VLAN Detached Networks on R9000

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6 ... 9, 10, 11  Next
Author Message
lh-reg
DD-WRT Novice


Joined: 03 Mar 2021
Posts: 4

PostPosted: Wed Mar 03, 2021 20:23    Post subject: Reply with quote
kernel-panic69 wrote:
Awesome stuff. The only thing is, we would still need to figure out how to figure in eth0 (WAN port), but this is good progress. I haven't really messed around with this since my wireless interfaces took a dump, but it looks like some of my logic wasn't far off on what ports connect where.


Yes, I posted back to this thread as it was all the hard work done here that helped me get it up and running - standing on the shoulders of giants.

Do you mean the WAN port or the SFP port? I think eth0 is the SFP port and I haven't played with that. The WAN port can be joined into the VLANS quite easily (I'm using it as my trunk port).
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Wed Mar 03, 2021 20:43    Post subject: Reply with quote
The SFP port is one switch, the LAN ports are the other. The WAN port is separate. That is my best understanding of the hardware as it is configured.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Nuor
DD-WRT User


Joined: 20 Apr 2015
Posts: 114

PostPosted: Thu Mar 04, 2021 1:15    Post subject: Reply with quote
Since Wan is already on vlan2 why not start by assigning Lan port1 to vlan2.

Not certain what is needed to allow aggregation between Lan port1(added Wan) and normal Wan so as to allow 2 (1) gig aggregated connection from a modem to these two ports. Say to enable 2gig comcast support. But I'd imagine it is possible. Switch Config certainly recognizes a 1 gig signal on Lanport1 when plugged in to port2 on my modem if lanport1 is assigned to vlan2.

edit: What would something like this do?
#sleep 8

## Setup VLANS

## Switch0 Config
#swconfig dev switch0 set enable_vlan 1
#swconfig dev switch0 vlan 1 set ports "0t 1 4t 6t"
####swconfig dev switch0 vlan 2 set ports "2 5t"
#or
#swconfig dev switch0 vlan 2 set ports "2 3 5t"

#swconfig dev switch0 set apply

## Switch1 Config
#swconfig dev switch1 set enable_vlan 1
#swconfig dev switch1 vlan 1 set ports "0t 1 2 3 4 5t"
#swconfig dev switch1 set apply

seems to me it would make Lanport1 another Wan (connected to vlan2)

edit2:#nvram set vlan1ports="0t 1t 2 3 4 5 6" #Is this also needed to add wan tag for port1 vlan1?
lh-reg
DD-WRT Novice


Joined: 03 Mar 2021
Posts: 4

PostPosted: Sat Mar 06, 2021 22:13    Post subject: Reply with quote
Nuor wrote:
Since Wan is already on vlan2 why not start by assigning Lan port1 to vlan2.

Not certain what is needed to allow aggregation between Lan port1(added Wan) and normal Wan so as to allow 2 (1) gig aggregated connection from a modem to these two ports. Say to enable 2gig comcast support. But I'd imagine it is possible. Switch Config certainly recognizes a 1 gig signal on Lanport1 when plugged in to port2 on my modem if lanport1 is assigned to vlan2.

edit: What would something like this do?
#sleep 8

## Setup VLANS

## Switch0 Config
#swconfig dev switch0 set enable_vlan 1
#swconfig dev switch0 vlan 1 set ports "0t 1 4t 6t"
####swconfig dev switch0 vlan 2 set ports "2 5t"
#or
#swconfig dev switch0 vlan 2 set ports "2 3 5t"

#swconfig dev switch0 set apply

## Switch1 Config
#swconfig dev switch1 set enable_vlan 1
#swconfig dev switch1 vlan 1 set ports "0t 1 2 3 4 5t"
#swconfig dev switch1 set apply

seems to me it would make Lanport1 another Wan (connected to vlan2)

edit2:#nvram set vlan1ports="0t 1t 2 3 4 5 6" #Is this also needed to add wan tag for port1 vlan1?


The above would put the WAN and LAN 1 ports together on the WAN side and all the other ports on the standard LAN I think.
Nuor
DD-WRT User


Joined: 20 Apr 2015
Posts: 114

PostPosted: Sun Mar 07, 2021 0:53    Post subject: Reply with quote
lh-reg wrote:
The above would put the WAN and LAN 1 ports together on the WAN side and all the other ports on the standard LAN I think.


Assuming this works. I don't know that dd-wrt bonding interface allows LACP 802.3ad to be assigned to each WAN port individually; first to vlan2, second to eth2? (Both appear as slave bond interface options). If so would it even work with comcast's current modem LAG firmware?

I'd probably test it if I had access to a 2 gig connection.
Br1ck3r
DD-WRT Novice


Joined: 20 Jul 2021
Posts: 2

PostPosted: Tue Jul 20, 2021 21:55    Post subject: Reply with quote
lh-reg wrote:
It is possible to get VLANs working on the R9000 switch ports. It took me a while to figure it out, but I have done it successfully to bridge 3 wireless networks (1 physical and 2 VAPs) to relevant VLANs and have a management VLAN. I ended up leaving VLAN1 and VLAN2 alone and setting up new VLANs 4 - LAN, 8 - Guest, 12 - IoT & 15 - Management.

I created the wireless networks, VLANs and bridges in the GUI first, then used swconfig to assign the VLANs to specific ports. I am using this as an AP only, so I've assigned my WAN port as my trunked port to connect to the rest of the network.

My startup script is:

Code:
sleep 8

# Setup VLANS

# Switch0 Config
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "0t 4t 6t"
swconfig dev switch0 vlan 2 set ports "5t"
swconfig dev switch0 vlan 4 set ports "0t 1 2 3t 4t 6t"
swconfig dev switch0 vlan 8 set ports "0t 3t 4t 6t"
swconfig dev switch0 vlan 12 set ports "0t 3t 4t 6t"
swconfig dev switch0 vlan 15 set ports "0t 3t 4t 6t"
swconfig dev switch0 set apply

# Switch1 Config
swconfig dev switch1 set enable_vlan 1
swconfig dev switch1 vlan 1 set ports "0t 5t"
swconfig dev switch1 vlan 4 set ports "0t 2 5t"
swconfig dev switch1 vlan 8 set ports "0t 4 5t"
swconfig dev switch1 vlan 12 set ports "0t 3 5t"
swconfig dev switch1 vlan 15 set ports "0t 1 5t"
swconfig dev switch1 set apply


This sets the WAN port to be the trunked port, LAN ports 1, 2 & 5, Guest port 3, IoT port 4 and management port 6. This isn't actually my final setup, but it's what I used for testing.

Hope this helps someone else. I have done a full blog post as to how I set it all up here: https://smart-home-project.blogspot.com/2021/03/netgear-r9000-x10-vlans-on-dd-wrt.html, but the config above should get you there.


Hey lh-reg, I followed your tutorial in the blog but I found issues during the `swconfig dev` part. After the commands I'm locked out from the router.

My setup is slightly different than yours: I'm using the R9000 as a router, with the built-in DHCP.
Can you please help me?

Or, if there's someone that managed to create VLANs with the R9000, can please guide me?

After several days of trying, I just performed a factory reset, waiting for someone to help me.

Thanks in advance.
tdx79
DD-WRT Novice


Joined: 17 Dec 2017
Posts: 20

PostPosted: Mon Jan 03, 2022 15:18    Post subject: Reply with quote
lh-reg wrote:
kernel-panic69 wrote:
Awesome stuff. The only thing is, we would still need to figure out how to figure in eth0 (WAN port), but this is good progress. I haven't really messed around with this since my wireless interfaces took a dump, but it looks like some of my logic wasn't far off on what ports connect where.


Yes, I posted back to this thread as it was all the hard work done here that helped me get it up and running - standing on the shoulders of giants.

Do you mean the WAN port or the SFP port? I think eth0 is the SFP port and I haven't played with that. The WAN port can be joined into the VLANS quite easily (I'm using it as my trunk port).


Hi.
Did someone manage to get SFP port working as VLAN trunk for the the LAN switch? I followed all the tutorials using WAN port (physical port) as VLANS trunk, and got the LAN ports working (different VLANs assigned to different ports), but no way to get DHCP working on VAP. Instead, using the SFP port as VLANS trunk did let me use VAP…but I’ve lost the LAN ports (DHCP not assigned).
Using both SFP and WAN at the same time is the only way to have both VAPs and LAN ports working (weird behavior of the R9000), but following this route I obviously cannot get more than 1gbps for the LAN switch (10gbps assigned to VAPs via SFP), which was the main reason I wanted to install dd-wrt.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Mon Jan 03, 2022 17:16    Post subject: Reply with quote
did you managed to make the SFP port..it has very narrow SFP hardware modules compatibility, witch SFP do you use atm...

The current DDWRT SFP detached guide must make SFP port as an extra VLan as the SFP port is not hardware linked to the rest of the switch...if im not wrong..i never made it to work as my SFP module was not compatible...

If its not a secret, could you share your start up script as you mentioned you made it to isolate VLAN to separated physical LAN (switch) ports...is it working...as a separated subnet with own IP/mask, DHCP and DNS...??

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6856
Location: Romerike, Norway

PostPosted: Mon Jan 03, 2022 18:31    Post subject: Reply with quote
They must be connected with a bridge (brX) for each VLAN.
tdx79
DD-WRT Novice


Joined: 17 Dec 2017
Posts: 20

PostPosted: Mon Jan 03, 2022 18:56    Post subject: Reply with quote
Alozaros wrote:
did you managed to make the SFP port..it has very narrow SFP hardware modules compatibility, witch SFP do you use atm...

The current DDWRT SFP detached guide must make SFP port as an extra VLan as the SFP port is not hardware linked to the rest of the switch...if im not wrong..i never made it to work as my SFP module was not compatible...

If its not a secret, could you share your start up script as you mentioned you made it to isolate VLAN to separated physical LAN (switch) ports...is it working...as a separated subnet with own IP/mask, DHCP and DNS...??



I'm currently using 2x "10G Netgear SFP+ AXM761-10000S" modules to link my R9000 with a Netgear XS708T, and also tested "Netgear 10GBe SFP+ model AXC763-10000S cable" between them. Both solutions perfectly work with dd-wrt and native Netgear firmwares.

I did follow the guide posted by lh-reg (please forgive me I cannot tag names, but thank you so much for the helpful guide) at page 4 of this topic (complete guide link available at his signature) in my CONFIG TEST1, and also tested another way to create vlans on eth0 sfp+ port (CONFIG TEST2).

My setup consists of following VLANs created on pfSense (trunked to Netgear XS708T switch, and then trunked again to the R9000 via SFP+):

VLAN 5 (VPN)
VLAN 6 (CLEARNET)
[..]
VLAN 10 (MANAGEMENT)
[..]
VLAN 12 (IOT)


-------------------------CONFIG TEST1-------------------------

After following the setup guide, I had to modify the nvram and swconfig (using vlan 5 instead of 4, vlan 6 instead of 8, vlan 10 instead of 15):

NVRAM commands:

nvram set vlan5ports="0t 1 2 5"
nvram set vlan6ports="0t 3 5"
nvram set vlan12ports="0t 4 5"
nvram set vlan10ports="0t 6 5"

nvram set port0vlans="1 2 5 6 12 10 16"
nvram set port1vlans="5"
nvram set port2vlans="5"
nvram set port3vlans="6"
nvram set port4vlans="12"
nvram set port5vlans="1 2"
nvram set port6vlans="10"
nvram set port7vlans="1 2 5 6 12 10 16"

nvram set vlan5hwname=et0
nvram set vlan6hwname=et0
nvram set vlan10hwname=et0
nvram set vlan12hwname=et0

nvram set apply


SWCONFIG stratup script:
sleep 8
# Switch0 Config
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "0t 4t 6t"
swconfig dev switch0 vlan 2 set ports "5t"
swconfig dev switch0 vlan 5 set ports "0t 1 2 3t 4t 6t"
swconfig dev switch0 vlan 6 set ports "0t 3t 4t 6t"
swconfig dev switch0 vlan 12 set ports "0t 3t 4t 6t"
swconfig dev switch0 vlan 10 set ports "0t 3t 4t 6t"
swconfig dev switch0 set apply
# Switch1 Config
swconfig dev switch1 set enable_vlan 1
swconfig dev switch1 vlan 1 set ports "0t 5t"
swconfig dev switch1 vlan 5 set ports "0t 2 5t"
swconfig dev switch1 vlan 6 set ports "0t 4 5t"
swconfig dev switch1 vlan 12 set ports "0t 3 5t"
swconfig dev switch1 vlan 10 set ports "0t 1 5t"
swconfig dev switch1 set apply

[img]https://prnt.sc/25uukg3[/img]

-------------------------CONFIG TEST2-------------------------

Instead of creating vlans in the "switch config" tab within dd-wrt, I tried creating vlans withing the "networking" tab, so I did add multiple vlan entries at the top "VALN Tagging" section and assigned to eth= (vlans 1,2,5,6,10,16). I also did segregate eth0 port (unbridge option + net isolation, giving it the 10.13.10.254/24 instead of 10.13.10.253 used by the R9000). Dns and gateway are provided by pfSense for all the VLANs.

The reason I tried the second config test is that I could not use the lan ports: when starting the config test 2 with sfp module connected to the switch and to pfSense, all the lan ports got a dhcp address 10.13.10.x (VLAN 10) probably bacause the VLAN 10 has a pvid 10 at the switch. After segregating the eth0 port, lan ports lost the 10.13.10.x ip address.

[img]https://prnt.sc/25uty05[/img]



As I said before, I've never managed to get both the VAPs and LAN ports working together, neither using SFP+ port neither using the WAN port as trunk connection to the XS708T switch (I obviously erased firmware, nvram, tried another R9000 router, tried another switch, tried another brand new pfSense setup). So, to get both the wifi and lan VLANs working together, I must use a double trunk connection (SFP+ and the WAN) to the switch (SFP+ takes care of VAP, WAN of the lan ports).
[/quote]
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Mon Jan 03, 2022 21:27    Post subject: Reply with quote
So people can see the screenshots since Lightshot doesn't support proper IMG tags:




_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net


Last edited by kernel-panic69 on Mon Jan 03, 2022 23:09; edited 1 time in total
tdx79
DD-WRT Novice


Joined: 17 Dec 2017
Posts: 20

PostPosted: Mon Jan 03, 2022 21:47    Post subject: Reply with quote
kernel-panic69 wrote:
So people can see the screenshots since Lightshot doesn't support proper IMG tags:




Sorry for that
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Mon Jan 03, 2022 23:10    Post subject: Reply with quote
Sorry for being rude.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Tue Jan 04, 2022 3:17    Post subject: Reply with quote
tdx79 wrote:
[img]https://prnt.sc/25uty05[/img]

just poured another cup of coffee so WTH...
...easy for others to have a looky Twisted Evil
DWCruiser
DD-WRT User


Joined: 15 Aug 2016
Posts: 223
Location: Melbourne, Australia

PostPosted: Mon May 09, 2022 3:26    Post subject: Reply with quote
A Netgear R9000 came into my possession recently. And i researched about it online. My research went to various places. Numerous other posts by various posters, together with VLAN settings on my current R7800 shed a good light on the path to my VLAN solution.

The only way (i think) to make VLANs work as 'normally' as possible on R9000 is placing them on bridges. But then not totally on bridge if i can put it that way.

In a nutshell, Netgear R9000 is an unusual wireless router (with two internal switches) that it requires an unusual approach to tackle it. I call it the Recalcitrant R9000.

See attached PDF file. It's 5-page long.



I spent nearly two weeks on resolving it. So it should cover most relevant issues that i'm aware of. Especially for those not familiar with R9000. Lost a few hairs in the process so you don't have to. Smile

P.S. Need to sign in to see the attached PDF file.

_________________
Life is a journey; travel alone makes it less enjoyable and lonely.


Last edited by DWCruiser on Wed Aug 23, 2023 23:14; edited 12 times in total
Goto page Previous  1, 2, 3, 4, 5, 6 ... 9, 10, 11  Next Display posts from previous:    Page 5 of 11
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum