Keep losing WAN IP while setting up vlans

Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Goto page 1, 2  Next
Author Message
RJS
DD-WRT Novice


Joined: 07 Jun 2022
Posts: 12

PostPosted: Tue Jun 07, 2022 21:13    Post subject: Keep losing WAN IP while setting up vlans Reply with quote
I have been using DD-WRT on a linksys router for several years now and have been very happy with it. I originally went to it for the QoS capabilities to control the amount of data the family used. Then a couple of months ago I got on a plan with my ISP that gives me unlimited data, triple the speed, and included a gateway at no extra charge. All for just a few dollars more per month. However, I am no longer happy with the router that is completely under their control. So, I decided to dust off my Linksys router. I also want to set up VLANs with all my streaming devices on its own VLAN. I followed the instructions from DevBaseMedia for setting up virtual lans for IoT devices (https://www.youtube.com/watch?v=0ds4o2RxHAc). It did exactly what I wanted and worked great - until I actually connected to my modem. Then I discovered that I was not getting a WAN IP address. I have gone over and over it to no avail. I went back to my old modem just to make sure it wasn't the gateway messing me up. But still no WAN IP. Everything is fine until I setup my VLANs via Setup/Switch Config. As soon as the router reboots, WAN IP goes to 0.0.0.0. So, after a lot of research, I decided to follow the recommendations to bypass the GUI and set up my VLANs via command line. When I do that using the NVRAM commands, all appears good. I set up my VLANs and still maintain my WAN IP. The layout is even reflected under Setup/Switch Config. However, when I try to use the brctl commands to create bridges and add VLANs to them, brctl returns an error message stating that the VLAN3 does not exist. On a whim, I went to the Setup/Switch Config screen and clicked the Save button. Did not touch anything else on the screen, and I no longer get the error message when I use the brctl command to add vlan3 to br1. But I lose my WAN IP again. At this point, I have been unable to find any solution. Bearing in mind that I am very much a novice at this and my ONLY experience in this area is trying to setup my home router, can someone point me in the right direction?

My setup:
Linksys WRT3200ACM
Previous DD-WRT Version: 3.0-r44715 std (11/03/20) Started with this version, then upgraded.
Upgraded to: DD-WRT v3.0-r48971 std (05/26/22) Problem is the same with both versions.
Kernel Version: Linux 4.9.315 #3227 SMP Thu May 26 02:24:43 +07 2022 armv7l
The main lan ip is 192.168.1
The virtual lan is 192.168.3
For a simple test, I reset the router to factory settings, turned on SSHd and rebooted. I have a WAN IP. I do not change anything else from the GUI through the rest of the test.

Next I run the following commands from PuTTY:
nvram set vlan3hwname=et0
nvram set vlan3ports="1 5"
nvram set vlan1ports="2 3 4 5"
nvram set port1vlans=3

Results are:
root@DD-WRT:~# nvram show | grep vlan.*ports | sort
size: 28177 bytes (102895 left)
vlan0ports=1 2 3 4 5*
vlan1ports=2 3 4 5
vlan2ports=0 5
vlan3ports=1 5 (I went back and changed ports 5 to 6 on vlans 1 and 3. No help.)
root@DD-WRT:~# nvram show | grep port.*vlans | sort
size: 28177 bytes (102895 left)
port0vlans=2
port1vlans=3
port2vlans=1
port3vlans=1
port4vlans=1
port5vlans=1 2 16000
root@DD-WRT:~# nvram show | grep vlan.*hwname | sort
size: 28177 bytes (102895 left)
vlan0hwname=et0
vlan1hwname=et0
vlan2hwname=et0
vlan3hwname=et0

I run nvram commit and reboot.
At this point I still have a WAN IP address.

However, when I try to set up a bridge with the following commands:
brctl addbr br1
brctl addif br1 vlan3

This is the result:
interface vlan3 does not exist!

br1 does get added temporarily, but any vlan I try to add to with brctl returns the error. I lose br1 when I reboot.
But I still have a WAN IP address.

So I went back to the GUI Setup/Network and added br1, which now sticks through a reboot. But neither the GUI or the brctl command finds any vlans to add to the bridge.

If I go to Setup/Switch Config, click Save and reboot (no other changes) I can set up the bridges with the vlans. But I have lost my WAN IP.

As a last resort, I tried the swconfig command per https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317199 (among others). But my wan IP goes away a few seconds after I run different swconfig commands. It takes a few seconds, but it seems no matter where I am n the process, it will eventually go away.

I have to be missing something here. Hopefully something simple (I ain't proud), but I would appreciate getting pointed in the right direction.
If you got this far through my issue, I thank you for your patience!
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Tue Jun 07, 2022 21:41    Post subject: Reply with quote
1) Current release is 49113

2) You do not use the pre-swconfig Broadcom method to do VLANs on your Marvell device (nvram set); you use swconfig and other commands as shown below via startup script.

3) See the following stickies at the top of this forum:

Sticky: How to VLAN tag WAN traffic for ISP on WRT1900AC v1 - SOLVED

Sticky: VLAN success on WRT1900ACSv2, WRT3200ACM, et al.

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
RJS
DD-WRT Novice


Joined: 07 Jun 2022
Posts: 12

PostPosted: Sun Jun 12, 2022 0:06    Post subject: Reply with quote
OK, I upgraded to 49113 and then yesterday to 49139, but neither version helped. I have abandoned the nvram route and for the last week I have focused soley on trying to get a setup to work with swconfig. I have used the two links I have been referred to, but neither of them has helped. I even downgraded to the versions used in both of the links and copied the code directly, but I am still getting a WAN IP: 0.0.0.0. After three months of working on this, I think it is time to abandon the project for now. I am beginning to doubt that my particular router will even support 3 vlans.
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Sun Jun 12, 2022 7:34    Post subject: Reply with quote
Quick question.... Have you tried spoofing the ISP's router WAN port facing MAC address into DD-WRT? I would, just in case they lock your service to a specific MAC.

I would approach this setup a different way, using separate subnets isolated from each other since its IoT devices a lovely target for botnet web scouring scripts looking for exploitable targets.

So e.g. running multiple DHCP servers which can be setup in the networking tab and then in Advanced routing tab configure routing tables/policies to take care of the rest.

Or also possible to use unbridged AP/Net isolated VAPs with internet connection.

In any case when you go to any level higher than 3, you will notice connected clients performance is crap.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6856
Location: Romerike, Norway

PostPosted: Sun Jun 12, 2022 9:12    Post subject: Reply with quote
Did you check the switch config with:

swconfig dev switch0 show
RJS
DD-WRT Novice


Joined: 07 Jun 2022
Posts: 12

PostPosted: Sun Jun 12, 2022 16:42    Post subject: Reply with quote
I did try setting the IP address manually, but it did not help. The MAC address has not changed. BTW, the modem is not connected to during all of this. But I really don't think that is an issue.
My intent is to setup isolated subnets, and it seemed to be working until I noticed I was not talking to the modem anymore. During the last 2 years, my quiet little isolated network has gotten very busy with IOT devices: TVs, Thermostats, etc. So far, I have kept my security cameras off the internet (or have I???). Had a problem with our new TV and while talking to Visio, they reached right in and turned off my TV! And I logged into my Comcast account and there are all my devices listed and my wifi password proudly displayed. So, I decided to get a little more secure. Your response got me to thinking that I should go ahead and complete my configuration before worrying about the WAN IP. And sure enough, it came back after I reconfigured my DHCP for the two subnets. Still have issues, but I see this as progress.
I will have a look at the unbridged AP/Net suggestion. I will confess that I am not sure what you are talking about, but I will do some more research.
I see no need for more than 3 vlans at this time, but I will keep that in mind.
Thanks.
RJS
DD-WRT Novice


Joined: 07 Jun 2022
Posts: 12

PostPosted: Sun Jun 12, 2022 16:47    Post subject: Reply with quote
I do use swconfig dev switch0 show, which is what confused me. I don't fully comprehend everything it tells me. But after running "brctl addif br1 vlan3", I kept getting the message "interface vlan3 does not exist!" and yet swconfig showed it there. Turns out br1 did not exist.
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Sun Jun 12, 2022 17:07    Post subject: Reply with quote
Well never trust anything IoT or Smart TV's, IoT's are target numero uno for botnets.

I would approach the issue myself differently, obviously there many ways to skin this particular cat, I always opt by the simplest most effective ways to isolate devices from the web and from each others subnets.

Generally CLI even though I can and am quite comfortable there, messing with the swconfig is not something I see as a need to achieve this, nor bridges which are always the wrong solution for me for any kind of networking, they create interfaces aggregates into a single interface, and to keep them separate you need more bridges when you dont need them at all. Routing tables/Policies is the way proper networking is done across subnets, infinite more control there.

I start with static leases, only way to reliably control and restrict access to any devices, I use access restrictions to prevent unsecure devices to have any kind of WAN access, IoT's SmartTv's fall under this category.

But sorry I dont really have the time to get into specifics. So moot point.

On another note see https://thehackernews.com/2022/06/new-privacy-framework-for-iot-devices.html the future is bright, NOT.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Tue Jun 14, 2022 9:13    Post subject: Reply with quote
Now imagine mDNS/Avahi and IoT's, Smart devices, Phones, Tablets and ect. on the same network subnet...and all local traffic in the same pool...
To isolate traffic, I generally use Vlan's/on Br , with or without WAN access, on different subnets(along with some iptables restriction rules), hooked to a switch, where it has vlan segmentations capability too, but will be interesting to see another approach to the problem... Rolling Eyes

Yep there are some odd messages in logs br do not exists and ect. but when booting is done you can check with swconfig dev switch0 show or ifconfig to find out what is where...just ignore those in the log...
Usually, building a vlan's via CLI or start up script should be ok...you can do all the job via CLI and nvram commit afterwords..

Once created via CLI and nvram commited, all those will appear in GUI Networking tab as well...
To make vlan fully functional, you'd need to add a DHCPd to the bridge where its is assigned to or, to the vlan itself if its on its own unbridged (not bridged)...

yep fiddling with vlans could be a messy thing, but one you learn the basics its easy...

WAN missing is very likely you mess with vlan2 witch is your WAN by default and vlan1 is your LAN... so pick any other to move around..like start with vlan3 for example...

SurprisedItWorks vlan set up is decent https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317199 ...the youtube video you shared is for Broadcom routers...where GUI works well for those, but is messy as the default vlan layout is different...
I have no idea if the GUI switch layout for Linksys/Marvell you have is working as it should..
but the best way is via Start up scripts or so called CLI commands (nvram commited)..

here is another tread for vlans on R7800...where you see the idea is the same
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1122223

at the end pic of your set up will make things easier (cover the sensitive data)...so we know the layout and ect.

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
RJS
DD-WRT Novice


Joined: 07 Jun 2022
Posts: 12

PostPosted: Wed Jun 15, 2022 14:34    Post subject: Reply with quote
I keep saying I am going to put this thing on the back burner, but I just keep coming back to it. I am now able to run the scripts to setup the vlans without losing access to the modem. After being told that nvram commands are no longer supported with this router, I stayed away from them. But after your message, I went back and tried nvram commit. The setup/switch config screen shows no change. However, swconfig seems to verify the correct setup, which is the way (I think) I want them:

Global attributes:
enable_vlan: 3
Port 0:
mask: 0x0000: (0)
qmode: 3
pvid: 3
link: port:0 link:up speed:1000baseT full-duplex
Port 1:
mask: 0x0000: (1)
qmode: 3
pvid: 1
link: port:1 link:down
Port 2:
mask: 0x0000: (2)
qmode: 3
pvid: 1
link: port:2 link:down
Port 3:
mask: 0x0000: (3)
qmode: 3
pvid: 1
link: port:3 link:down
Port 4:
mask: 0x0000: (4)
qmode: 3
pvid: 2
link: port:4 link:up speed:1000baseT full-duplex
Port 5:
mask: 0x0000: (5)
qmode: 3
pvid: 2
link: port:5 link:up speed:1000baseT full-duplex
Port 6:
mask: 0x0000: (6)
qmode: 3
pvid: 3
link: port:6 link:up speed:1000baseT full-duplex
VLAN 1:
port_based: 0
vid: 1
ports: 1 2 3 6
VLAN 2:
port_based: 0
vid: 2
ports: 4 5
VLAN 3:
port_based: 0
vid: 3
ports: 0 6


It seems that the brctl command had no affect on the bridges. So I went back to the GUI for that. Still working on setting up the bridges and dhcp the way I want. I connect my other computer to port 0 (physical port 4) which should be on vlan3. However, it picks up an IP for vlan1 and it is able to pull up the modem's web page. So I am not sure if the GUI display is correct (shows default of port0 on vlan1) or the swconfig command is correct.

Ad for vlan2, I pretty much am leaving that alone. I decided one less headache.
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Wed Jun 15, 2022 14:49    Post subject: Reply with quote
RJS wrote:
After being told that nvram commands are no longer supported with this router, I stayed away from them. But after your message, I went back and tried nvram commit.

Who exactly told you that nvram commands are no longer supported with your router?

You were told something different, I'm sure of it and also sure you just misread.

I stand ready to eat my non existing hat, just in case there is such a router, perhaps with a flash of -20MB where you flash DD-WRT into the ether;)

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)


Last edited by the-joker on Wed Jun 15, 2022 14:54; edited 1 time in total
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6856
Location: Romerike, Norway

PostPosted: Wed Jun 15, 2022 14:54    Post subject: Reply with quote
enable_vlan: 3

Values are 0 or 1 (Disabled/enabled)



swconfig dev switch0 set enable_vlan "1"
swconfig dev switch0 set vlan 3 ports "0 6t"
swconfig dev switch0 set apply

You must tag the port to the SOC.


Last edited by Per Yngve Berg on Wed Jun 15, 2022 15:02; edited 1 time in total
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Wed Jun 15, 2022 14:57    Post subject: Reply with quote
the-joker wrote:
Who exactly told you that nvram commands are no longer supported with your router?

You were told something different, I'm sure of it and also sure you just misread.


To reiterate other linked information:

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317199

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=305616

Per Yngve Berg wrote:
Code:
nvram show | grep vlan.*ports

vlan0ports=1 2 3 4 5*
vlan1ports=0 5


Disregard these variables as they are used on Broadcom units only.

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
RJS
DD-WRT Novice


Joined: 07 Jun 2022
Posts: 12

PostPosted: Wed Jun 15, 2022 15:56    Post subject: Reply with quote
the-joker wrote:
RJS wrote:
After being told that nvram commands are no longer supported with this router, I stayed away from them. But after your message, I went back and tried nvram commit.

Who exactly told you that nvram commands are no longer supported with your router?


It was in the first response from kernel-panic69:
2) You do not use the pre-swconfig Broadcom method to do VLANs on your Marvell device (nvram set); you use swconfig and other commands as shown below via startup script.

Maybe I just misunderstood, but since I was not having any success with them, I accepted the answer.
RJS
DD-WRT Novice


Joined: 07 Jun 2022
Posts: 12

PostPosted: Wed Jun 15, 2022 16:02    Post subject: Reply with quote
Per Yngve Berg wrote:
enable_vlan: 3

Values are 0 or 1 (Disabled/enabled)



swconfig dev switch0 set enable_vlan "1"
swconfig dev switch0 set vlan 3 ports "0 6t"
swconfig dev switch0 set apply

You must tag the port to the SOC.


OK, this command I DID misunderstand. I had set enable_vlan repeated with each vlan number, the last one being 3, of course. I thought this just enabled each vlan by number. I will have to correct that. At one point I did tag the ports, but somewhere along the way, I removed the t. Will put them back.
Thanks
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum