DD-WRT :: View topic - How to configure VLANs between LANs

How to configure VLANs between LANs

DD-WRT Forum Index -> Atheros WiSOC based Hardware

Goto page Previous 1, 2, 3, 4 Next

View previous topic :: View next topic

Author

Message

Per Yngve Berg
DD-WRT Guru

Joined: 13 Aug 2013
Posts: 6868
Location: Romerike, Norway

Posted: Sat Jul 23, 2022 10:28 Post subject:

Fedex03 wrote:

vconfig add eth1 10
brctl addif br1 eth1.10
ifconfig eth1.10 up

Not sure if you need these. It can be done on the Networking tab in the GUI.

The interface names has also changed. I am currently on build 49492.

Last edited by Per Yngve Berg on Sat Jul 23, 2022 14:42; edited 1 time in total

Sponsor

Fedex03
DD-WRT User

Joined: 18 Nov 2010
Posts: 89
Location: Italy

Posted: Sat Jul 23, 2022 14:06 Post subject:
I had a old version DD-WRT v3.0-r44467 std (09/24/20) When I configure it, I was told to use the startup script instead of GUI because the GUI does not work well. I thing to update it but I'm worried about the compatibility with my Startup command table. Thank

userrox
DD-WRT Novice

Joined: 11 May 2019
Posts: 16

Posted: Sat Jul 23, 2022 19:21 Post subject:
You reported "I cannot get an IP from the router (br1).". If you need the R7800 to provide DHCP to clients on VLAN10 you may need to go to Setup -> Networking -> Multiple DHCP Servers and add DHCP to br1

Fedex03
DD-WRT User

Joined: 18 Nov 2010
Posts: 89
Location: Italy

Posted: Sat Jul 23, 2022 21:03 Post subject:

userrox wrote:

You reported "I cannot get an IP from the router (br1).". If you need the R7800 to provide DHCP to clients on VLAN10 you may need to go to Setup -> Networking -> Multiple DHCP Servers and add DHCP to br1

I already have a DHCP server for the (br1).

Fedex03
DD-WRT User

Joined: 18 Nov 2010
Posts: 89
Location: Italy

Posted: Sat Jul 30, 2022 11:25 Post subject:

Hi there,

I updated my R7800 to a latest build: DD-WRT v3.0-r49567 std (07/27/22).

I did not make a reset because I don't have enought time reconfigure the router from zero.

I configured to port as Trunk:

Code:

swconfig dev switch0 vlan 1 set ports "2t 3t 4 6"
swconfig dev switch0 vlan 10 set ports "1 2t 3t 6t"

I'm tring to use vlan1 (private network) and vlan2 (iot network) on port 2 and 3.
This port are connected to two AP (one Mikrotik and one Unifi).
The two AP generate two WiFi SSID each:
* Home WiFi (VLAN1)
* IoT (VLAN10)

I already use the two VLAN but until now they where not tagged.

I think I miss somenthing to set up the trunks.

Any suggestions?

Thanks,
Federico

Per Yngve Berg
DD-WRT Guru

Joined: 13 Aug 2013
Posts: 6868
Location: Romerike, Norway

Posted: Sat Jul 30, 2022 13:06 Post subject:
You must enable vlan on the switch swconfig dev switch0 set enable_vlan 1

Fedex03
DD-WRT User

Joined: 18 Nov 2010
Posts: 89
Location: Italy

Posted: Sat Jul 30, 2022 13:07 Post subject:

Per Yngve Berg wrote:

You must enable vlan on the switch

swconfig dev switch0 set enable_vlan 1

It is enabled.

This is my config:

Code:

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "2t 3t 4 6"
swconfig dev switch0 vlan 10 set ports "1 2t 3t 6t"
swconfig dev switch0 set apply
vconfig add eth1 10
brctl addif br1 eth1.10
ifconfig eth1.10 up

Per Yngve Berg
DD-WRT Guru

Joined: 13 Aug 2013
Posts: 6868
Location: Romerike, Norway

Posted: Sat Jul 30, 2022 13:25 Post subject:
When you remove the 3 last lines, you should see interfaces vlan1 and vlan10 in Setup->Networking in the GUI.

Fedex03
DD-WRT User

Joined: 18 Nov 2010
Posts: 89
Location: Italy

Posted: Sat Jul 30, 2022 21:39 Post subject:

Per Yngve Berg wrote:

When you remove the 3 last lines, you should see interfaces vlan1 and vlan10 in Setup->Networking in the GUI.

Thanks for the reply.

After that what I should do in the networking sections?

Per Yngve Berg
DD-WRT Guru

Joined: 13 Aug 2013
Posts: 6868
Location: Romerike, Norway

Posted: Sat Jul 30, 2022 22:16 Post subject:
Unbridge or assign to a bridge, add a dhcp server etc.

Fedex03
DD-WRT User

Joined: 18 Nov 2010
Posts: 89
Location: Italy

Posted: Sun Jul 31, 2022 8:38 Post subject:

Per Yngve Berg wrote:

Unbridge or assign to a bridge, add a dhcp server etc.

My VLANs are already configured, with 3 bridges, DHCP and firewall rules.

My problem is how to handle tagging the switch ports.

I want to vlans on two physical switch ports.

Is it possbile?

Thank you

Per Yngve Berg
DD-WRT Guru

Joined: 13 Aug 2013
Posts: 6868
Location: Romerike, Norway

Posted: Sun Jul 31, 2022 8:57 Post subject:
Tagging is done by adding 't' to the port as you have done. Is the interfaces vlan1 and vlan10 member of a bridge? Firewall rules have to reference the bridge for bridged interfaces. Is the swconfig commands added to the startup script?

Fedex03
DD-WRT User

Joined: 18 Nov 2010
Posts: 89
Location: Italy

Posted: Sun Jul 31, 2022 10:25 Post subject:

Per Yngve Berg wrote:

Tagging is done by adding 't' to the port as you have done.

Is the interfaces vlan1 and vlan10 member of a bridge?

Firewall rules have to reference the bridge for bridged interfaces.

Is the swconfig commands added to the startup script?

This is my bridges config: screenshot attached.

Firewall rules:

Code:

iptables -t nat -I POSTROUTING -o `get_wanface` -j MASQUERADE

#### DNS RULES ####
#iptables -I FORWARD -i br1 -o br0 -p tcp -d 192.168.2.254 --dport 53 -j ACCEPT
#iptables -I FORWARD -i br1 -o br0 -p udp -d 192.168.2.254 --dport 53 -j ACCEPT
iptables -I FORWARD -i br2 -o br0 -p tcp -d 192.168.2.254 --dport 53 -j ACCEPT
iptables -I FORWARD -i br2 -o br0 -p udp -d 192.168.2.254 --dport 53 -j ACCEPT
#iptables -I FORWARD -i br0 -o br+ -j ACCEPT # optional
iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
##########################

#### FORWARDING RULES ####
# Forward between br0 toward br1
iptables -I FORWARD -i br0 -o br1 -j ACCEPT

#Restrict br2 from accessing the router's local sockets (software running on the router)
#iptables -I INPUT -i br2 -m state --state NEW -j DROP
##########################

#### VPN RULES ####
# NAT the traffic form the VPN out onto the internet via the WAN interface.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE

# Prevent 192.168.2.248/30 from reaching the internet directly (so no connection if VPN down)
iptables -I FORWARD -s 192.168.2.248/30 -o $(get_wanface) -m state --state NEW -j REJECT

# Prevent 192.168.10.8 from reaching the internet directly (so no connection if VPN down)
iptables -I FORWARD -s 192.168.10.8 -o $(get_wanface) -m state --state NEW -j REJECT
###################

The switch configuration is placed into the startup commands.

Thanks for your time!

Per Yngve Berg
DD-WRT Guru

Joined: 13 Aug 2013
Posts: 6868
Location: Romerike, Norway

Posted: Sun Jul 31, 2022 11:12 Post subject:
There is no interface eth1.10 on newer builds. It has changed to vlan10

the-joker
DD-WRT Developer/Maintainer

Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

Posted: Sun Jul 31, 2022 12:15 Post subject:

From the screenshots hes using a really old build and using some browser extension than mangles the interface.
_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)

Goto page Previous 1, 2, 3, 4 Next

Display posts from previous:

Page 2 of 4

DD-WRT Forum Index -> Atheros WiSOC based Hardware

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Log in

How to configure VLANs between LANs

Quick Links

Log in