[malbers15]

Hi all,

I would like to place both Wifi interfaces (that is, 2.4Ghz wl0/eth1 and 5ghz wl1/eth2) and physical ethernet port 4 (on the back of the device) on the same VLAN. I only need OSI layer 2 connectivity in this entire VLAN, and no OSI layer 3 stuff is needed, such as IP addresses or subnet information. Also, I would like the rest of the switch ports and the router to behave the same, as if they were in out-of-the-box basic router/firewall mode. Another way to say this is that once the new VLAN for the wifi and ethernet port 4 is ready, the whole box should function normally in out-of-the-box router mode, but an ethernet cable would now be needed to jump port 4 to port 1, 2, or 3 in order for clients on the new VLAN to get IP/DHCP connectivity.

I have attempted this already following instructions but the closest I came was only being able to remove the wifi interfaces from br0 and add them to a new one br1, but I could not get communication going when I added ethernet port 4 to a vlan on br1.


I hope I have explained adequately. Any help would be greatly appreciated and please, feel free to ask questions.


TP-Link Archer C9, v1
r44251 (08/27/20)

[Per Yngve Berg]

What is your goal here? I don't see a reason to jump ports on the switch.

[malbers15]

I have a centralized enterprise switch I run my house network off of which has many more ports than the DDWRT router. I have all connections running though this HP Procurve, as well as some VLANs on it and a port monitoring port for the whole switch as well.

I need to be able to monitor the Wireless interfaces as well, so I need to send all the layer 2 traffic to the switch.

In regards to your question, the end result where the ethernet cable jump being needed to get wifi interface layer 3 connectivity to the NAT and firewall as the end result would effectively prove what I needed was occurring, and then my switch can replace the jump.

This sounds like a fun problem to solve and I am sure there are others on this forum who would benefit from knowing how to configure this way (in my initial question).

Please let me know if I need to provide more clarity on the setup requested.

[Per Yngve Berg]

Did you connect the correct port. Port 4 in software is port 1 on the casing.

I don't think this is going to work.

If you are looking for traffic measurement, look into Yamon.

My Asus RT-AC66U also have Zabbix client included. As TP-link is low on flash memory, it may not be included.

[egc]

I am also not sure if this can work.

But you could try the following:
Make a new bridge like Br1.
Treat this bridge as of it is a Wireless Access point ( https://wiki.dd-wrt.com/wiki/index.php/Wireless_Access_Point ) so unbridge it and give it an IP address in the subnet, do not setup a DHCP server.
Set the radio's and the LAN port 4 on this bridge.

Now if you connect the LAN port 4 to another port you should be good (I hope)

[malbers15]

Thank you for the suggestions, but this really should work shouldn't it? I mean, VLANS all operate at an OSI layer 2 level, which is equivalent to the link layer in Wifi and the link layer in the switch itself.
https://www.redscan.com/news/the-anatomy-of-a-vlan/#:~:text=VLANs%20work%20at%20layer%202,mapping%20held%20within%20the%20bridge.

Also, if I set an IP on the bridge, wouldn't it then act as a gateway, causing a layer 3 traversal problem from the same subnet to the same subnet? I would like to have everything connected at the layer 2 switch level only between the 2 wifi interfaces and port 4 on the switch, which by definition should need no IP information.

Also, I did not know that the ethernet ports on the back of the router are not equivalent to the port numbers in the DDWRT VLAN menu; is this the up to date documentation on that?
https://wiki.dd-wrt.com/wiki/index.php/Switched_Ports


Thank you for your help thus far and for any more help provided.

[egc]

That is why I suggested to use an IP address in the same subnet so it will support layer two connectivity just like a WAP.

[malbers15]

Hi egc,

Thanks for the reply. I understand why you suggested that, but OSI layer 2 connectivity is completely agnostic of layer 3 TCP/IP functionality, that's why I am confused as to why an IP address would even be needed. Layer 3 builds on layer 2, but layer 2 never accesses or needs layer 3 to function:
https://www.imperva.com/learn/application-security/osi-model/#:~:text=OSI%20is%20a%20generic%2C%20protocol,to%20enable%20any%20data%20communication.
https://docs.oracle.com/cd/E19683-01/806-4075/ipov-7/index.html

I also implement VLANs are various switches without any TCP/IP info. So, this is why I am confused and just looking to understand. Shouldn't this be implementable without any layer 3 settings such as the IP address you mention since we are only focusing on layer 2 connectivity?

Thank you for continuing the discussion!

[malbers15]

Hi all,

Does anyone know how to configure this without any layer 3 information? VLANs are layer 2 and no IP addresses should be required to set this up (an isolated layer 2 VLAN connection only between wl0, wl1, and physical switch port 4 on the back of the router).

Thanks in advance!

[egc]

Your question has already been answered.
All the switches are using ethernet which supports VLANs, wireless does not support that so you have to bridge that with a bridge.

In this way you make a layer 2 connection

See for an example: https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1185512

[malbers15]