[dkca]

This may be a beginner's question since I just started playing with VLAN. And because I am not familiar with the terminology, it is difficult to search for answers.

Long story short... I have a Cisco Meraki AP connected to a PFSense box. One of the SSID has been using VLAN tagging (VLAN42)
LAN: 192.168.1.x
VLAN 42: 192.168.42.x
And everything works fine...

Now I would like to config a DD-WRT box (old Asus RT-AC87R), so that

When I connect the WAN port to the network 192.168.1.x, anything plugged into LAN 1-4 (and connected via WiFi) will "go thru" VLAN42 and obtain IP from the PFSense box (which runs the DHCP server on VLAN42).

For the DD-WRT management IP, I would prefer 192.168.1.x (unless there is a better reason to be on 192.168.42.x as well)

nvram shows:
vlan1ports=1 2 3 5 7*
vlan2ports=0 7u

port0vlans=2
port1vlans=1
port2vlans=1
port3vlans=1
port4vlans=1
port5vlans=1 2 16

vlan1hwname=et1
vlan2hwname=et1

I have tried many different examples I found, and often result in losing access that requires a hard reset.

And after reading many examples and documents, this is what I come up with (but I know it is wrong because it is not working...)

nvram set vlan42hwname=et1
nvram set vlan42ports="0t 1 2 3 5 7*"
nvram set port0vlans=2 42
nvram set port1vlans=1 42
nvram set port2vlans=1 42
nvram set port3vlans=1 42
nvram set port4vlans=1 42
nvram set port5vlans=1 2 16 42
nvram commit


Thanks

[kernel-panic69]

What firmware build are you running on this RT-AC87R?

[dkca]

[kernel-panic69]

Keep in mind, you have to enclose the vlan numbers in quotes. For example, nvram set port0vlans="2 42". Sorry for not seeing that right away. Keep in mind, though, more recent builds after 46446 handle this somewhat differently as noted in the switched ports wiki. You should be able to fully utilize the webUI on more recent builds for this.

[dkca]

[kernel-panic69]

Did you try power cycling it? That function is catch-22 on flashing upgrades, I don't use it. If I do a reset, it is after the router has rebooted. Worst case is you try flashing from mini CFE web server / restoration utility.

https://www.asus.com/us/support/faq/1000814/

https://openwrt.org/toh/asus/rt-ac87u

https://www.snbforums.com/threads/dd-wrt-for-rt-ac87r.22421/

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=266322

[dkca]

Yea, after a bit of fighting managed to unbrick it and now loaded with v3.0-r46640 (05/13/21) instead.

And now, what's next? I don't see much different than the previous version (at least GUI-wise)

Are my initial commands to modify nvram correct? And it *should* work the way I wanted? Is so... Something is not right.

[kernel-panic69]

I'm trying to remember which build is "good", but I don't see how 47618 bricked you. You *should* be able to do everything in the webUI, no command line anything required. But you may have to bump to at least 46885...

[the-joker]

Hi there, just as a reminder.

Never advisable to run old unsupported builds with likely security issues that haven't been patched.

Its your network though, you do as you please.

Good luck though.

[kernel-panic69]

@the-joker: Please read *everything* before commenting. 47618 bricked the device.

[dkca]

For some reasons I don't know why I can't update to newer versions via DDWRT... (I guess that will be another topic)

But long story short, I am now runnning DD-WRT v3.0-r47618 (11/05/21) and WOW! I see what you mean!

So back to my original question, if I want to have everything behind LAN/WLAN appear as if they are on VLAN42.

Do I make my WAN port as a trunk? (Is that the right term?)

If so, what should I config under "Setup->Switch Config"? Have VLAN42 checked for all interfaces? or just "W"? or just 1-4?

And what's the tagged option do?

Do I also need to go "Setup->Basic Setup", under WAN type set to disable? And disable DHCP server as well (because it should be able to obtain DHCP via VLAN42 to the DHCP server on pfSense). Then "Setup->Advance routing", set operating mode to "Router" instead of gateway. That's from another howto document.

.....
The long story about my failed update. I tried to update using "dd-wrt.v24-47618_NEWD-2_K3.x_mega.bin" but seems to bricked the router. So I do the recovery, reinstalled the Asus firmware than flash the "asus_rt-ac87u-firmware.trx" from r47618 build.

[the-joker]

Im glad you managed to flash that version. =)

Depending on machine speed and which method of upgrading firmware used, weird things can happen, I've seen firmware being truncated (by the process), or the flash may take too long and fail, this assuming no user error.

For instance, I have recently repaired the motherboard and recovered an old Atheros Buffalo machine, this machine fails on all normal upgrade methods using the correct webupgrade firmware file 99.999% of the time, only TFTP works by using recovery method as an upgrade method...

I blame it on Physics and Quantum mechanics and Heisenberg's uncertainty principle. Or because it was Tuesday (pick and week day).

Have a nice day.

[dkca]

[|2e4per]

Hey there, it's been a while,

this is were i want to jump in. I made nearly the same experience with slightly diffent setup an two different units.

I do have also a pfSense an on it i run 3 networks.
LAN (default) 192.168.0.x/24
vlan3 192.168.3.x/24
vlan4 192.168.4.x/24

From the pfsense it runs to a cisco sg200 Smartswitch. On the switch everything works as intended. I can put the vlans / trunks as needed, so i assume my pfsense - switch Network fine.

Now i put two Routers on the switch and passed the a trunk Port to the WAN interface of

- a R7000P @ v3.0-r47618 std
- a ArcherC7v4 @ v3.0-r47618 std

What i tried so far via WebUi:

set Port 3 to vlan3
set port 4 to vlan4
set trunking flag on WAN Port for WAN vlan (ether vlan1 on ArcherC7 or vlan2 on R7000P) and Port 3 and port 4

Assigned ip adresses of the correlating net to the vlan3 and vlan4 under the networking tab.

-> Port 3 hands out DHCP leases from pfSense to connected client -> fine. Same to port 4

BUT i loose connectivitiy / access to LAN and on both units.

I tried it several times and i also tried to configure it with nvram and swconfig... no changes. Everytime i loose access to my underlying network.

I figured out, that this is caused as soon as i set the trunk options on the wan port and apply those settings. Even reboot doesn't help.

So from my point of view / understanding the question is why the unit doesn't response to the lan anymore ?

It might that i missed something out, but i also tried putting WAN trunk for vlan 1 (R7000P LAN) and nothing changed. This wouldn't make sence in my opinion due to the fact, that the "normal" LAN traffic isn't tagged anyway.

I think we might have ether the same lag of understanding here or we found an issue. I hope it is the first case.

[dkca]

After fooling around with the setting, and a bit of cron magic (will explain that later).

I have VLAN42 ticked for Port W and 1-4. In addition, I also ticked 'tagged' for Port W.

VLAN2 remain for Port W

Unchecked VLAN1 for all other ports.

Under the "Setup->Basic Setup", I set my Router IP to be in the VLAN42, and WAN connection type=Disabled.

Tested everything seems to work the way I wanted, anything plugged into port 1-4 or connected via WiFi get IPs from pfSense VLAN42. So far so good. BUT, somehow I seem to lost connection to my router IP from time to time. I can't even ping it from pfSense (when I can ping it from another desktop in the same VLAN). Short version, ARP cache expired on pfSense... Simple trick is to setup a cron job to ping my pfSense VLAN42 gateway IP a few times every minute to keep it happy. And that seems to work.