R7800 and VLAN

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware
Goto page Previous  1, 2
Author Message
sweatbee
DD-WRT Novice


Joined: 17 Jan 2018
Posts: 35
Location: Georgia, USA

PostPosted: Wed Mar 07, 2018 15:00    Post subject: Reply with quote
Above configuration works! v3.0-r35030M kongat (02/19/18)

Reloaded FW. Reset to default. Added VLAN scripts to startup and firewall. Rebooted.
Click Add in the Multiple DHCP Server section
Select new eth1.25. Save and Apply Settings. Rebooted.
Manually configured all other settings.

New VLAN 25 now working. Lost briefly when I set up OpenVPN client and applied settings. Disabled OpenVPN client and brought back VLAN 25. Re-enabled OpenVPN client and VLAN 25 remained. Rebooted and all is working!

I believe the GUI is sensitive/flakey to the order settings are applied.

_________________
R7800 r36100M kongat (06/10/18)
Private network eth1 ath0 ath1 protected by PIA Openvpn with PBR
Guest network with bridged VLAN and VAPs for IOT devices (Roku's, Amazon Echos, smart switches, etc.) and guest.
Noob still finding my way.


Last edited by sweatbee on Wed Mar 07, 2018 16:31; edited 1 time in total
Sponsor
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 3711
Location: Texas

PostPosted: Wed Mar 07, 2018 15:13    Post subject: Reply with quote
sweatbee wrote:

I believe the GUI is sensitive/flakey to the order settings are applied.

Cool yeahuh, it is very touchy for certain configs.
Can't have some things without some other things first Laughing

I been following this thread and happy to see you are getting it sorted.... good job -
kophinos
DD-WRT Novice


Joined: 03 Mar 2011
Posts: 9

PostPosted: Tue Mar 20, 2018 21:16    Post subject: Reply with quote
Would you mind listing out the procedure you followed to configure VLANs on you R7800 with DD-WRT? There are many others who would like to setup a network similar to yours (IOT and other devices isolated.)

Any clear guidance you are willing to give would be deeply appreciated. Thanks!
sweatbee
DD-WRT Novice


Joined: 17 Jan 2018
Posts: 35
Location: Georgia, USA

PostPosted: Tue Mar 20, 2018 21:56    Post subject: Reply with quote
kophinos wrote:
Would you mind listing out the procedure you followed to configure VLANs on you R7800 with DD-WRT? There are many others who would like to setup a network similar to yours (IOT and other devices isolated.)

Any clear guidance you are willing to give would be deeply appreciated. Thanks!


Will be glad to share. It's actually in my last few posts, but I admit it's not as clear as it could be. It may be Thursday before I can get it posted.

_________________
R7800 r36100M kongat (06/10/18)
Private network eth1 ath0 ath1 protected by PIA Openvpn with PBR
Guest network with bridged VLAN and VAPs for IOT devices (Roku's, Amazon Echos, smart switches, etc.) and guest.
Noob still finding my way.
kophinos
DD-WRT Novice


Joined: 03 Mar 2011
Posts: 9

PostPosted: Tue Mar 20, 2018 22:00    Post subject: Reply with quote
Thank you!

sweatbee wrote:
kophinos wrote:
Would you mind listing out the procedure you followed to configure VLANs on you R7800 with DD-WRT? There are many others who would like to setup a network similar to yours (IOT and other devices isolated.)

Any clear guidance you are willing to give would be deeply appreciated. Thanks!


Will be glad to share. It's actually in my last few posts, but I admit it's not as clear as it could be. It may be Thursday before I can get it posted.
sweatbee
DD-WRT Novice


Joined: 17 Jan 2018
Posts: 35
Location: Georgia, USA

PostPosted: Wed Mar 21, 2018 21:57    Post subject: Reply with quote
Summary of my set-up process for my new vlan.

Special thanks to “mrjcd” (whose foundational procedures) and “Per Yngve Berg” (whose great help) made it possible for me to set up my VLANs and get them to work. Also, total gratitude to Kong and BS whose firmware makes it all possible. Thanks Netgear for r7800 whose signal I can pick up in my next door neighbor’s homes (password protect!).

Motivation for the following came from this site: https://www.routersecurity.org/

Single router home setup using Netgear r7800 and v3.0-r35030M kongat (02/19/18) firmware.

Private network (desktops, laptops, tablets, NAS, printers, etc.) eth1 ath0 ath1 protected by PIA OpenVPN using Policy Based Routing.
Guest networks (Virtual Access Points) to isolate IOT streaming devices (5 Roku's, Chromecast) and guest. Guest networks not run through VPN so streaming Netflix and Hulu will work.
Separate VLAN to isolate wired IOT devices (VOIP phone, audio amp receiver, Blu-ray player) from private network. Not run through VPN.

From my brief experience I found I have to set up the backbone structure first and then go back and flesh out all the proper settings. Otherwise things may not work. I had to resort to this when originally setting up my guest networks (VAPs).

Port Configuration for r7800:
Physical port1 = switch port4,
Physical port2 = switch port3,
Physical port3 = switch port2,
Physical port4 = switch port1.
Note that the processor port is switch port6, and switch port5 is the WAN.
Port 6 is not tagged for VLAN1, but is tagged for the other VLANs.

My setup process:
Computer’s wired connection is in physical port 4 (switch port 1) which does not change VLAN or subnet throughout this process thereby maintaining its connection if something goes wrong with the new vlan.

You use SWCONFIG and add commands to the startup commands to create VLANs on the r7800. You then complete the set up/configuration process in the GUI. (At least this is what I did.)

I decided to use subnet 192.168.25.1 for the new vlan and call it vlan 25. You can use any subnet or vlan name you want. I decided to put physical ports 1 & 2 (switch 4 & 3) in the new vlan 25 and leave physical ports 3 & 4 (switch 2 & 1) in the redefined vlan1.

I reloaded the Firmware. Then reset to default settings. (You may not have to do this, but I did.)
I logged into the router at 192.168.1.1 and reset the user name and password.

First I added the following VLAN scripts to startup and firewall at the Administration/Commands tab.

Copy text below and paste into the 'Administration/Commands' Command Shell window of GUI.
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 25 set ports "3 4 6t"
swconfig dev switch0 set apply
vconfig add eth1 25
ifconfig eth1.25 192.168.25.1 netmask 255.255.255.0

Click the 'Save Startup' button. The script will appear in the Startup window.

Copy text below and paste into the 'Administration/Commands' Command Shell window of GUI.
iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE

Click the 'Save Firewall' button. The script will appear in the Firewall window. Without this Firewall script you cannot get internet access in the new vlan.

Reboot the router at the ‘Administration/Management tab at bottom of page.

Go to Setup/Networking tab and go to bottom of the page.
Click Add in the Multiple DHCP Server section
Select the new eth1.25. Save and Apply Settings. Reboot. (You may not need to reboot but I did.)

Go to Setup/Networking window of GUI to find the newly created interface Network Configuration vlan25 (shows as - Network Configuration eth1.25)
Click the 'unbridge' button associated with Network Configuration eth1.25
Masquerade / NAT should be Enabled
Net Isolation should be Enabled
Put in IP Address 192.168.25.1
Put in subnetmask 255.255.255.0
Click the 'Save' button at bottom of page.
Click the 'Apply Settings' button.
Reboot router

With my VLANs now set up at this point I created my guest networks (VAPs).

Guest WiFi + Abuse Control For Beginners
https://www.dd-wrt.com/wiki/index.php/Guest_WiFi_%2B_abuse_control_for_beginners

https://www.dd-wrt.com/phpBB2/viewtopic.php?t=313923
1. Add virtual interface ath0.1 without any settings on Wireless/Basic Settings tab Virtual Interfaces. Apply Settings
2. Add Multiple DHCP Server for ath0.1 on Setup/Networking tab. Apply Settings
3. Add virtual interface ath1.1 without any settings on Wireless/Basic Settings tab Virtual Interfaces. Apply Settings
4. Add Multiple DHCP Server for ath1.1 on Setup/Networking tab. Apply Settings
5. Go back and fill in all settings for ath0.1 and ath1.1 and Apply Settings.

Manually configured all other settings.

QCA Wireless Settings
https://dd-wrt.com/wiki/index.php/QCA_wireless_settings

Kong
TIPS – DD-WRT –
http://tips.desipro.de/

I finally set up my OpenVPN client to cover just my private network, not the guest networks or the new vlan. I entered the IP range of my private network in the Policy Based Routing box on the Services/VPN tab. See CIDR to IPv4 Conversion https://www.ipaddressguide.com/cidr to simplify the range entry.

This is the guide I used to set up my OpenVPN client.
DD-WRT OPENVPN SETUP (privateinternetaccess - PIA)
https://www.privateinternetaccess.com/pages/client-support/dd-wrt-openvpn

I lost my new vlan briefly when I set up the OpenVPN client and applied settings. However, I disabled OpenVPN client and it brought back my VLAN 25. I then re-enabled OpenVPN client and my VLAN 25 remained.

I rebooted and all is working!

The above is WHAT I did but I cannot tell you the WHY of it. If your setup doesn’t work others will have to help you fine tune it.

Noob still finding my way! You may not have to be as anal as I was in the process, but this worked for me. I hope this helps someone else.

I would be interested to hear if anyone else has success setting up vlans using this procedure.

_________________
R7800 r36100M kongat (06/10/18)
Private network eth1 ath0 ath1 protected by PIA Openvpn with PBR
Guest network with bridged VLAN and VAPs for IOT devices (Roku's, Amazon Echos, smart switches, etc.) and guest.
Noob still finding my way.
sweatbee
DD-WRT Novice


Joined: 17 Jan 2018
Posts: 35
Location: Georgia, USA

PostPosted: Thu Mar 22, 2018 14:13    Post subject: Reply with quote
Still having occasional problems with my OpenVPN client and my vlan 25.

Discovered I had lost internet connection for my VOIP phone. I Disabled OpenVPN client and internet connection for phone returned. I enabled OpenVPN client and lost internet on vlan 25.

Left OpenVPN enabled and rebooted the router.

All is now good. Everything working.

Another day in the life of DD-WRT

_________________
R7800 r36100M kongat (06/10/18)
Private network eth1 ath0 ath1 protected by PIA Openvpn with PBR
Guest network with bridged VLAN and VAPs for IOT devices (Roku's, Amazon Echos, smart switches, etc.) and guest.
Noob still finding my way.
sweatbee
DD-WRT Novice


Joined: 17 Jan 2018
Posts: 35
Location: Georgia, USA

PostPosted: Thu Mar 29, 2018 18:42    Post subject: Reply with quote
Got bored and decided to change my VLAN setup. This was while in the process of changing firmware versions. Current FW is v3.0-r35530M kongat (03/25/18).

Started configuration after resetting to default settings.

I set up two extra VLANs on my r7800 instead of one.
VLAN 1 as main network (including default bridge with wireless)
New VLAN 10 to serve some wired IOT devices
New VLAN 20 to serve a VOIP phone

Used physical port 1 (switch port 4) for phone
Used physical port 2 (switch port 3) for IOT devices
Physical ports 3 and 4 (switch port 2 and 1) remain as main network

Computer’s wired connection is in physical port 4 (switch port 1) which does not change VLAN or subnet throughout this process thereby maintaining its connection.

Copy text below and paste into the 'Administration/Commands' window of GUI.

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 10 set ports "3 6t"
swconfig dev switch0 vlan 20 set ports "4 6t"
swconfig dev switch0 set apply
vconfig add eth1 10
vconfig add eth1 20
ifconfig eth1.10 192.168.10.1 netmask 255.255.255.0
ifconfig eth1.20 192.168.20.1 netmask 255.255.255.0

Click the 'Save Startup' button. The script will appear in the Startup window.

Copy text below and paste into the 'Administration/Commands' Command Shell window of GUI.
iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE

Click the 'Save Firewall' button. The script will appear in the Firewall window. Without this Firewall script you cannot get internet access in the new vlan.

Reboot router so startup script runs.

Do this first:
Go to Setup/Networking window of GUI
Click Add in the Multiple DHCP Server section at bottom of page.
Select eth1.10 (vlan10)
Click the 'Apply Settings' button.
Click Add in the Multiple DHCP Server section at bottom of page.
Select eth1.20 (vlan20)
Click the 'Apply Settings' button.

Do this second:
Go to Setup/Networking window of GUI to find the newly created interface Network Configuration eth1.10 (vlan10)
Click the 'unbridge' button associated with Network Configuration eth1.10
Masquerade / NAT should be Enabled
Net Isolation should be Enabled
Put in IP Address 192.168.10.1
Put in subnetmask 255.255.255.0
Click the 'Save' button at bottom of page.
Click the 'Apply Settings' button.

Go to Setup/Networking window of GUI to find the newly created interface Network Configuration eth1.20 (vlan20)
Click the 'unbridge' button associated with Network Configuration eth1.20
Masquerade / NAT should be Enabled
Net Isolation should be Enabled
Put in IP Address 192.168.20.1
Put in subnetmask 255.255.255.0
Click the 'Save' button at bottom of page.
Click the 'Apply Settings' button.

Reboot router and set up all other settings.

This is working for me.

_________________
R7800 r36100M kongat (06/10/18)
Private network eth1 ath0 ath1 protected by PIA Openvpn with PBR
Guest network with bridged VLAN and VAPs for IOT devices (Roku's, Amazon Echos, smart switches, etc.) and guest.
Noob still finding my way.
tembenite
DD-WRT Novice


Joined: 11 Jan 2007
Posts: 5

PostPosted: Fri Jun 29, 2018 1:31    Post subject: R7800 VLAN Setup Reply with quote
Okay, so if I have an external wireless device that is running two SID's and tagging one as VLAN 2 and one as VLAN 4, and is plugged into the port labeled "4".

Am I correct in digesting this thread that my configuration would be as follows if I want all the ports on VLAN 2, except for those items specifically tagged for VLAN 4?

I want my main network, VLAN 2 to run on 192.168.1.x and the VLAN 4 to run on 192.168.2.x.

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 2 set ports "1 2 3 4t 6"
swconfig dev switch0 vlan 4 set ports "4t 6t"
swconfig dev switch0 set apply
vconfig add eth1 10
ifconfig eth1.10 192.168.2.1 netmask 255.255.255.0
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 4178
Location: Akershus, Norway

PostPosted: Fri Jun 29, 2018 11:18    Post subject: Reply with quote
What about the WAN Port? It's orginally in VLAN 2?
tembenite
DD-WRT Novice


Joined: 11 Jan 2007
Posts: 5

PostPosted: Sat Jun 30, 2018 1:31    Post subject: Reply with quote
Per Yngve Berg wrote:
What about the WAN Port? It's orginally in VLAN 2?


Rather than Hijack this thread, I opened a new thread, like I probably should have in the first place:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1133378#1133378
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum