How to configure VLANs between LANs

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page 1, 2, 3, 4  Next
Author Message
Fedex03
DD-WRT User


Joined: 18 Nov 2010
Posts: 89
Location: Italy

PostPosted: Tue Feb 22, 2022 12:33    Post subject: How to configure VLANs between LANs Reply with quote
Hi there,

I'm new to VLANs and I want to use it with my Netgear R7800.

This is my setup:
* R7800
* WAN: my ISP Modem
* LAN port 1: Home network
* LAN port 4: IoT Network (every smart appliance is connected here).
* 3 Bridge:
** BR0: F
** BR1: Assigned to 2 Virtaul Access Point and to port 4
** BR2: Assigned to a Virtual Access Point for Guests


Currently I installed a new AP (Unifi AP AC Pro) on the attic. The attic is reached by a ethernet cable connected to the LAN Port 1 (home network) through a switch to my R7800.
Since I need the IoT network also on the attic my question is: is it possbile, through VLAN, provide the IoT network to my Unifi AP AC Pro?
I read that also Unifi AP AC Pro can be configure to create an Virtual AP using VLANs.

Thanks in advance for the help!

Best regards,
Federico
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Tue Feb 22, 2022 13:26    Post subject: Reply with quote
your best guide is here:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=313472

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Fedex03
DD-WRT User


Joined: 18 Nov 2010
Posts: 89
Location: Italy

PostPosted: Thu Feb 24, 2022 9:37    Post subject: Reply with quote
Alozaros wrote:
your best guide is here:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=313472


Thanks for the reply.
I have alreay 3 VLAN, I'm tring to understand how to do that:

On the Port 1 (connected to VLAN1) connect a PC that must be on VLAN2. This because I have only one cable that goes to the room where the new PC is place.

Is this possibile?

Thanks
plawer
DD-WRT User


Joined: 11 Aug 2019
Posts: 156

PostPosted: Fri Feb 25, 2022 19:30    Post subject: Reply with quote
yes, you can run multiple VLANs on the same cable. It's only a matter of defining what's the native VLAN and what other tagged VLAN's are allowed on the same port.
_________________
Linksys: Several WRTxx00AC variations | Netgear: 4x WNDR4500v2, 7x WNDR4300, R6400v1 | Asus: 2x RT-AC66U | Gl.inet: 3x GL-AR150
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Sat Feb 26, 2022 12:42    Post subject: Reply with quote
You cannot use VLAN2, because that's the WAN.

Is the switch of type Managed/Smart switch that can handle VLAN?
DWCruiser
DD-WRT User


Joined: 15 Aug 2016
Posts: 223
Location: Melbourne, Australia

PostPosted: Sat Feb 26, 2022 21:18    Post subject: Reply with quote
Per Yngve Berg wrote:
You cannot use VLAN2, because that's the WAN.

Is the switch of type Managed/Smart switch that can handle VLAN?


Further to what Per Yngve Berg mentioned above; and other posters wrote earlier, here is some clarification:

First, it's best not to use numbers from 1 to 9 for creating your own VLANS. This is to avoid potential clashes with any default (i.e. inbuilt) VLANS that were pre-assigned with one of these numbers. It's a good practice to use a VLAN number starting from 10 and upwards. For this very reason, VLAN10 below refers to your created VLAN1, and VLAN20 refers to VLAN2).

Now with that out of the way.

For your port 1 (on the router) to carry traffic for both VLAN10 and VLAN20, port 1 needs to be configured as TRUNK, or Tagged port. The Ethernet cable connected to it becomes a TRUNK link.

The other end of that link should be connected to another TRUNK port on, say, a smart 4-port switch (i.e. one that is VLAN capable). Assign VLAN10 and VLAN20 to specific ports on the switch as needed.

Then connect each device to either VLAN10 or VLAN20 port as required.

The above post, in general, is how to extend multiple VLANS, by wire, from a port on the router to another location.

So, the answer to your question is a cable, alone by itself, can not switch traffic from one to another VLAN without the tagging functions at layer 2 at both ends of the cable. A cable is simply a dumb conduit.

_________________
Life is a journey; travel alone makes it less enjoyable and lonely.
Fedex03
DD-WRT User


Joined: 18 Nov 2010
Posts: 89
Location: Italy

PostPosted: Wed Mar 02, 2022 16:14    Post subject: Reply with quote
Hi there,

thank you for the detailed replies. I'm realative new to VLANs so I need a little help.

I'm using two "NETGEAR Switch Ethernet Plus 8 porte GS108E" and in my mind I think that the "connection" between the VLANx inside the dumb cable to the specific device is made by the Managed Switch.

Am I right?

In my scenario, this is what I should do:
* Define a VLAN40 (VLAN connected to port 4)
* This VLAN should be transported by the cable connected to port1.
* The managed switch connect the VLAN40 to my UnifiAP.

This is correct?

Thank you very much for your time!

BR,
Federico
DWCruiser
DD-WRT User


Joined: 15 Aug 2016
Posts: 223
Location: Melbourne, Australia

PostPosted: Thu Mar 03, 2022 21:26    Post subject: Reply with quote
Fedex03 wrote:

I'm using two "NETGEAR Switch Ethernet Plus 8 porte GS108E" and in my mind I think that the "connection" between the VLANx inside the dumb cable to the specific device is made by the Managed Switch.


Exactly. The cable (like a road allowing cars to travel on it) simply carries traffic from one end to the other. It does not distinguish traffic intended for one VLAN from another. But a VLAN-capable switch adds/strips the VLAN tag then sends the traffic, down the cable, to the correct destination.

To complete the picture, the R7800 router has an inbuilt switch chipset that controls its LAN ports and as such it can also act like a switch.



Quote:

In my scenario, this is what I should do:
* Define a VLAN40 (VLAN connected to port 4)
* This VLAN should be transported by the cable connected to port1.
* The managed switch connect the VLAN40 to my UnifiAP.

This is correct?


I'd suggest a read of the linked post below, you will get more detailed examples of setting up VLANS for your Netgear R7800.

VLANS settings is specific for each router because each inbuilt switch chipset is internally wired differently from one router to the next. Keep that in mind. It's one of the most confusing areas of networking in my own experience. But I am sure you can master it, once you got the fundamentals right.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322413&sid=efb75bfba7ff6c29ad5a5ded02622afc

Good luck.

_________________
Life is a journey; travel alone makes it less enjoyable and lonely.
Fedex03
DD-WRT User


Joined: 18 Nov 2010
Posts: 89
Location: Italy

PostPosted: Fri Mar 04, 2022 16:37    Post subject: Reply with quote
DWCruiser wrote:
Fedex03 wrote:

I'm using two "NETGEAR Switch Ethernet Plus 8 porte GS108E" and in my mind I think that the "connection" between the VLANx inside the dumb cable to the specific device is made by the Managed Switch.


Exactly. The cable (like a road allowing cars to travel on it) simply carries traffic from one end to the other. It does not distinguish traffic intended for one VLAN from another. But a VLAN-capable switch adds/strips the VLAN tag then sends the traffic, down the cable, to the correct destination.

To complete the picture, the R7800 router has an inbuilt switch chipset that controls its LAN ports and as such it can also act like a switch.



Quote:

In my scenario, this is what I should do:
* Define a VLAN40 (VLAN connected to port 4)
* This VLAN should be transported by the cable connected to port1.
* The managed switch connect the VLAN40 to my UnifiAP.

This is correct?


I'd suggest a read of the linked post below, you will get more detailed examples of setting up VLANS for your Netgear R7800.

VLANS settings is specific for each router because each inbuilt switch chipset is internally wired differently from one router to the next. Keep that in mind. It's one of the most confusing areas of networking in my own experience. But I am sure you can master it, once you got the fundamentals right.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322413&sid=efb75bfba7ff6c29ad5a5ded02622afc

Good luck.


Thanks for the reply!

To reduce the complexy I tought another topology.

I wonder if it possible to pass VLAN40 and VLAN10 into the port 3 of my router (it is unused) and connect this port directly to my Unifi AC Pro in order to create a trunk. In this way the Unifi AC Pro can handle the trunk on the other side and provides an SSID for each VLAN.

Is it possibile?

I tought that because I saw that my Managed Switched can assign only one VLAN to a specific port.

Thanks for the help!

BR,
Federico
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Fri Mar 04, 2022 16:58    Post subject: Reply with quote
On the switch, the port is set to tagged marked with a T for the VLAN. You can do that with a port for several VLANs.
Fedex03
DD-WRT User


Joined: 18 Nov 2010
Posts: 89
Location: Italy

PostPosted: Mon Jul 18, 2022 10:28    Post subject: Reply with quote
Hi there,

I'm back to complete my integration of VLAN.

My current port configuration is:

Code:

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "2 3 4 6"
swconfig dev switch0 vlan 10 set ports "1 6t"
swconfig dev switch0 set apply
vconfig add eth1 10
brctl addif br1 eth1.10
ifconfig eth1.10 up


VLAN1 is my private network on Ethernet port 4 and VLAN10 is my IoT Network on Ethernet Port 1.

I wanto to create a TRUNK on unsed port of my router for example Ethernet Port 2 that trasnport VLAN1 and VLAN10.

Which is the correct configuration?

I'm lost!

Thanks in advance for your help.

BR,
Federico
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Mon Jul 18, 2022 13:17    Post subject: Reply with quote
To make a tagged trunk on port 1, add port "1t" to the vlan.
Fedex03
DD-WRT User


Joined: 18 Nov 2010
Posts: 89
Location: Italy

PostPosted: Mon Jul 18, 2022 15:11    Post subject: Reply with quote
Per Yngve Berg wrote:
To make a tagged trunk on port 1, add port "1t" to the vlan.


How can I assign to VLANs to the same ethernet Port?

Thnaks!
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Mon Jul 18, 2022 15:29    Post subject: Reply with quote
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1t 2 3 4 6"
swconfig dev switch0 vlan 10 set ports "1t 6t"
swconfig dev switch0 set apply


On newer builds, the interface name is no longer eth1.10, but vlan10
Fedex03
DD-WRT User


Joined: 18 Nov 2010
Posts: 89
Location: Italy

PostPosted: Sat Jul 23, 2022 10:16    Post subject: Reply with quote
Hi there,

finally I am ready to setup VLANs.

This is my switch config:

Code:

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "2t 3t 4 6"
swconfig dev switch0 vlan 10 set ports "1 2t 3t 6t"
swconfig dev switch0 set apply
vconfig add eth1 10
brctl addif br1 eth1.10
ifconfig eth1.10 up


My idea is:
* VLAN 1: private network connected to bridge0 (br0)
* VLAN 10: IoT network connected to bridge1 (br1)

I set up 2 trunk:
* Port 2
* Port 3

at this port I attached two AP (one from Ubiquiti and one from Mikrotik).

I want to create two Virtual wireless on each AP (PrivateWiFi and IoT WiFi).

I configured the Ubiquiti AP to have two VAPs one associated to VLAN1 and one associted to VLAN10 but it seems not work.

The Ubiquiti AP gets IP from VLAN1 but the VLAN10 seems not work because I cannot get an IP from the router (br1).

I think I made something wrong.

Any suggestions?

Thanks in advance,
Federico
Goto page 1, 2, 3, 4  Next Display posts from previous:    Page 1 of 4
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum