VLANs with pfsense and dd-wrt.

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page 1, 2  Next
Author Message
tipjohn
DD-WRT User


Joined: 17 Dec 2018
Posts: 65

PostPosted: Fri Nov 26, 2021 14:18    Post subject: VLANs with pfsense and dd-wrt. Reply with quote
Hi,
I got to create 2 VLANs in pfSense which in turn is installed in Proxmox as a virtual machine. One of VLANS (VLAN 10) gives connectivity to the Proxmox's internal VMs. So far so good.

https://imgur.com/a/iu3IfdI

This setup already works for the Proxmox internal VMs, which I put on VLAN10.

So, I am going to plug a DD_wrt device (TP-link wr841N v9) to the Proxmox physical NIC and set up VLANs in it.

I'd like to understand how to set the trunk port on port 1, and how I can set VLAN10 on port 2 and 3 and VLAN20 on port 4. Yes, I'll add 2 WLAN in the vlan subnet..but one step at the time

https://imgbox.com/zuhpHk5j

I have already added up to vlan 20 in the page above, but I'm still unsure about what to do next?

Could you please help figure it out? Thanks
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Fri Nov 26, 2021 14:39    Post subject: Reply with quote
VLAN's are router specific so your question does not belong in the General Questions forum.

No problem as I will move this tread for you Smile

It is also very important that you not only state router model but also the build number (and kernel version if there are more than one kernel versions for your router)

See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
tipjohn
DD-WRT User


Joined: 17 Dec 2018
Posts: 65

PostPosted: Fri Nov 26, 2021 15:09    Post subject: Reply with quote
egc wrote:
VLAN's are router specific so your question does not belong in the General Questions forum.

No problem as I will move this tread for you Smile

It is also very important that you not only state router model but also the build number (and kernel version if there are more than one kernel versions for your router)

See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


ok thanks,

My devices is this one:
https://wiki.dd-wrt.com/wiki/index.php/TP-Link_TL-WR841nd_v9


model: WR841ND
h.w rev: 9.x
FCC ID: TE7 WR841NXV9
Platform: Qualcomm QCA9533@550

ram: 32MB
flash: 4MB

Wireless NIC: SOC@20dBm

The dd-wrt firmware I installed is: V3.0-r47618 std(11/05/2021)
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Fri Nov 26, 2021 15:47    Post subject: Reply with quote
tipjohn unfortunately, im afraid to let you know that your device is very basic and has a dumb switch..
so, VLAN segmentation is not possible...as far as i know...especially on 4MB flash size routers where they lack of services and options due to a limited flash size...
For VLAN switch ports segregation/tagging, you need a better higher class router...
I do have 3 different routers that supports it, lower class first:
Tp-link 1043v2, Netgear R7000, Netgear 7800..

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
tipjohn
DD-WRT User


Joined: 17 Dec 2018
Posts: 65

PostPosted: Fri Nov 26, 2021 16:22    Post subject: Reply with quote
Alozaros wrote:
tipjohn unfortunately, im afraid to let you know that your device is very basic and has a dumb switch..
so, VLAN segmentation is not possible...as far as i know...especially on 4MB flash size routers where they lack of services and options due to a limited flash size...
For VLAN switch ports segregation/tagging, you need a better higher class router...
I do have 3 different routers that supports it, lower class first:
Tp-link 1043v2, Netgear R7000, Netgear 7800..


Crying or Very sad

Thnak you
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Fri Nov 26, 2021 18:41    Post subject: Reply with quote
The only way to verify VLAN capability as far as I know is checking for swconfig presence and support. What is the output of 'swconfig list' via telnet/ssh? Whatever device name(s) it lists, then issue a 'swconfig dev (devicename) show'. Is this not one of the devices that requires the startup script for the LAN ports to talk to one another? I have a 940N v3 (941N v6) - among a number of other devices - that uses the startup script and it's only a 4MB flash device.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Fri Nov 26, 2021 21:53    Post subject: Reply with quote
kernel-panic69 wrote:
The only way to verify VLAN capability as far as I know is checking for swconfig presence and support. What is the output of 'swconfig list' via telnet/ssh? Whatever device name(s) it lists, then issue a 'swconfig dev (devicename) show'. Is this not one of the devices that requires the startup script for the LAN ports to talk to one another? I have a 940N v3 (941N v6) - among a number of other devices - that uses the startup script and it's only a 4MB flash device.


i was playing with WR84xx series and was not capable...of vlan segmentation, as well it doesn't have enough ram...

it was ages ago and someone said it has a dumb switch...
the presence of swconfig will not make the dumb switch capable of vlan segregation...but you can go on a goose chase, check your WR94xx if its capable of VLAN by port and surprise us....? Ill be very happy if so..
I believe the lowest capable is 1043v2 , already tested 740xx, 84xx just haven't tried on 94xx... Rolling Eyes

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Sat Nov 27, 2021 0:56    Post subject: Reply with quote
You wouldn't be able to use the startup script to link the ports so they talk to each other if vlan support wasn't enabled. This may have not been possible before, it may have changed again, but the 940v3 in question is employed as a wired AP elsewhere ATM. I will check it sometime this weekend...
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
tipjohn
DD-WRT User


Joined: 17 Dec 2018
Posts: 65

PostPosted: Sat Nov 27, 2021 8:35    Post subject: Reply with quote
kernel-panic69 wrote:
The only way to verify VLAN capability as far as I know is checking for swconfig presence and support. What is the output of 'swconfig list' via telnet/ssh? Whatever device name(s) it lists, then issue a 'swconfig dev (devicename) show'. Is this not one of the devices that requires the startup script for the LAN ports to talk to one another? I have a 940N v3 (941N v6) - among a number of other devices - that uses the startup script and it's only a 4MB flash device.


I used the command shell in DD-wrt itself since I got some problems at loggin via telnet (it seems that ssh is not suspported.

I ran "swconfig list" first:

Code:
found: switch0 - eth0


then "swconfig dev eth0 show":

Code:
Global attributes:
   enable_vlan: 0
   mirror_monitor_port: 15
Port 0:
   enable_mirror_rx: 0
   enable_mirror_tx: 0
   pvid: 0
   link: port:0 link:up speed:1000baseT full-duplex txflow rxflow
Port 1:
   enable_mirror_rx: 0
   enable_mirror_tx: 0
   pvid: 0
   link: port:1 link:up speed:100baseT full-duplex auto
Port 2:
   enable_mirror_rx: 0
   enable_mirror_tx: 0
   pvid: 0
   link: port:2 link:down
Port 3:
   enable_mirror_rx: 0
   enable_mirror_tx: 0
   pvid: 0
   link: port:3 link:down
Port 4:
   enable_mirror_rx: 0
   enable_mirror_tx: 0
   pvid: 0
   link: port:4 link:down
VLAN 0:
   vid: 0
   ports: 0 1 2 3 4



Thanks
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Sat Nov 27, 2021 8:47    Post subject: Reply with quote
well , i would be pleasantly surprised if you make any success... on TP-link 84xx series

here is the Vlan guide i used on my R7800 and 1043v2
for Vlan segmentation https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=313472&postdays=0&postorder=asc&start=0
Good Luck Cool

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
tipjohn
DD-WRT User


Joined: 17 Dec 2018
Posts: 65

PostPosted: Sat Nov 27, 2021 9:03    Post subject: Reply with quote
Alozaros wrote:
well , i would be pleasantly surprised if you make any success... on TP-link 84xx series

here is the Vlan guide i used on my R7800 and 1043v2
for Vlan segmentation https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=313472&postdays=0&postorder=asc&start=0
Good Luck Cool


ok,
but the output above what exactly says?
Is my dd-wrt device VLAN capable at least?

Anyway, I am totally aware that making it work properly is going to be a complete different thing(call it ordeal if you like Smile)

Thanks
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Sat Nov 27, 2021 17:54    Post subject: Reply with quote
Interesting that it has eth0 and switch0 and that eth0 shows what looks like the output of switch0 should be. What is the output of swconfig dev switch0 show? FYI, telnet / ssh is enabled disabled on the "Services" tab, and you should have the ability to enable or disable both. I have ssh on my TL-WR940Nv3. Using the webUI commands input can be a little tricky. This shows that vlan(s) is(are) not enabled by default, if I am not mistaken:
Code:
Global attributes:
   enable_vlan: 0
   mirror_monitor_port: 15

Do your ethernet ports talk to one another properly? Can you ping back and forth between wired clients, etc?

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
tipjohn
DD-WRT User


Joined: 17 Dec 2018
Posts: 65

PostPosted: Sat Nov 27, 2021 19:46    Post subject: Reply with quote
kernel-panic69 wrote:
Interesting that it has eth0 and switch0 and that eth0 shows what looks like the output of switch0 should be. What is the output of swconfig dev switch0 show? FYI, telnet / ssh is enabled disabled on the "Services" tab, and you should have the ability to enable or disable both. I have ssh on my TL-WR940Nv3. Using the webUI commands input can be a little tricky. This shows that vlan(s) is(are) not enabled by default, if I am not mistaken:
Code:
Global attributes:
   enable_vlan: 0
   mirror_monitor_port: 15

Do your ethernet ports talk to one another properly? Can you ping back and forth between wired clients, etc?



ok, I can open a ssh session with the dd-wrt device.

I ran the command "swconfig dev switch0 show"


Code:

root@DD-2:~# swconfig dev switch0 show
Global attributes:
        enable_vlan: 0
        mirror_monitor_port: 15
Port 0:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:0 link:up speed:1000baseT full-duplex txflow rxflow
Port 1:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:1 link:down
Port 2:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:2 link:up speed:100baseT full-duplex auto
Port 3:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:3 link:down
Port 4:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:4 link:down
VLAN 0:
        vid: 0
        ports: 0 1 2 3 4





I followed this guide for the initial setup before I start messing up with vlan configuration:

https://netosec.com/dd-wrt-wifi-vlans/

there is no "assign port to the switch" as for the WAN port on my GUI in "basic setup"


Anyway this is my VLAN setup in the dd-wrt:

https://imgbox.com/ootTBMGI


As you can see there isn't any WAN port.

for the record, I'd like to set the trunk port on the port 1, VLAN10 on port 2 and 3, and VLAN20 on port 4. Once I get it I can go on and figure out how to add 2 WLANs.

Thank you very much
tipjohn
DD-WRT User


Joined: 17 Dec 2018
Posts: 65

PostPosted: Mon Nov 29, 2021 17:16    Post subject: Reply with quote
Nobody can't help me with that?
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Mon Nov 29, 2021 23:48    Post subject: Reply with quote
well you are either on a goose chase, or not …also you haven't learned how to…
so far, you are chasing it, have a look at the link I posted you about vlans on 7800
its a messy thread, but you can get the basics… if those work at all Smile

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum