WRT3200ACM - VLAN has no internet connection [SOLVED]

Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Author Message
5t0ne
DD-WRT Novice


Joined: 23 Nov 2019
Posts: 5

PostPosted: Sat Apr 10, 2021 13:03    Post subject: WRT3200ACM - VLAN has no internet connection [SOLVED] Reply with quote
Hi,

I'm pretty sure I'm missing something very obvious, but for some reason I'm not able to access any public website from my newly created vlan.

I followed the excellent guide of SurprisedItWorks https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317199 to get up and running with vlans. The goal was to create a separated vlan for my homelab, to isolate it from my main day-to-day network.

As of now my main vlan (vlan1) is working as expected, and the vlan for my homelab (vlan30) is providing ip addresses as expected via dhcp, but no access to the internet.

I'm on DD-WRT v3.0-r45735 on the said router.
My startup config looks as follows:

Code:

#split switch to tagged vlan and create separate vlan
 swconfig dev switch0 set reset 1
 swconfig dev switch0 set enable_vlan 1
#set WAN to vlan10, as we are sending untagged we can use eth0
 swconfig dev switch0 vlan 10 set ports "4 5"
 swconfig dev switch0 vlan 1 set ports "0 1 2t 3 6"
 swconfig dev switch0 vlan 30 set ports "2t 0 6t"
 swconfig dev switch0 set apply

 vconfig set_name_type VLAN_PLUS_VID_NO_PAD
 vconfig add eth1 30

 ifconfig vlan30 up

 brctl addif br1 vlan30


Output of swconfig:
Code:

Global attributes:
        enable_vlan: 1
Port 0:
        mask: 0x0000: (0)
        qmode: 3
        pvid: 1
        link: port:0 link:down
Port 1:
        mask: 0x0000: (1)
        qmode: 3
        pvid: 1
        link: port:1 link:down
Port 2:
        mask: 0x0000: (2)
        qmode: 3
        pvid: 0
        link: port:2 link:up speed:1000baseT full-duplex
Port 3:
        mask: 0x0000: (3)
        qmode: 3
        pvid: 1
        link: port:3 link:up speed:100baseT full-duplex
Port 4:
        mask: 0x0000: (4)
        qmode: 3
        pvid: 10
        link: port:4 link:up speed:1000baseT full-duplex
Port 5:
        mask: 0x0000: (5)
        qmode: 3
        pvid: 10
        link: port:5 link:up speed:1000baseT full-duplex
Port 6:
        mask: 0x0000: (6)
        qmode: 3
        pvid: 1
        link: port:6 link:up speed:1000baseT full-duplex
VLAN 1:
        port_based: 0
        vid: 1
        ports: 0 1 2t 3 6
VLAN 10:
        port_based: 0
        vid: 10
        ports: 4 5
VLAN 30:
        port_based: 0
        vid: 30
        ports: 0 2t 6t


vlan30 is assigned to br1 which has a separate dhcp assigned to it.

The default route is set to the gateway of my provider. And ip tables also doesn't look like it would be blocking :/.

Any ideas what's missing? I'm currently a little bit stuck for a few days now and would be very happy for any help!
Sponsor
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1445
Location: Appalachian mountains, USA

PostPosted: Sun Apr 11, 2021 19:28    Post subject: Reply with quote
In GUI>Setup>Networking in the br1 section, is "Masquerade / NAT" enabled? You won't get internet without it.
_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
5t0ne
DD-WRT Novice


Joined: 23 Nov 2019
Posts: 5

PostPosted: Sun Apr 11, 2021 20:52    Post subject: Reply with quote
Jep. Is enabled. And btw ... thx for your great post on the VLAN and for jumping in here!

I attached the current bridge configuration for reference (is there a better way to share screens?).
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1445
Location: Appalachian mountains, USA

PostPosted: Mon Apr 12, 2021 0:31    Post subject: Reply with quote
So what's the deal with LAN port 2? You seem to be trying to assign it to two VLANs, and your big listing of port status from swconfig shows pid -- primary VID -- of zero. Notice that other ports have pids corresponding to the VLANs they are in. This suggests to me that your port 2 might not actually be in any VLAN.

Please understand though that I am not an expert here. I really haven't paid attention to VLANs in about 2 1/2 years, and my brain isn't sticky enough to remember much from back then! Maybe someone whose experience is more recent or deeper will jump in.

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
5t0ne
DD-WRT Novice


Joined: 23 Nov 2019
Posts: 5

PostPosted: Mon Apr 12, 2021 5:44    Post subject: Reply with quote
As the saying goes ... in the land of the blind, the one-eyed man is king Wink

Port 2 is used as trunk port, that carries both VLAN1 and VLAN30 to a managed switch. To rule out the switch as source of problem, I added Port 0 on the router to VLAN30, to be able to test things first directly on the router.

Nevertheless, based on my observations (VLAN1 seems to work fine behind the switch and I get the correct ip address on the port of the switch that is assigned to VLAN30) I would guess, that this seems to work. I observed the missing internet connection both on the switch and directly on the router.

Apart from that ... do you think I'm missing something for a properly configured trunk port?
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1445
Location: Appalachian mountains, USA

PostPosted: Mon Apr 12, 2021 13:56    Post subject: Reply with quote
Port 0 appears to be in two VLANs also, but without either instance tagged.

(Good thing I'm happy to show my ignorance.)

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
5t0ne
DD-WRT Novice


Joined: 23 Nov 2019
Posts: 5

PostPosted: Mon Apr 12, 2021 14:14    Post subject: Reply with quote
Shocked Really ... stupid me ... fixed it and you know what ... internet works Embarassed. Interesting conclusion is that despite the misconfiguration dhcp worked fine, but just the internet access for the second VLAN was broken ... doesn't feel very consistent for me ...

Nevertheless thx for borrowing your one eye! As I expected ... something stupid simple right in front of my eyes ... Evil or Very Mad

How do we properly mark topics as solved here?
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1445
Location: Appalachian mountains, USA

PostPosted: Mon Apr 12, 2021 17:05    Post subject: Reply with quote
People typically edit the original post to put [Solved] at the beginning of the subject line.

The one eye is curious... was it anything in what you posted? Can we learn something about what not to do from your experience?

(And of course anyone who's coded or configured anything knows all about making dumb errors. We all do it.)

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Mon Apr 12, 2021 17:32    Post subject: Reply with quote
I already edited the OP so the [SOLVED] would fit properly. That is covered in the forum rules and guidelines, as to how to mark topics and why you should.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
5t0ne
DD-WRT Novice


Joined: 23 Nov 2019
Posts: 5

PostPosted: Mon Apr 12, 2021 17:43    Post subject: Reply with quote
Well ... in the end it looks like the misconfiguration with port0 (having it untagged in 2 VLANs) caused the problem. But I don't understand exactly why VLAN1 was working properly and just VLAN30 had problems. Confused So I fear that apart from don't do wrong configurations as they are not working there is not so much to learn.

@kernel-panic69 ... thx for pointing that out and editing!
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1445
Location: Appalachian mountains, USA

PostPosted: Mon Apr 12, 2021 18:19    Post subject: Reply with quote
5t0ne wrote:
Well ... in the end it looks like the misconfiguration with port0 (having it untagged in 2 VLANs) caused the problem. But I don't understand exactly why VLAN1 was working properly and just VLAN30 had problems. Confused So I fear that apart from don't do wrong configurations as they are not working there is not so much to learn.

@kernel-panic69 ... thx for pointing that out and editing!

Thanks. Maybe for someone just figuring it all out will reinforce that a port number can appear in only one VLAN untagged!

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum