VLAN Detached Networks on R9000

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page Previous  1, 2, 3, 4, 5 ... 9, 10, 11  Next
Author Message
a13b
DD-WRT Novice


Joined: 29 Dec 2017
Posts: 20

PostPosted: Thu May 07, 2020 6:38    Post subject: Reply with quote
Thanks! I put in on https://forum.dd-wrt.com/wiki/index.php/Netgear_R9000 Let's have the info in a single place!
Sponsor
ironstaff
DD-WRT User


Joined: 11 Oct 2019
Posts: 157

PostPosted: Thu May 07, 2020 8:57    Post subject: Reply with quote
a13b wrote:
Thanks! I put in on https://forum.dd-wrt.com/wiki/index.php/Netgear_R9000 Let's have the info in a single place!


Sounds great! Thanks!

_________________
Fleet Deployment of Netgear Nighthawk X10 R9000s
File: DD-WRT v3.0-r45229 std (01/01/21)
Active Settings: SFE, Multi-DHCP, Net Isolation, 10 Gbps SFP+ Module, VLANs, Wireguard Client, FreeRadius, WAN + 4G LTE fail-over, All internal radios - Disabled
PfSense - Intel Xeon, 32GB ECC RAM - Suricata, pfBlockerNG, Squid Proxy + ClamAV, VLANs w/ 802.1x Auth
Cisco WiFi 6 Access Points - Client Isolation & Radius Auth via DD-WRT R9000 w/ WPA3 Enterprise
Cisco Switches - 802.1x-VLANs & Radius Auth via DD-WRT R9000
a13b
DD-WRT Novice


Joined: 29 Dec 2017
Posts: 20

PostPosted: Thu May 07, 2020 9:32    Post subject: Reply with quote
kernel-panic69 wrote:
vlans seem to be already enabled by default.


By default there are no active vlans on switch0 and switch1. For example:

Code:
root@DD-WRT:~# swconfig dev switch0 show | grep -i vlan
   enable_vlan: 0
root@DD-WRT:~# swconfig dev switch0 vlan 0 show
VLAN 0:
   vid: 0
   ports:
a13b
DD-WRT Novice


Joined: 29 Dec 2017
Posts: 20

PostPosted: Thu May 07, 2020 9:49    Post subject: Reply with quote
The mapping of the switches ports to the physical ports:

switch0-port0: always "link:up speed:1000baseT full-duplex"
switch0-port1: ETHERNET 2
switch0-port2: ETHERNET 1
switch0-port3: ETHERNET WAN
switch0-port4: always "link:up speed:1000baseT full-duplex txflow rxflow"
switch0-port5: always "link: down"
switch0-port6: always "link:up speed:1000baseT full-duplex txflow rxflow"

switch1-port0: always "link:up speed:1000baseT full-duplex txflow rxflow"
switch1-port1: ETHERNET 6
switch1-port2: ETHERNET 5
switch1-port3: ETHERNET 4
switch1-port4: ETHERNET 3
switch1-port5: always "link:up speed:1000baseT full-duplex txflow rxflow"
switch1-port6: always "link:up speed:10baseT half-duplex"

This has been obtained with something like:

Code:
root@DD-WRT:/tmp# for s in switch0 switch1; do for i in $(seq 0 6); do echo $i $(swconfig
 dev $s port $i get link 2>/dev/null); done; echo; done > /tmp/c000000


ironstaff, can you please run this with SFP+ connected and then disconnected, and post the diff?
a13b
DD-WRT Novice


Joined: 29 Dec 2017
Posts: 20

PostPosted: Thu May 07, 2020 9:58    Post subject: Reply with quote
Reminder: msoengineer said that brainslayer said:

Quote:
For the r9000 doing vlans is very complicated. the r9000 has 2 switches

so switch 1 connected to 2 ethernet phys (for wan and lan). switch 2 is connected to switch 1. so its problematic
so doing straight vlans configs is somewhat possible but not easy since i always have to pass through everything from switch 2 to switch 1
and its only operating in vlan mode or without. but i cannot combine both operation modes. and if i run vlan1 mode it will not pass packets without vlans from switch 2


Unless you really want to understand how everything works, let's accept we won't get R9000 to fully support VLAN Detached Networks. BUT if we manage to disable the second switch, we have a chance to enable vlan mode on the first switch and set up a separate VLAN for each of the two ethernet ports powered by the first switch.

If anyone gets any results, I'll be happy to update the wiki. Smile
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Thu May 07, 2020 12:04    Post subject: Reply with quote
I have commitments today, but I think I figured out where I was in error and where dd-wrt defaults may conflict. I won't share information until an actual fool-proof solution is figured out where I can plug an R9000 into an already established test environment that works with any other supported router. Anyone else could have already looked into this and come up with a solution most likely, but here we are.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
a13b
DD-WRT Novice


Joined: 29 Dec 2017
Posts: 20

PostPosted: Thu May 07, 2020 12:22    Post subject: Reply with quote
kernel-panic69 wrote:
I have commitments today, but I think I figured out where I was in error and where dd-wrt defaults may conflict. I won't share information until an actual fool-proof solution is figured out where I can plug an R9000 into an already established test environment that works with any other supported router. Anyone else could have already looked into this and come up with a solution most likely, but here we are.


Thank you!

For my curiosity, what's this "established test environment"?
krazie242
DD-WRT Novice


Joined: 26 Sep 2018
Posts: 3

PostPosted: Wed Jun 17, 2020 22:32    Post subject: Reply with quote
could eth0/SFP+ port be configured to trunk VLANS?
ironstaff
DD-WRT User


Joined: 11 Oct 2019
Posts: 157

PostPosted: Fri Jun 19, 2020 6:37    Post subject: Reply with quote
krazie242 wrote:
could eth0/SFP+ port be configured to trunk VLANS?


Yes. 802.1q is called vlan tagging in dd-wrt. Find it under the networking tab. Set your interface (eth0, in this case), tag number, and save + apply.

Enter the tag number on the receiving switch/AP/whatever device supports dot Q standard and set the receiving port to trunk. Good to go from there.

_________________
Fleet Deployment of Netgear Nighthawk X10 R9000s
File: DD-WRT v3.0-r45229 std (01/01/21)
Active Settings: SFE, Multi-DHCP, Net Isolation, 10 Gbps SFP+ Module, VLANs, Wireguard Client, FreeRadius, WAN + 4G LTE fail-over, All internal radios - Disabled
PfSense - Intel Xeon, 32GB ECC RAM - Suricata, pfBlockerNG, Squid Proxy + ClamAV, VLANs w/ 802.1x Auth
Cisco WiFi 6 Access Points - Client Isolation & Radius Auth via DD-WRT R9000 w/ WPA3 Enterprise
Cisco Switches - 802.1x-VLANs & Radius Auth via DD-WRT R9000
krazie242
DD-WRT Novice


Joined: 26 Sep 2018
Posts: 3

PostPosted: Fri Jun 19, 2020 11:36    Post subject: Reply with quote
Awesome, gonna plug it into my Cisco switch and test as soon as I can! If I can trunk the VLAN's out of the SFP+ port to my switch I can use the switch to detach ports to separate vlans.
sensei73
DD-WRT Novice


Joined: 14 Oct 2019
Posts: 7

PostPosted: Thu Aug 13, 2020 16:43    Post subject: Reply with quote
Hi there, I own a R9000 and I'm trying to detach a lan port to act as second wan.

My ISP have a modem with 2G/600M connection, but only 1gb switch...

I'm trying to detach an lan port to act as wan so I can aggregate both wan and the detached lan port with this --> http://lstein.github.io/Net-ISP-Balance/

Thanks for help in advance.

edit: the sfp port is detachable, maybe with a SFP-->rj45 It's doable?


Last edited by sensei73 on Thu Aug 13, 2020 16:53; edited 1 time in total
msoengineer
DD-WRT Guru


Joined: 21 Jan 2017
Posts: 1782
Location: Illinois Moderator

PostPosted: Thu Aug 13, 2020 16:51    Post subject: Reply with quote
sensei73 wrote:
Hi there, I own a R9000 and I'm trying to detach a lan port to act as second wan.

My ISP have a modem with 2G/600M connection, but only 1gb switch...

I'm trying to detach an lan port to act as wan so I can aggregate both wan and the detached lan port with this --> http://lstein.github.io/Net-ISP-Balance/

Thanks for help in advance.


If you do that, you will lose all other access to the remaining lan ports under dd-wrt and they won't be able to access the bridge to the wan side due to how the switch is configured...

Stock Netgear firmware is the only way I know of and you still may lose the 4 other lan ports to wan internet access.

_________________
FORUM RULES

TIPS/TRICKS: Best QCA Wifi Settings | Latency tricks | QoS Port priority | NEVER USE MU-MIMO |
Why to NOT use MU-MIMO | Max Wifi Pwr by Country | Linux Wifi Pwr | AC MCS & AX MCS | QCA 5Ghz chnls to use | WIFI Freq WIKI | TFTP R7800 | Don't buy AX | IPERF3 How-To

[R9000]52396 nightly (Main Router)
[EA8500]43192 & 45493 (2xOffsite)
[R7800] resting
[WDR3600]BS 44715 (Offsite)
[A7v5]BS 43038 (Offsite+spare napping)
sensei73
DD-WRT Novice


Joined: 14 Oct 2019
Posts: 7

PostPosted: Thu Aug 13, 2020 16:56    Post subject: Reply with quote
msoengineer wrote:
sensei73 wrote:
Hi there, I own a R9000 and I'm trying to detach a lan port to act as second wan.

My ISP have a modem with 2G/600M connection, but only 1gb switch...

I'm trying to detach an lan port to act as wan so I can aggregate both wan and the detached lan port with this --> http://lstein.github.io/Net-ISP-Balance/

Thanks for help in advance.


If you do that, you will lose all other access to the remaining lan ports under dd-wrt and they won't be able to access the bridge to the wan side due to how the switch is configured...

Stock Netgear firmware is the only way I know of and you still may lose the 4 other lan ports to wan internet access.


Thanks, do you think it's possible by adding a sfp/rj45 module?
lh-reg
DD-WRT Novice


Joined: 03 Mar 2021
Posts: 4

PostPosted: Wed Mar 03, 2021 18:53    Post subject: Reply with quote
It is possible to get VLANs working on the R9000 switch ports. It took me a while to figure it out, but I have done it successfully to bridge 3 wireless networks (1 physical and 2 VAPs) to relevant VLANs and have a management VLAN. I ended up leaving VLAN1 and VLAN2 alone and setting up new VLANs 4 - LAN, 8 - Guest, 12 - IoT & 15 - Management.

I created the wireless networks, VLANs and bridges in the GUI first, then used swconfig to assign the VLANs to specific ports. I am using this as an AP only, so I've assigned my WAN port as my trunked port to connect to the rest of the network.

My startup script is:

Code:
sleep 8

# Setup VLANS

# Switch0 Config
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "0t 4t 6t"
swconfig dev switch0 vlan 2 set ports "5t"
swconfig dev switch0 vlan 4 set ports "0t 1 2 3t 4t 6t"
swconfig dev switch0 vlan 8 set ports "0t 3t 4t 6t"
swconfig dev switch0 vlan 12 set ports "0t 3t 4t 6t"
swconfig dev switch0 vlan 15 set ports "0t 3t 4t 6t"
swconfig dev switch0 set apply

# Switch1 Config
swconfig dev switch1 set enable_vlan 1
swconfig dev switch1 vlan 1 set ports "0t 5t"
swconfig dev switch1 vlan 4 set ports "0t 2 5t"
swconfig dev switch1 vlan 8 set ports "0t 4 5t"
swconfig dev switch1 vlan 12 set ports "0t 3 5t"
swconfig dev switch1 vlan 15 set ports "0t 1 5t"
swconfig dev switch1 set apply


This sets the WAN port to be the trunked port, LAN ports 1, 2 & 5, Guest port 3, IoT port 4 and management port 6. This isn't actually my final setup, but it's what I used for testing.

Hope this helps someone else. I have done a full blog post as to how I set it all up here: https://smart-home-project.blogspot.com/2021/03/netgear-r9000-x10-vlans-on-dd-wrt.html, but the config above should get you there.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Wed Mar 03, 2021 19:46    Post subject: Reply with quote
Awesome stuff. The only thing is, we would still need to figure out how to figure in eth0 (WAN port), but this is good progress. I haven't really messed around with this since my wireless interfaces took a dump, but it looks like some of my logic wasn't far off on what ports connect where.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Goto page Previous  1, 2, 3, 4, 5 ... 9, 10, 11  Next Display posts from previous:    Page 4 of 11
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum