Posted: Fri Nov 26, 2021 14:18 Post subject: VLANs with pfsense and dd-wrt.
Hi,
I got to create 2 VLANs in pfSense which in turn is installed in Proxmox as a virtual machine. One of VLANS (VLAN 10) gives connectivity to the Proxmox's internal VMs. So far so good.
This setup already works for the Proxmox internal VMs, which I put on VLAN10.
So, I am going to plug a DD_wrt device (TP-link wr841N v9) to the Proxmox physical NIC and set up VLANs in it.
I'd like to understand how to set the trunk port on port 1, and how I can set VLAN10 on port 2 and 3 and VLAN20 on port 4. Yes, I'll add 2 WLAN in the vlan subnet..but one step at the time
Joined: 18 Mar 2014 Posts: 12840 Location: Netherlands
Posted: Fri Nov 26, 2021 14:39 Post subject:
VLAN's are router specific so your question does not belong in the General Questions forum.
No problem as I will move this tread for you
It is also very important that you not only state router model but also the build number (and kernel version if there are more than one kernel versions for your router)
VLAN's are router specific so your question does not belong in the General Questions forum.
No problem as I will move this tread for you
It is also very important that you not only state router model but also the build number (and kernel version if there are more than one kernel versions for your router)
See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Joined: 16 Nov 2015 Posts: 6414 Location: UK, London, just across the river..
Posted: Fri Nov 26, 2021 15:47 Post subject:
tipjohn unfortunately, im afraid to let you know that your device is very basic and has a dumb switch..
so, VLAN segmentation is not possible...as far as i know...especially on 4MB flash size routers where they lack of services and options due to a limited flash size...
For VLAN switch ports segregation/tagging, you need a better higher class router...
I do have 3 different routers that supports it, lower class first:
Tp-link 1043v2, Netgear R7000, Netgear 7800.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
tipjohn unfortunately, im afraid to let you know that your device is very basic and has a dumb switch..
so, VLAN segmentation is not possible...as far as i know...especially on 4MB flash size routers where they lack of services and options due to a limited flash size...
For VLAN switch ports segregation/tagging, you need a better higher class router...
I do have 3 different routers that supports it, lower class first:
Tp-link 1043v2, Netgear R7000, Netgear 7800..
Joined: 08 May 2018 Posts: 14129 Location: Texas, USA
Posted: Fri Nov 26, 2021 18:41 Post subject:
The only way to verify VLAN capability as far as I know is checking for swconfig presence and support. What is the output of 'swconfig list' via telnet/ssh? Whatever device name(s) it lists, then issue a 'swconfig dev (devicename) show'. Is this not one of the devices that requires the startup script for the LAN ports to talk to one another? I have a 940N v3 (941N v6) - among a number of other devices - that uses the startup script and it's only a 4MB flash device. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 16 Nov 2015 Posts: 6414 Location: UK, London, just across the river..
Posted: Fri Nov 26, 2021 21:53 Post subject:
kernel-panic69 wrote:
The only way to verify VLAN capability as far as I know is checking for swconfig presence and support. What is the output of 'swconfig list' via telnet/ssh? Whatever device name(s) it lists, then issue a 'swconfig dev (devicename) show'. Is this not one of the devices that requires the startup script for the LAN ports to talk to one another? I have a 940N v3 (941N v6) - among a number of other devices - that uses the startup script and it's only a 4MB flash device.
i was playing with WR84xx series and was not capable...of vlan segmentation, as well it doesn't have enough ram...
it was ages ago and someone said it has a dumb switch...
the presence of swconfig will not make the dumb switch capable of vlan segregation...but you can go on a goose chase, check your WR94xx if its capable of VLAN by port and surprise us....? Ill be very happy if so..
I believe the lowest capable is 1043v2 , already tested 740xx, 84xx just haven't tried on 94xx... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 08 May 2018 Posts: 14129 Location: Texas, USA
Posted: Sat Nov 27, 2021 0:56 Post subject:
You wouldn't be able to use the startup script to link the ports so they talk to each other if vlan support wasn't enabled. This may have not been possible before, it may have changed again, but the 940v3 in question is employed as a wired AP elsewhere ATM. I will check it sometime this weekend... _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
The only way to verify VLAN capability as far as I know is checking for swconfig presence and support. What is the output of 'swconfig list' via telnet/ssh? Whatever device name(s) it lists, then issue a 'swconfig dev (devicename) show'. Is this not one of the devices that requires the startup script for the LAN ports to talk to one another? I have a 940N v3 (941N v6) - among a number of other devices - that uses the startup script and it's only a 4MB flash device.
I used the command shell in DD-wrt itself since I got some problems at loggin via telnet (it seems that ssh is not suspported.
Joined: 16 Nov 2015 Posts: 6414 Location: UK, London, just across the river..
Posted: Sat Nov 27, 2021 8:47 Post subject:
well , i would be pleasantly surprised if you make any success... on TP-link 84xx series
here is the Vlan guide i used on my R7800 and 1043v2
for Vlan segmentation https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=313472&postdays=0&postorder=asc&start=0
Good Luck _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 08 May 2018 Posts: 14129 Location: Texas, USA
Posted: Sat Nov 27, 2021 17:54 Post subject:
Interesting that it has eth0 and switch0 and that eth0 shows what looks like the output of switch0 should be. What is the output of swconfig dev switch0 show? FYI, telnet / ssh is enabled disabled on the "Services" tab, and you should have the ability to enable or disable both. I have ssh on my TL-WR940Nv3. Using the webUI commands input can be a little tricky. This shows that vlan(s) is(are) not enabled by default, if I am not mistaken:
Code:
Global attributes:
enable_vlan: 0
mirror_monitor_port: 15
Interesting that it has eth0 and switch0 and that eth0 shows what looks like the output of switch0 should be. What is the output of swconfig dev switch0 show? FYI, telnet / ssh is enabled disabled on the "Services" tab, and you should have the ability to enable or disable both. I have ssh on my TL-WR940Nv3. Using the webUI commands input can be a little tricky. This shows that vlan(s) is(are) not enabled by default, if I am not mistaken:
Code:
Global attributes:
enable_vlan: 0
mirror_monitor_port: 15
Do your ethernet ports talk to one another properly? Can you ping back and forth between wired clients, etc?
ok, I can open a ssh session with the dd-wrt device.
I ran the command "swconfig dev switch0 show"
Code:
root@DD-2:~# swconfig dev switch0 show
Global attributes:
enable_vlan: 0
mirror_monitor_port: 15
Port 0:
enable_mirror_rx: 0
enable_mirror_tx: 0
pvid: 0
link: port:0 link:up speed:1000baseT full-duplex txflow rxflow
Port 1:
enable_mirror_rx: 0
enable_mirror_tx: 0
pvid: 0
link: port:1 link:down
Port 2:
enable_mirror_rx: 0
enable_mirror_tx: 0
pvid: 0
link: port:2 link:up speed:100baseT full-duplex auto
Port 3:
enable_mirror_rx: 0
enable_mirror_tx: 0
pvid: 0
link: port:3 link:down
Port 4:
enable_mirror_rx: 0
enable_mirror_tx: 0
pvid: 0
link: port:4 link:down
VLAN 0:
vid: 0
ports: 0 1 2 3 4
I followed this guide for the initial setup before I start messing up with vlan configuration:
for the record, I'd like to set the trunk port on the port 1, VLAN10 on port 2 and 3, and VLAN20 on port 4. Once I get it I can go on and figure out how to add 2 WLANs.
Joined: 16 Nov 2015 Posts: 6414 Location: UK, London, just across the river..
Posted: Mon Nov 29, 2021 23:48 Post subject:
well you are either on a goose chase, or not …also you haven't learned how to…
so far, you are chasing it, have a look at the link I posted you about vlans on 7800
its a messy thread, but you can get the basics… if those work at all _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913