R7000 VLAN help

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
View previous topic :: View next topic  
Author Message
^x3I*I$3%lb7T9
DD-WRT Novice


Joined: 02 Dec 2019
Posts: 12
PostPosted: Mon Feb 10, 2020 0:30    Post subject: R7000 VLAN help Reply with quote
Router: R7000
DD-WRT: 42287 (2/6/2020)

I'm trying to setup vlans but having difficulty. My goal is:
    192.168.1.1/24 - vlan1 --- vap1 - ports 0,1,2
    192.168.2.1/24 - vlan12 - vap2 - no ports
    192.168.3.1/24 - vlan13 - vap3 - port 3
    192.168.4.1/24 - vlan14 - vap4 - port 4

R7000 default settings:
vlan1ports=1 2 3 4 5*
vlan2ports=0 5u

port0vlans=2
port1vlans=1
port2vlans=1
port3vlans=1
port4vlans=1
port5vlans=1 2 16

vlan1hwname=et0
vlan2hwname=et0


ssh code:
nvram set vlan12hwname=et0
nvram set vlan13hwname=et0
nvram set vlan14hwname=et0
nvram set vlan1ports="1 2 5*"
nvram set vlan12ports="1t 5*"
nvram set vlan13ports="1t 3 5*"
nvram set vlan14ports="1t 4 5*"
nvram set port1vlans=1 12 13 14 16
nvram set port2vlans=1
nvram set port3vlans=13
nvram set port4vlans=14
nvram set port5vlans="1 2 12 13 14 16"
nvram commit
reboot


R7000 new settings:
vlan12ports=1t 5*
vlan13ports=1t 3 5*
vlan14ports=1t 4 5*
vlan1ports=1 2 5*
vlan2ports=0 5u

port0vlans=2
port1vlans=1
port2vlans=1
port3vlans=13
port4vlans=14
port5vlans=1 2 12 13 14 16

vlan12hwname=et0
vlan13hwname=et0
vlan14hwname=et0
vlan1hwname=et0
vlan2hwname=et0

Q1) Does anyone see any mistakes in the SSH?
Q2) I'm running pfSense so do i still need DD-WRT IPtables for rules?
Back to top View user's profile Send private message
Sponsor
comdat
DD-WRT Novice


Joined: 10 Feb 2020
Posts: 2
PostPosted: Mon Feb 10, 2020 16:02    Post subject: Re: R7000 VLAN help Reply with quote
^x3I*I$3%lb7T9 wrote:
Router: R7000
DD-WRT: 42287 (2/6/2020)

I'm trying to setup vlans but having difficulty. My goal is:
    192.168.1.1/24 - vlan1 --- vap1 - ports 0,1,2
    192.168.2.1/24 - vlan12 - vap2 - no ports
    192.168.3.1/24 - vlan13 - vap3 - port 3
    192.168.4.1/24 - vlan14 - vap4 - port 4

R7000 default settings:
vlan1ports=1 2 3 4 5*
vlan2ports=0 5u

port0vlans=2
port1vlans=1
port2vlans=1
port3vlans=1
port4vlans=1
port5vlans=1 2 16

vlan1hwname=et0
vlan2hwname=et0


ssh code:
nvram set vlan12hwname=et0
nvram set vlan13hwname=et0
nvram set vlan14hwname=et0
nvram set vlan1ports="1 2 5*"
nvram set vlan12ports="1t 5*"
nvram set vlan13ports="1t 3 5*"
nvram set vlan14ports="1t 4 5*"
nvram set port1vlans=1 12 13 14 16
nvram set port2vlans=1
nvram set port3vlans=13
nvram set port4vlans=14
nvram set port5vlans="1 2 12 13 14 16"
nvram commit
reboot


R7000 new settings:
vlan12ports=1t 5*
vlan13ports=1t 3 5*
vlan14ports=1t 4 5*
vlan1ports=1 2 5*
vlan2ports=0 5u

port0vlans=2
port1vlans=1
port2vlans=1
port3vlans=13
port4vlans=14
port5vlans=1 2 12 13 14 16

vlan12hwname=et0
vlan13hwname=et0
vlan14hwname=et0
vlan1hwname=et0
vlan2hwname=et0

Q1) Does anyone see any mistakes in the SSH?
Q2) I'm running pfSense so do i still need DD-WRT IPtables for rules?


I spent the weekend learning all about the process of creating VLANs on my R7000, so I am by no means an expert, but I'm pretty sure I have the gist.

I believe that the egress port must be included in the trunk and all that must be assigned to a bridge. Untagged is for a vlan to be transparent to the occupants.

Try this
Code:
nvram set vlan1ports="1t 2 5*"


Let me know how that works for you.

Also, remember that you have to assign those vlans and vaps to a bridge.

I used four bridges to separate the traffic from each other, then out to an edgerouter via port0 which handles DHCP.

I'm not familiar with pfsense, however in my edgerouter I set firewall rules to prevent the vlans from being able to route to each other without specific configuration.
Back to top View user's profile Send private message
^x3I*I$3%lb7T9
DD-WRT Novice


Joined: 02 Dec 2019
Posts: 12
PostPosted: Mon Feb 10, 2020 17:31    Post subject: Re: R7000 VLAN help Reply with quote
comdat wrote:
Try this
Code:
nvram set vlan1ports="1t 2 5*"


Let me know how that works for you.

Also, remember that you have to assign those vlans and vaps to a bridge.



I will try this hopefully tonite. Something w/ pfSense blew up last night so I have to go through my setup to fix it or recreate some of it.


Yes, I assigned the VLANs & VAPs to each bridge.
ex: BR1 has Vlan12 + vap0.1, BR2 has Vlan13 + vap0.2. (2.4g is disabled so only the 5g need assigned in my case).
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway
PostPosted: Mon Feb 10, 2020 20:33    Post subject: Reply with quote
nvram set vlan1ports="1t 2 5*"

The port must also be tagged for VLAN 1 on pfSense.
Back to top View user's profile Send private message
^x3I*I$3%lb7T9
DD-WRT Novice


Joined: 02 Dec 2019
Posts: 12
PostPosted: Tue Feb 11, 2020 2:14    Post subject: Reply with quote
Per Yngve Berg wrote:
The port must also be tagged for VLAN 1 on pfSense.


it appears its tagged as 1 by default however the next page says to avoid vlan 1.. https://docs.netgate.com/pfsense/en/latest/book/vlan/terminology.html

looks like a problem for another day..
Back to top View user's profile Send private message
comdat
DD-WRT Novice


Joined: 10 Feb 2020
Posts: 2
PostPosted: Tue Feb 11, 2020 13:23    Post subject: Reply with quote
^x3I*I$3%lb7T9 wrote:
Per Yngve Berg wrote:
The port must also be tagged for VLAN 1 on pfSense.


it appears its tagged as 1 by default however the next page says to avoid vlan 1.. https://docs.netgate.com/pfsense/en/latest/book/vlan/terminology.html

looks like a problem for another day..


Just choose another unused vlan if you must avoid vlan1.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum