Help with VLAN tagging

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
jocara
DD-WRT Novice


Joined: 29 Jun 2019
Posts: 10

PostPosted: Sat Jun 29, 2019 22:55    Post subject: Help with VLAN tagging Reply with quote
All —

I’ve been spending a fair amount of time researching how to put together a home network with an Untangle UTM as my gateway / router with a Netgear R8500 DDWRT setup. I’vs been able to setup my DDWRT as my main gateway and router no problem. I get into problems when I want to take advantage of Untangle UTM and place it before my DDWRT.

See network diagram attached. I can get untagged traffic into Port 2 and tagged traffic into Port 1 from DDWRT to Untangle - separately. But the moment hook em up both and do both simultaneously, the systems degrades quickly. I separated tagged and untagged traffic through different ethernet ports to troubleshoot.

On my VLAN setup, here’s what I start after making the updates in DDWRT GUI before modifying NVRAM:

vlan1ports=1 2 3 4 5 7 8*
vlan2ports=0 8u

port0vlans=2 18 19 21
port1vlans=1 10 15 16 18 19 21
port2vlans=1 18 19 21
port3vlans=1 18 19 21
port4vlans=1 18 19 21
port5vlans=1 2 10 15 16

vlan1hwname=et2
vlan2hwname=et2


To account for my VLAN setup (and 6, not 4 ports in my R8500) I update to the following:

vlan1ports=1t 2 3 4 5 7 8*
vlan2ports=0 8u
vlan10ports=1t 8
vlan15ports=1t 8

port0vlans=2 18 19 21
port1vlans=1 10 15 16 18 19 21
port2vlans=1 18 19 21
port3vlans=1 18 19 21
port4vlans=1 18 19 21
port5vlans=1 18 19 21
port7vlans=1 18 19 21
port8vlans=1 2 10 15 16

vlan1hwname=et2
vlan2hwname=et2
vlan10hwname=et0
vlan15hwname=et0

Apologies for the long post, but I wanted to provide as much context as I could! Any thoughts on why I’m having problems??

Many thanks!! Very Happy



Network Diagram.png
 Description:
Network Diagram
 Filesize:  149.44 KB
 Viewed:  840 Time(s)

Network Diagram.png


Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5191
Location: Akershus, Norway

PostPosted: Sun Jun 30, 2019 11:22    Post subject: Reply with quote
vlan1hwname=et2
vlan2hwname=et2
vlan10hwname=et0
vlan15hwname=et0


VLAN 10 and 15 goes to different hardware. Is that a typo?
bkaskar
DD-WRT Novice


Joined: 15 Feb 2019
Posts: 20

PostPosted: Sun Jun 30, 2019 14:13    Post subject: Reply with quote
I've been trying the same with 2 APs, behind UTM, unfortunately, I have yet to find a fully working and stable build for RT-AC5300. Recently I've had success with RT-AC68U on kongac 6/19/2019 build.

I'm a bod, but what I've noticed you do away without the "t" for tagging as the UI VLAN+Networking tab configuration on most of the latest builds works fine. If you don't mind me asking, why you have an untagged and tagged (2 wires connecting) or is it just a visualization? because the whole point of trunking is, so you just have to run one wire. The other thing is I try to stay away from the 15-22 range (even if port 16-21 are mainly used by Broadcom). So choose some other vlan Ids that aren't used/close by of the vendor's IDs. e.g. I used VLAN ID 3 (vlan3) as tag and assigned x.x.30.x to the bridge.

3 things:
1. Which build/version of DDWRT are you using?
2. Keep/save the existing settings (Even before you start making changes in GUI).
. As in Required Manual NVRAM Changes section of Switched Ports article tells, you use the value as it exists in NVRAM not the IFNAME.
So, as the senior member asked/suggested, try
Code:
nvram set vlan10hwname=et2
nvram set vlan15hwname=et2
nvram commit


So even before you make changes you need to see the output of your
nvram show| grep port.*vlans | sort
So you know what were all the values for port.*vlans and then change the vlan assignment ports.
jocara
DD-WRT Novice


Joined: 29 Jun 2019
Posts: 10

PostPosted: Sun Jun 30, 2019 17:05    Post subject: Reply with quote
Thanks to you both for your comments and help!

Re: the vlanhwnames, I took the switch guide literally when they said to name it "et0" not realizing that I may need to stick with what my hardware is showing. Shocked I'll definitely try that out and report back.

To confirm, because my R8500 has 6 ethernet ports and a CPU code of 8, I need to make a number of updates to my portvlans - adding ports 7 and 8 and changing CPU port from 5 to 8.

To to bkaskar''s questions - I actually did use two separate cables for tagged and untagged traffic. Just for troubleshooting - ideal just use one line when both are working separately.

Per my diagram, I'm using Kong's latest build as of 6/8/19.

And yes, I did check settings before any GUI updates. It looked the same as what I've posted except that all the portXvlans just had a VLAN code without additional port attributes (e.g. 18 19 21).
jocara
DD-WRT Novice


Joined: 29 Jun 2019
Posts: 10

PostPosted: Sun Jun 30, 2019 17:13    Post subject: Reply with quote
Oh and bkaskar, I used higher VLAN ids > 8 (greater than my ethernet port count) because I found some erratic behaviors if my port numbers and VLAN IDs were similar.
bkaskar
DD-WRT Novice


Joined: 15 Feb 2019
Posts: 20

PostPosted: Sun Jun 30, 2019 17:59    Post subject: Reply with quote
jocara wrote:
Oh and bkaskar, I used higher VLAN ids > 8 (greater than my ethernet port count) because I found some erratic behaviors if my port numbers and VLAN IDs were similar.


Hi jocara, using higher vlan IDs is fine, you can use even [16-21] but then when you list vlan.*ports vs port.*vlans and compare; you have to pay attention Shocked and be careful looking at every entry Very Happy That's why I avoid the range.

Good Luck!
jocara
DD-WRT Novice


Joined: 29 Jun 2019
Posts: 10

PostPosted: Mon Jul 01, 2019 2:31    Post subject: Reply with quote
I've tried the suggestions earlier and it helped a little, but the system is still unstable - even after many power cycles of my UTM and DDWRT router.

Basically, I start out with:
vlan1ports=1 2 3 4 5 7 8*
vlan2ports=0 8u

port0vlans=2
port1vlans=1
port2vlans=1
port3vlans=1
port4vlans=1
port5vlans=1 2 16

vlan1hwname=et2
vlan2hwname=et2

And end up with:
vlan10ports=1t 8
vlan15ports=1t 8
vlan1ports=1 2 3 4 5 7 8*
vlan2ports=0 8u

port0vlans=2 18 19 21
port1vlans=10 15 16 18 19 21
port2vlans=1 18 19 21
port3vlans=1 18 19 21
port4vlans=1 18 19 21
port5vlans=1 18 19 21
port7vlans=1 18 19 21
port8vlans=1 2 10 15 16

vlan10hwname=et2
vlan15hwname=et2
vlan1hwname=et2
vlan2hwname=et2

Again, I'm splitting tagged and untagged traffic thru different ports for trouble shooting.

Problems seem to happen when I want to send untagged + tagged traffic through the same port, or VLAN 10 + VLAN 15 tags thru the same port. Sending untagged or a single VLAN tag seems to work fine.

I've tried many versions of using or omitting "t" tags in vlanXports but it doesn't make a difference.

I've included an image of my bridge / VLAN settings in DDWRT. That parts seems to be OK.

Any thoughts on what else I'm missing? Sad



DDWRT Bridge Settings.png
 Description:
 Filesize:  121.48 KB
 Viewed:  766 Time(s)

DDWRT Bridge Settings.png


Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5191
Location: Akershus, Norway

PostPosted: Mon Jul 01, 2019 4:39    Post subject: Reply with quote
It's best to tag all vlans on the port.

Try to also tag vlan1 on port 1.
jocara
DD-WRT Novice


Joined: 29 Jun 2019
Posts: 10

PostPosted: Mon Jul 01, 2019 18:49    Post subject: Reply with quote
Hmm. I've also tried tagging the vlan1 ports as "1t 2 3 4 5 7 8*". Unfortunately no such luck...

Thanks again, all, for the help thus far
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5191
Location: Akershus, Norway

PostPosted: Mon Jul 01, 2019 18:52    Post subject: Reply with quote
Is the equipment at the other end of the cable configured the same way?
jocara
DD-WRT Novice


Joined: 29 Jun 2019
Posts: 10

PostPosted: Mon Jul 01, 2019 18:57    Post subject: Reply with quote
Yes, the UTM is configured to accept tagged and untagged traffic.

I can confirm send the following successfully to my UTM
* Only untagged traffic
* Only one VLAN tag (nothing untagged)

The moment I send both untagged and tagged traffic OR multiple VLAN tags to the same ethernet port, everything goes haywire.
bkaskar
DD-WRT Novice


Joined: 15 Feb 2019
Posts: 20

PostPosted: Mon Jul 01, 2019 22:14    Post subject: Reply with quote
Your networking setup looks OK, but are you assigning the IP to bridge (or unbridged WLAN) that you get from tagged 10 and 15?

try changing this to
nvram set port1vlans="1 10 15"
(firmware should automagically pic auto neg and other options i.e. 16 18 19 21)
or even
nvram set port1vlans="1 10 15 16 18 19 21" wouldn't hurt.
vlan0 is internally used by the SoC but I've noticed it is better to put vlan1 on the trunk.

Quote:
The moment I send both untagged and tagged traffic OR multiple VLAN tags to the same ethernet port, everything goes haywire.

You can put whatever on the trunk from UTM but technically only packets marked with 802.1q headers will be shifted to ports/bridges you define.
Also sometimes of you have 2 connections without aggregation/LAGG you can create loops.

Thus having one trunk makes the most sense.

I am having similar issues with my RT-AC5300. I have tried many scenarios but the moment I start defining VLANs router becomes unresponsive. Confused
It works fine as Gateway but not as Router/AP... for my box I see now the CPU port is even not 8 - now its 7

Anyway, try changing the
jocara
DD-WRT Novice


Joined: 29 Jun 2019
Posts: 10

PostPosted: Tue Jul 02, 2019 2:49    Post subject: Reply with quote
bkaskar, My UTM is assigning the IPs to the bridges setup - br1 and br2.

I leave the bridge IP and subnet mask fields empty and disable multicast fwd, masqu / NAT, etc .. I have assumed thats OK because UTM DHCP is handling...

Am pretty sure I've tried your other suggestions but will try again in the coming days when I have time after work.

Thanks again!
bkaskar
DD-WRT Novice


Joined: 15 Feb 2019
Posts: 20

PostPosted: Tue Jul 02, 2019 15:44    Post subject: Reply with quote
Just realized my last post got posted incomplete, but I think you got the jist.

I'm just wondering how your DHCPD is doing that on UTM, as on the DD-WRT side both br1 and br2 get the same MAC ID. I could be wrong but I had the impression one mac can only be assigned in one vlan to have IP assigned from that subnet. I've yet to try and see if I can use the same mac on 2 vlans to lease out IPs from 2 different subnets.

Good Luck

-bkaskar
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5191
Location: Akershus, Norway

PostPosted: Tue Jul 02, 2019 16:50    Post subject: Reply with quote
jocara wrote:
I leave the bridge IP and subnet mask fields empty and disable multicast fwd, masqu / NAT, etc .. I have assumed thats OK because UTM DHCP is handling...


The router needs static IPs on it's LAN interfaces/bridges.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum