Joined: 13 Aug 2013 Posts: 6870 Location: Romerike, Norway
Posted: Sun Mar 10, 2019 9:28 Post subject:
Almost correct.
Physical port1 = switch port4,
Physical port2 = switch port3,
Physical port3 = switch port2,
Physical port4 = switch port1.
Note that the processor port is switch port6 (eth0), and switch port5 is the secondary processor port (eth1).
WAN = switch port0
By distributing over both port6 and port5, you get better performance as traffic is split over two gigabit ports instead of sharing one.
I decided to read the dd-wrt documentation on "Switched Ports" since posting.
The "t", "u" stands for tagged and untagged. Still very confusing gathering up all this information and putting it to use but know I at least have much more to work with.
Physical port1 = switch port4,
Physical port2 = switch port3,
Physical port3 = switch port2,
Physical port4 = switch port1.
Note that the processor port is switch port6 (eth0), and switch port5 is the secondary processor port (eth1).
WAN = switch port0
By distributing over both port6 and port5, you get better performance as traffic is split over two gigabit ports instead of sharing one.
This is my config I am about to test out.
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "4 6"
swconfig dev switch0 vlan 4 set ports "3 6t"
###Why do we tag the switch port 6 processor port here?
swconfig dev switch0 set apply
vconfig add eth1 4
ifconfig eth1.4 192.168.4.1 netmask 255.255.255.0
The port is tagged so the processor can see it on eth1.4 separated from VLAN1 (eth1).
I have my VLANS working didn't think I would get it working this morning.
Got another question for you if you don't mind.
I use OpenVPN Client through the router and it currently enables vpn on all VLANS and subnets.
How would you configure each VLAN or subnet individually to use or Not use the VPN?
Posted: Wed Jun 12, 2019 18:57 Post subject: Working R7500v2 setup
First I want to say that this discussion has been super helpful for me in getting this working on my R7500v2 and I want to share my findings for future users.
I'm running r37495M and it has no "VLAN" tab in the menu.
My goal was to have a separate WWAN along with a single LAN port that was isolated from my regular home computing network. I used the UI to create a virtual WWAN, and added it to a new bridge (br2). Also using the UI, I added another DHCP range for br2. I then added the following startup commands:
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "2 3 4 6"
swconfig dev switch0 vlan 4 set ports "1 6t"
swconfig dev switch0 set apply
vconfig add eth1 4
brctl addif br2 eth1.4
This successfully allowed me to have a new WWAN along with port # 4 (as physically numbered on the switch) on a separate network with internet access.
My final hurdle was trying to get the configuration to work after a reboot. WWAN worked, but I was getting no DHCP on the ethernet port. After some experimentation (mostly around restarting dnsmasq that didn't help), adding the following two commands to the end of the startup solved my problem:
Posted: Sat Dec 05, 2020 19:32 Post subject: nighthawk x4s isolated ethernet vlans.
Hello I have a nighthawk x4s, and I want to isolate all ethernet ports such that they can only access the internet and not see other ethernet or wifi devices on my network. Here are my nighthawk X4S (r7800) settings. Can someone tell me what is wrong with my settings.
Thanks.
startup>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "6"
swconfig dev switch0 vlan 3 set ports "1 6t"
swconfig dev switch0 vlan 4 set ports "2 6t"
swconfig dev switch0 vlan 5 set ports "3 6t"
swconfig dev switch0 vlan 6 set ports "4 6t"
swconfig dev switch0 set apply
vconfig add eth1 3
ifconfig eth1.3 192.168.10.1 netmask 255.255.255.0
vconfig add eth1 4
ifconfig eth1.4 192.168.20.1 netmask 255.255.255.0
vconfig add eth1 5
ifconfig eth1.5 192.168.30.1 netmask 255.255.255.0
vconfig add eth1 6
ifconfig eth1.6 192.168.40.1 netmask 255.255.255.0
Firewall >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.
iptables -I FORWARD -i eth1.4 -o eth1.3 -m state --state NEW -j REJECT
iptables -I FORWARD -i eth1.5 -o eth1.3 -m state --state NEW -j REJECT
iptables -I FORWARD -i eth1.6 -o eth1.3 -m state --state NEW -j REJECT
iptables -I FORWARD -i eth1.6 -o eth1.4 -m state --state NEW -j REJECT
iptables -I FORWARD -i eth1.5 -o eth1.4 -m state --state NEW -j REJECT
iptables -I FORWARD -i eth1.6 -o eth1.5 -m state --state NEW -j REJECT
iptables -I FORWARD -i eth1.4 -o eth1.5 -m state --state NEW -j REJECT
iptables -I FORWARD -i eth1.4 -o eth1.6 -m state --state NEW -j REJECT
iptables -I FORWARD -i eth1.5 -o eth1.6 -m state --state NEW -j REJECT
iptables -I INPUT -i ath1.1 -d 192.168.2.1 -j DROP
iptables -I INPUT -i eth1.4 -d 192.168.2.1 -j DROP
iptables -I INPUT -i eth1.5 -d 192.168.2.1 -j DROP
iptables -I INPUT -i eth1.6 -d 192.168.2.1 -j DROP
What config and firewall would i require for 1 single vlan on R7800 (I am a complete vlan beginner)
My aim is to isolate Ethernet IoT devices. Hive tv's etc
My wireless is disabled on router, i use a mesh system that has isolated guest network already for wireless IoT
Thanks for any assistance in advance
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Tue Dec 08, 2020 14:13 Post subject:
foz111 wrote:
What config and firewall would i require for 1 single vlan on R7800 (I am a complete vlan beginner)
My aim is to isolate Ethernet IoT devices. Hive tv's etc
My wireless is disabled on router, i use a mesh system that has isolated guest network already for wireless IoT
Thanks for any assistance in advance
yep that's what i do, i have an isolated VLAN with a managed switch and a small TP-link router into that switch so all untrusted devices are in the switch or using that Tp-Link Wi-Fi ( NAT or you can use as a WAP)...
im away of my R7800, but based on this thread config should be looking like that, you can test and adjust it to your case, if its not working...have a good read in the begging of this thread...lets hope someone else will jump in to shred some light too...
start up script
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 2 3 6"
swconfig dev switch0 vlan 3 set ports "4 6t"
swconfig dev switch0 set apply
vconfig add eth1 3
brctl addif br1 eth1.3
ifconfig eth1.3 192.168.10.1 netmask 255.255.255.0
"I guess Vlan 2 is your default WAN"
and br0 is the main wifi + lan
Copy text below and paste into the 'Administration/Commands' Command Shell window of GUI save Firewall