a difference model of router got this working? a VAP bridge with a non default VLAN and connected?

[CtrlAltBeer]

Presumably you have wireless security enabled on the VAP. Just for testing purposes, what happens if you turn it off (Security Mode = Disabled)?

[kernel-panic69]

You're not running a separate dhcp server or the VAP on the DD-WRT router?

[Pat_Rich]

Hi,
Thank you for all the feedback.

When the security for the VAP was disable. The VAP was disable too. ie no VAP signal, only the main SSID.

All the DHCPs are on the primary router.

The VAP works on the main VLAN and client receives IP from DHCP on the primary router.

I tried WPA-PSK, WPA2-PSK,WPA2-PSK/WPA-PSK,CCMP-128,TKIP+CCMP and TKIP, they all failed to connected.

Best Regards

[kernel-panic69]

Ok, I guess I have to ask. What is the primary router, and does it have the proper vlans assigned, etc? Seems like all kinds of pieces of the larger picture are missing here.

[Pat_Rich]

Hi,
I have a pfsence as a primary router. When I connect a laptop to the Dlink 868 AP via the LAN port (VLAN 1, 20 and 30) or the Main wifi (both 2.4G and 5G on br0 VLAN1).

The Laptop was able to obtain IP address from each of the respective DHCP, ie VLAN1, 20 and 30 from LAN port, VLAN1 from wifi

It should be fairly straight forward to do the bridging and i just do not understand why it is not working.

I tested again. The VAP (Wl0.1)works fine if it is on VLAN1.

FYI
WAN is Disable
Assign WAN to switch is Disable
DHCP is disable

Something to do with the bridge?

Best Regards

[kernel-panic69]

I'm wondering if the '5's in your CLI vlan voodoo should be '5u's. How about trying that first.

[Pat_Rich]

Hi,
I tried on the 3 combinations.

None of them are working.

I tried also
Vlan2=4 5t with vlan30=3t 5u, 3t 5, 3t 5*, 3t 5t
vlan2=4 5* wuth vlan30=3t 5u, 3t 5, 3t 5*, 3t 5t
vlan2=4 5 with vlan30=5 5 , 3t 5u, 3t 5t, 3t 5*

Not working.

I noticed if i put both eth1 and Wl0.1(VAP) both into VLAN30. The client is able to get connected with IP correspond to VLAN30 from eth1 or wl0.1 (VAP)

I am guessing the authentication is working, but the bridging is not working for VAP.

Best Regards

[egc]

Is the VAP itself bridged?

i.a.w. do not unbridge the VAP

[kernel-panic69]

The only other thing I can think of is adding 4 to the list of vlan ports for 20, 30, etc. (Don't you have to have the WAN port assigned for it to pass through?!?!?)

[Pat_Rich]

Hi All,

I had already tried to add port 4 for testing before my previous response. They all failed.

All the VAP and bridges are on default setting.

With the current setting as below:

vlan1port=2 3 5*
vlan2port=4 5u
vlan20port=0 1 3t 5t
vlan30port=3t 5t

In my previous response, I noticed eth1 and VAP on the same VLAN30 works,

Instead of vlan1 on 2.4G AP(dd-wrt) and vlan30 on VAP (dd-wrt-vap). I put dd-wrt-vap on VLAN1 and dd-wrt on VLAN30. They are now working well as it should be.

with dd-wrt-vap connection, the client receives ip from VLAN1 DHCP.

whereas with dd-wrt connection, the client receives ip from VLAN30 DHCP.

In other word, the VAP can only be used on the default VLAN1.

This is the only way to go around it if anyone want to use VAP and the DDWRT unit setup as a Access Point. It is not possible to have multiples VAP of the same frequency.

For you information:
Router: Dlink DIR868L RevA
Mode: Access Point, WAN Disable, DHCP disable, WAN port as switch NOT used

VLAN1 LAN Port 3 and 4(trunk to primary router)
VLAN20 LAN Port 1 and 2 (for camera)

VLAN30 DDWRT 2.4G for IoT and guest
VLAN1 DDWRT-AP 2.4GHz
VLAN1 DDWRT-5G 5GHz

The ideal setup up would be DDWRT(Main VLAN1), DDWRT-VAP1(IoT & Guest VLAN30) and DDWRT-VAP2(wireless Camera VLAN20) all on the 2.4GHZ, but it is not possible at this stage.

Thank you for the inputs and the suggestions from everyone.

[kernel-panic69]

Why do you have port 3 tagged for vlan20 and vlan30 at the same time?