R7800 and VLANS

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
sweatbee
DD-WRT User


Joined: 17 Jan 2018
Posts: 64
Location: Georgia, USA

PostPosted: Wed Mar 07, 2018 15:00    Post subject: Reply with quote
Above configuration works! v3.0-r35030M kongat (02/19/18)

Reloaded FW. Reset to default. Added VLAN scripts to startup and firewall. Rebooted.
Click Add in the Multiple DHCP Server section
Select new eth1.25. Save and Apply Settings. Rebooted.
Manually configured all other settings.

New VLAN 25 now working. Lost briefly when I set up OpenVPN client and applied settings. Disabled OpenVPN client and brought back VLAN 25. Re-enabled OpenVPN client and VLAN 25 remained. Rebooted and all is working!

I believe the GUI is sensitive/flakey to the order settings are applied.

_________________
R7800 r53339 std (08/01/23)
Private network on bridge br0 = eth1 (vlan 1) + wlan0 + wlan1.
Guest network on bridge br1 = eth1.4 (vlan 4) + VAPs (wlan0.1 + wlan1.1) for IOT devices
(Roku's, Amazon Echos, smart switches, etc.) and guest.
Noob still finding my way.

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 4 set ports "3 4 6t"
swconfig dev switch0 set apply
vconfig add eth1 4
brctl addif br1 eth1.4
ifconfig eth1.4 up


Last edited by sweatbee on Wed Mar 07, 2018 16:31; edited 1 time in total
Sponsor
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6264
Location: Texas

PostPosted: Wed Mar 07, 2018 15:13    Post subject: Reply with quote
sweatbee wrote:

I believe the GUI is sensitive/flakey to the order settings are applied.

Cool yeahuh, it is very touchy for certain configs.
Can't have some things without some other things first Laughing

I been following this thread and happy to see you are getting it sorted.... good job -
kophinos
DD-WRT Novice


Joined: 03 Mar 2011
Posts: 9

PostPosted: Tue Mar 20, 2018 21:16    Post subject: Reply with quote
Would you mind listing out the procedure you followed to configure VLANs on you R7800 with DD-WRT? There are many others who would like to setup a network similar to yours (IOT and other devices isolated.)

Any clear guidance you are willing to give would be deeply appreciated. Thanks!
sweatbee
DD-WRT User


Joined: 17 Jan 2018
Posts: 64
Location: Georgia, USA

PostPosted: Tue Mar 20, 2018 21:56    Post subject: Reply with quote
kophinos wrote:
Would you mind listing out the procedure you followed to configure VLANs on you R7800 with DD-WRT? There are many others who would like to setup a network similar to yours (IOT and other devices isolated.)

Any clear guidance you are willing to give would be deeply appreciated. Thanks!


Will be glad to share. It's actually in my last few posts, but I admit it's not as clear as it could be. It may be Thursday before I can get it posted.

_________________
R7800 r53339 std (08/01/23)
Private network on bridge br0 = eth1 (vlan 1) + wlan0 + wlan1.
Guest network on bridge br1 = eth1.4 (vlan 4) + VAPs (wlan0.1 + wlan1.1) for IOT devices
(Roku's, Amazon Echos, smart switches, etc.) and guest.
Noob still finding my way.

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 4 set ports "3 4 6t"
swconfig dev switch0 set apply
vconfig add eth1 4
brctl addif br1 eth1.4
ifconfig eth1.4 up
kophinos
DD-WRT Novice


Joined: 03 Mar 2011
Posts: 9

PostPosted: Tue Mar 20, 2018 22:00    Post subject: Reply with quote
Thank you!

sweatbee wrote:
kophinos wrote:
Would you mind listing out the procedure you followed to configure VLANs on you R7800 with DD-WRT? There are many others who would like to setup a network similar to yours (IOT and other devices isolated.)

Any clear guidance you are willing to give would be deeply appreciated. Thanks!


Will be glad to share. It's actually in my last few posts, but I admit it's not as clear as it could be. It may be Thursday before I can get it posted.
sweatbee
DD-WRT User


Joined: 17 Jan 2018
Posts: 64
Location: Georgia, USA

PostPosted: Wed Mar 21, 2018 21:57    Post subject: Reply with quote
Summary of my set-up process for my new vlan.

Special thanks to “mrjcd” (whose foundational procedures) and “Per Yngve Berg” (whose great help) made it possible for me to set up my VLANs and get them to work. Also, total gratitude to Kong and BS whose firmware makes it all possible. Thanks Netgear for r7800 whose signal I can pick up in my next door neighbor’s homes (password protect!).

Motivation for the following came from this site: https://www.routersecurity.org/

Single router home setup using Netgear r7800 and v3.0-r35030M kongat (02/19/18) firmware.

Private network (desktops, laptops, tablets, NAS, printers, etc.) eth1 ath0 ath1 protected by PIA OpenVPN using Policy Based Routing.
Guest networks (Virtual Access Points) to isolate IOT streaming devices (5 Roku's, Chromecast) and guest. Guest networks not run through VPN so streaming Netflix and Hulu will work.
Separate VLAN to isolate wired IOT devices (VOIP phone, audio amp receiver, Blu-ray player) from private network. Not run through VPN.

From my brief experience I found I have to set up the backbone structure first and then go back and flesh out all the proper settings. Otherwise things may not work. I had to resort to this when originally setting up my guest networks (VAPs).

Port Configuration for r7800:
Physical port1 = switch port4,
Physical port2 = switch port3,
Physical port3 = switch port2,
Physical port4 = switch port1.
Note that the processor port is switch port6, and switch port5 is the WAN.
Port 6 is not tagged for VLAN1, but is tagged for the other VLANs.

My setup process:
Computer’s wired connection is in physical port 4 (switch port 1) which does not change VLAN or subnet throughout this process thereby maintaining its connection if something goes wrong with the new vlan.

You use SWCONFIG and add commands to the startup commands to create VLANs on the r7800. You then complete the set up/configuration process in the GUI. (At least this is what I did.)

I decided to use subnet 192.168.25.1 for the new vlan and call it vlan 25. You can use any subnet or vlan name you want. I decided to put physical ports 1 & 2 (switch 4 & 3) in the new vlan 25 and leave physical ports 3 & 4 (switch 2 & 1) in the redefined vlan1.

I reloaded the Firmware. Then reset to default settings. (You may not have to do this, but I did.)
I logged into the router at 192.168.1.1 and reset the user name and password.

First I added the following VLAN scripts to startup and firewall at the Administration/Commands tab.

Copy text below and paste into the 'Administration/Commands' Command Shell window of GUI.
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 25 set ports "3 4 6t"
swconfig dev switch0 set apply
vconfig add eth1 25
ifconfig eth1.25 192.168.25.1 netmask 255.255.255.0

Click the 'Save Startup' button. The script will appear in the Startup window.

Copy text below and paste into the 'Administration/Commands' Command Shell window of GUI.
iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE

Click the 'Save Firewall' button. The script will appear in the Firewall window. Without this Firewall script you cannot get internet access in the new vlan.

Reboot the router at the ‘Administration/Management tab at bottom of page.

Go to Setup/Networking tab and go to bottom of the page.
Click Add in the Multiple DHCP Server section
Select the new eth1.25. Save and Apply Settings. Reboot. (You may not need to reboot but I did.)

Go to Setup/Networking window of GUI to find the newly created interface Network Configuration vlan25 (shows as - Network Configuration eth1.25)
Click the 'unbridge' button associated with Network Configuration eth1.25
Masquerade / NAT should be Enabled
Net Isolation should be Enabled
Put in IP Address 192.168.25.1
Put in subnetmask 255.255.255.0
Click the 'Save' button at bottom of page.
Click the 'Apply Settings' button.
Reboot router

With my VLANs now set up at this point I created my guest networks (VAPs).

Guest WiFi + Abuse Control For Beginners
https://www.dd-wrt.com/wiki/index.php/Guest_WiFi_%2B_abuse_control_for_beginners

https://www.dd-wrt.com/phpBB2/viewtopic.php?t=313923
1. Add virtual interface ath0.1 without any settings on Wireless/Basic Settings tab Virtual Interfaces. Apply Settings
2. Add Multiple DHCP Server for ath0.1 on Setup/Networking tab. Apply Settings
3. Add virtual interface ath1.1 without any settings on Wireless/Basic Settings tab Virtual Interfaces. Apply Settings
4. Add Multiple DHCP Server for ath1.1 on Setup/Networking tab. Apply Settings
5. Go back and fill in all settings for ath0.1 and ath1.1 and Apply Settings.

Manually configured all other settings.

QCA Wireless Settings
https://dd-wrt.com/wiki/index.php/QCA_wireless_settings

Kong
TIPS – DD-WRT –
http://tips.desipro.de/

I finally set up my OpenVPN client to cover just my private network, not the guest networks or the new vlan. I entered the IP range of my private network in the Policy Based Routing box on the Services/VPN tab. See CIDR to IPv4 Conversion https://www.ipaddressguide.com/cidr to simplify the range entry.

This is the guide I used to set up my OpenVPN client.
DD-WRT OPENVPN SETUP (privateinternetaccess - PIA)
https://www.privateinternetaccess.com/pages/client-support/dd-wrt-openvpn

I lost my new vlan briefly when I set up the OpenVPN client and applied settings. However, I disabled OpenVPN client and it brought back my VLAN 25. I then re-enabled OpenVPN client and my VLAN 25 remained.

I rebooted and all is working!

The above is WHAT I did but I cannot tell you the WHY of it. If your setup doesn’t work others will have to help you fine tune it.

Noob still finding my way! You may not have to be as anal as I was in the process, but this worked for me. I hope this helps someone else.

I would be interested to hear if anyone else has success setting up vlans using this procedure.

_________________
R7800 r53339 std (08/01/23)
Private network on bridge br0 = eth1 (vlan 1) + wlan0 + wlan1.
Guest network on bridge br1 = eth1.4 (vlan 4) + VAPs (wlan0.1 + wlan1.1) for IOT devices
(Roku's, Amazon Echos, smart switches, etc.) and guest.
Noob still finding my way.

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 4 set ports "3 4 6t"
swconfig dev switch0 set apply
vconfig add eth1 4
brctl addif br1 eth1.4
ifconfig eth1.4 up
sweatbee
DD-WRT User


Joined: 17 Jan 2018
Posts: 64
Location: Georgia, USA

PostPosted: Thu Mar 22, 2018 14:13    Post subject: Reply with quote
Still having occasional problems with my OpenVPN client and my vlan 25.

Discovered I had lost internet connection for my VOIP phone. I Disabled OpenVPN client and internet connection for phone returned. I enabled OpenVPN client and lost internet on vlan 25.

Left OpenVPN enabled and rebooted the router.

All is now good. Everything working.

Another day in the life of DD-WRT

_________________
R7800 r53339 std (08/01/23)
Private network on bridge br0 = eth1 (vlan 1) + wlan0 + wlan1.
Guest network on bridge br1 = eth1.4 (vlan 4) + VAPs (wlan0.1 + wlan1.1) for IOT devices
(Roku's, Amazon Echos, smart switches, etc.) and guest.
Noob still finding my way.

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 4 set ports "3 4 6t"
swconfig dev switch0 set apply
vconfig add eth1 4
brctl addif br1 eth1.4
ifconfig eth1.4 up
sweatbee
DD-WRT User


Joined: 17 Jan 2018
Posts: 64
Location: Georgia, USA

PostPosted: Thu Mar 29, 2018 18:42    Post subject: Reply with quote
Got bored and decided to change my VLAN setup. This was while in the process of changing firmware versions. Current FW is v3.0-r35530M kongat (03/25/18).

Started configuration after resetting to default settings.

I set up two extra VLANs on my r7800 instead of one.
VLAN 1 as main network (including default bridge with wireless)
New VLAN 10 to serve some wired IOT devices
New VLAN 20 to serve a VOIP phone

Used physical port 1 (switch port 4) for phone
Used physical port 2 (switch port 3) for IOT devices
Physical ports 3 and 4 (switch port 2 and 1) remain as main network

Computer’s wired connection is in physical port 4 (switch port 1) which does not change VLAN or subnet throughout this process thereby maintaining its connection.

Copy text below and paste into the 'Administration/Commands' window of GUI.

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 10 set ports "3 6t"
swconfig dev switch0 vlan 20 set ports "4 6t"
swconfig dev switch0 set apply
vconfig add eth1 10
vconfig add eth1 20
ifconfig eth1.10 192.168.10.1 netmask 255.255.255.0
ifconfig eth1.20 192.168.20.1 netmask 255.255.255.0

Click the 'Save Startup' button. The script will appear in the Startup window.

Copy text below and paste into the 'Administration/Commands' Command Shell window of GUI.
iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE

Click the 'Save Firewall' button. The script will appear in the Firewall window. Without this Firewall script you cannot get internet access in the new vlan.

Reboot router so startup script runs.

Do this first:
Go to Setup/Networking window of GUI
Click Add in the Multiple DHCP Server section at bottom of page.
Select eth1.10 (vlan10)
Click the 'Apply Settings' button.
Click Add in the Multiple DHCP Server section at bottom of page.
Select eth1.20 (vlan20)
Click the 'Apply Settings' button.

Do this second:
Go to Setup/Networking window of GUI to find the newly created interface Network Configuration eth1.10 (vlan10)
Click the 'unbridge' button associated with Network Configuration eth1.10
Masquerade / NAT should be Enabled
Net Isolation should be Enabled
Put in IP Address 192.168.10.1
Put in subnetmask 255.255.255.0
Click the 'Save' button at bottom of page.
Click the 'Apply Settings' button.

Go to Setup/Networking window of GUI to find the newly created interface Network Configuration eth1.20 (vlan20)
Click the 'unbridge' button associated with Network Configuration eth1.20
Masquerade / NAT should be Enabled
Net Isolation should be Enabled
Put in IP Address 192.168.20.1
Put in subnetmask 255.255.255.0
Click the 'Save' button at bottom of page.
Click the 'Apply Settings' button.

Reboot router and set up all other settings.

This is working for me.

_________________
R7800 r53339 std (08/01/23)
Private network on bridge br0 = eth1 (vlan 1) + wlan0 + wlan1.
Guest network on bridge br1 = eth1.4 (vlan 4) + VAPs (wlan0.1 + wlan1.1) for IOT devices
(Roku's, Amazon Echos, smart switches, etc.) and guest.
Noob still finding my way.

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 4 set ports "3 4 6t"
swconfig dev switch0 set apply
vconfig add eth1 4
brctl addif br1 eth1.4
ifconfig eth1.4 up
tembenite
DD-WRT Novice


Joined: 11 Jan 2007
Posts: 5

PostPosted: Fri Jun 29, 2018 1:31    Post subject: R7800 VLAN Setup Reply with quote
Okay, so if I have an external wireless device that is running two SID's and tagging one as VLAN 2 and one as VLAN 4, and is plugged into the port labeled "4".

Am I correct in digesting this thread that my configuration would be as follows if I want all the ports on VLAN 2, except for those items specifically tagged for VLAN 4?

I want my main network, VLAN 2 to run on 192.168.1.x and the VLAN 4 to run on 192.168.2.x.

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 2 set ports "1 2 3 4t 6"
swconfig dev switch0 vlan 4 set ports "4t 6t"
swconfig dev switch0 set apply
vconfig add eth1 10
ifconfig eth1.10 192.168.2.1 netmask 255.255.255.0
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6855
Location: Romerike, Norway

PostPosted: Fri Jun 29, 2018 11:18    Post subject: Reply with quote
What about the WAN Port? It's orginally in VLAN 2?
tembenite
DD-WRT Novice


Joined: 11 Jan 2007
Posts: 5

PostPosted: Sat Jun 30, 2018 1:31    Post subject: Reply with quote
Per Yngve Berg wrote:
What about the WAN Port? It's orginally in VLAN 2?


Rather than Hijack this thread, I opened a new thread, like I probably should have in the first place:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1133378#1133378
DWCruiser
DD-WRT User


Joined: 15 Aug 2016
Posts: 223
Location: Melbourne, Australia

PostPosted: Tue Oct 16, 2018 11:20    Post subject: Reply with quote
sweatbee wrote:
Summary of my set-up process for my new vlan.

.......

I would be interested to hear if anyone else has success setting up vlans using this procedure.


Thank you so much for your post with detailed instructions.

I managed to configure VLANS on my R7800 as well as setting up (PIA) OVPN client. This is what I have configured on R7000 earlier except the R7800 has no GUI for VLAN so your post has been of great help.

Just wondering if anyone has overclocked the R7800?

Thanks again for your good work.

Cheers
sweatbee
DD-WRT User


Joined: 17 Jan 2018
Posts: 64
Location: Georgia, USA

PostPosted: Tue Oct 16, 2018 14:12    Post subject: Reply with quote
To keep the R7800 CPUs at max add the following line to startup (without quotes):

"for CPUFREQ in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do [ -f $CPUFREQ ] || continue; echo -n performance > $CPUFREQ; done"

Someone posted this in one of the build threads and it keeps the download speeds from droping through the VPN connection. My router status shows the CPU clock at 1725 MHz / 1725 MHz. This hasn't seemed to hurt anything for me.

I have also changed my vlan configuration to a bridged one. This better suits my needs. Setup is described here:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1136389#1136389

_________________
R7800 r53339 std (08/01/23)
Private network on bridge br0 = eth1 (vlan 1) + wlan0 + wlan1.
Guest network on bridge br1 = eth1.4 (vlan 4) + VAPs (wlan0.1 + wlan1.1) for IOT devices
(Roku's, Amazon Echos, smart switches, etc.) and guest.
Noob still finding my way.

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 4 set ports "3 4 6t"
swconfig dev switch0 set apply
vconfig add eth1 4
brctl addif br1 eth1.4
ifconfig eth1.4 up


Last edited by sweatbee on Tue Oct 16, 2018 23:29; edited 1 time in total
DWCruiser
DD-WRT User


Joined: 15 Aug 2016
Posts: 223
Location: Melbourne, Australia

PostPosted: Tue Oct 16, 2018 23:16    Post subject: Reply with quote
sweatbee wrote:
To keep the R7800 CPUs at max add the following line to startup:

for CPUFREQ in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do [ -f $CPUFREQ ] || continue; echo -n performance > $CPUFREQ; done

Someone posted this in one of the build threads and it keeps the download speeds from droping through the VPN connection. My router status shows the CPU clock at 1725 MHz / 1725 MHz. This hasn't seemed to hurt anything for me.

I have also changed my vlan configuration to a bridged one. This better suits my needs. Setup is described here:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1136389#1136389



Thanks for your reply.

Having tried the command twice, my R78000 became unstable, especially wifi connections. I had to back down in the end. Smile

I notice that the overclocked speeds were more than twice the default specs of R7800. (On my R7000, it was overclocked to only 1200MHz/800MHz from 800/800. But it was stable). My educated guess is that other parameters on my R7800 may have contributed to the instability since you have no issue at those speeds of 1725MHZ/1725MHz. I tried the command nvram get clkfreq but it does not seem to be working on R7800. Have not tried nvram set clkfreq=1200,800 in case I brick the router. I can recover it but taking risk is not my strong suit. Let me put it that way. Cool

As for your bridged VLANS, I have not tried it since mine seems to be working fine. I have very much copied my R7000 VLAN settings to the R7800 using your script with relevant modifications. Actually, I have two separate VLANS on the R7800 with Net isolation to keep them from accessing my main network.

As for guess wifi, I ran vap on both 2.4MHz and 5GHZ, also with Net isolation.

As for VPN client, I use policy-based routing and specify which connections are going through it. My ASUS laptop is connected via PIA VPN when using wire, but outside the tunnel when on wifi. This suits my needs as VPN connection inevitably slows down the bandwidth due to encryption.

Again, thank you so much for your great post. Also thanks to other people as you mentioned earlier. I am able to set VLANs on the R7800.

Cheers
Trossy
DD-WRT Novice


Joined: 10 Mar 2019
Posts: 13

PostPosted: Sun Mar 10, 2019 7:48    Post subject: Reply with quote
sweatbee wrote:
Summary of my set-up process for my new vlan.

Special thanks to “mrjcd” (whose foundational procedures) and “Per Yngve Berg” (whose great help) made it possible for me to set up my VLANs and get them to work. Also, total gratitude to Kong and BS whose firmware makes it all possible. Thanks Netgear for r7800 whose signal I can pick up in my next door neighbor’s homes (password protect!).

Motivation for the following came from this site: https://www.routersecurity.org/

Single router home setup using Netgear r7800 and v3.0-r35030M kongat (02/19/1Cool firmware.

Private network (desktops, laptops, tablets, NAS, printers, etc.) eth1 ath0 ath1 protected by PIA OpenVPN using Policy Based Routing.
Guest networks (Virtual Access Points) to isolate IOT streaming devices (5 Roku's, Chromecast) and guest. Guest networks not run through VPN so streaming Netflix and Hulu will work.
Separate VLAN to isolate wired IOT devices (VOIP phone, audio amp receiver, Blu-ray player) from private network. Not run through VPN.

From my brief experience I found I have to set up the backbone structure first and then go back and flesh out all the proper settings. Otherwise things may not work. I had to resort to this when originally setting up my guest networks (VAPs).

Port Configuration for r7800:
Physical port1 = switch port4,
Physical port2 = switch port3,
Physical port3 = switch port2,
Physical port4 = switch port1.
Note that the processor port is switch port6, and switch port5 is the WAN.
Port 6 is not tagged for VLAN1, but is tagged for the other VLANs.

My setup process:
Computer’s wired connection is in physical port 4 (switch port 1) which does not change VLAN or subnet throughout this process thereby maintaining its connection if something goes wrong with the new vlan.

You use SWCONFIG and add commands to the startup commands to create VLANs on the r7800. You then complete the set up/configuration process in the GUI. (At least this is what I did.)

I decided to use subnet 192.168.25.1 for the new vlan and call it vlan 25. You can use any subnet or vlan name you want. I decided to put physical ports 1 & 2 (switch 4 & 3) in the new vlan 25 and leave physical ports 3 & 4 (switch 2 & 1) in the redefined vlan1.

I reloaded the Firmware. Then reset to default settings. (You may not have to do this, but I did.)
I logged into the router at 192.168.1.1 and reset the user name and password.

First I added the following VLAN scripts to startup and firewall at the Administration/Commands tab.

Copy text below and paste into the 'Administration/Commands' Command Shell window of GUI.
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 6"
swconfig dev switch0 vlan 25 set ports "3 4 6t"
swconfig dev switch0 set apply
vconfig add eth1 25
ifconfig eth1.25 192.168.25.1 netmask 255.255.255.0

Click the 'Save Startup' button. The script will appear in the Startup window.

Copy text below and paste into the 'Administration/Commands' Command Shell window of GUI.
iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE

Click the 'Save Firewall' button. The script will appear in the Firewall window. Without this Firewall script you cannot get internet access in the new vlan.

Reboot the router at the ‘Administration/Management tab at bottom of page.

Go to Setup/Networking tab and go to bottom of the page.
Click Add in the Multiple DHCP Server section
Select the new eth1.25. Save and Apply Settings. Reboot. (You may not need to reboot but I did.)

Go to Setup/Networking window of GUI to find the newly created interface Network Configuration vlan25 (shows as - Network Configuration eth1.25)
Click the 'unbridge' button associated with Network Configuration eth1.25
Masquerade / NAT should be Enabled
Net Isolation should be Enabled
Put in IP Address 192.168.25.1
Put in subnetmask 255.255.255.0
Click the 'Save' button at bottom of page.
Click the 'Apply Settings' button.
Reboot router

With my VLANs now set up at this point I created my guest networks (VAPs).

Guest WiFi + Abuse Control For Beginners
https://www.dd-wrt.com/wiki/index.php/Guest_WiFi_%2B_abuse_control_for_beginners

https://www.dd-wrt.com/phpBB2/viewtopic.php?t=313923
1. Add virtual interface ath0.1 without any settings on Wireless/Basic Settings tab Virtual Interfaces. Apply Settings
2. Add Multiple DHCP Server for ath0.1 on Setup/Networking tab. Apply Settings
3. Add virtual interface ath1.1 without any settings on Wireless/Basic Settings tab Virtual Interfaces. Apply Settings
4. Add Multiple DHCP Server for ath1.1 on Setup/Networking tab. Apply Settings
5. Go back and fill in all settings for ath0.1 and ath1.1 and Apply Settings.

Manually configured all other settings.

QCA Wireless Settings
https://dd-wrt.com/wiki/index.php/QCA_wireless_settings

Kong
TIPS – DD-WRT –
http://tips.desipro.de/

I finally set up my OpenVPN client to cover just my private network, not the guest networks or the new vlan. I entered the IP range of my private network in the Policy Based Routing box on the Services/VPN tab. See CIDR to IPv4 Conversion https://www.ipaddressguide.com/cidr to simplify the range entry.

This is the guide I used to set up my OpenVPN client.
DD-WRT OPENVPN SETUP (privateinternetaccess - PIA)
https://www.privateinternetaccess.com/pages/client-support/dd-wrt-openvpn

I lost my new vlan briefly when I set up the OpenVPN client and applied settings. However, I disabled OpenVPN client and it brought back my VLAN 25. I then re-enabled OpenVPN client and my VLAN 25 remained.

I rebooted and all is working!

The above is WHAT I did but I cannot tell you the WHY of it. If your setup doesn’t work others will have to help you fine tune it.

Noob still finding my way! You may not have to be as anal as I was in the process, but this worked for me. I hope this helps someone else.

I would be interested to hear if anyone else has success setting up vlans using this procedure.



I'm giving this config a go with very limited knowledge of what’s going on.

I've tried to recreate your results by pasting the config into the commands and configuring it for what I think would work for my setup.

I get as far as copying the VLAN scripts into the command shell and saving the firewall iptables script. Upon rebooting my router none of my devices can access the internet they all get APIPA addresses. I then must reset my router as I can't access the gateway and redoing all my settings has been too much. Soo, I want to accomplish the following

1.) What I'm trying to accomplish is separate my personal PC on its own VLAN. This PC is in physical port 1 of the router.

2.) Another PC which I use as a plex server in it's own VLAN in physical port 2 of the router.

3.) Add a switch that will be connecting to a number of IPTV cameras to be on its own VLAN in physical port 3 of the router.
*or to simplify things here how to get 1.) + 2.) to work on separate VLAN and forget about the switch

Switch implementation (may not be related) *Just skip over to after the net gear URL link below to not add more to the equation.
I wanted to accomplish this all within the switch but the model I purchased (Netgear GS108Ev3) will not separate VLANS on its own and needs a router implementation to aid with VLAN ID's; which is not supported with the Atheros based DD-WRT unfortunately and seems to only work with the Broadcom versions, unless I there is a implementation through the command script for VLANtagging..
This guide describes the steps on a Broadcom based router. If your interested to see what I was trying to accomplish with the switch
https://kb.netgear.com/30919/How-to-configure-VLANs-on-a-ProSAFE-Web-Managed-Plus-Switch-with-shared-access-to-the-internet





*****UPDATE*******

I got my vlans working here is my configuration

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "4 6"
swconfig dev switch0 vlan 4 set ports "3 6t"
swconfig dev switch0 set apply
vconfig add eth1 4
ifconfig eth1.4 192.168.4.1 netmask 255.255.255.0

The current set up is:
-physical port 1 (switch port 4): is my Desktop on default lan unchanged.

-Physical port 2 (switch port 3): My desktop that I'm using as a plex server

-I have yet to make a vlan for my managed switch for my IPTV cameras. I am still figuring out how to tag and vlan ID ports and then implementing that into the shell configuration. I'll update here once I have it figured out or ask for help once if tinker with it some.

Now before I began this I had already unbridged my Wireless interfaces through the Setup-> Networking GUI.
I added a DHCPD option to each wireless interface (both ath0 and ath1) I put these in 2 separate subnets following this guide:
https://wiki.dd-wrt.com/wiki/index.php/Separate_LAN_and_WLAN

Prior to following that guide and reading the switched ports documentation, -> https://wiki.dd-wrt.com/wiki/index.php/VLAN_Bridging_WAN_and_a_LAN_port#Second_WAN_port, I hadn't had a clue what I was doing.


Last edited by Trossy on Sun Mar 10, 2019 10:45; edited 1 time in total
Goto page Previous  1, 2, 3, 4, 5, 6  Next Display posts from previous:    Page 2 of 6
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum