R7000: VLAN isolation issues? Tagged vs untagged traffic

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2
Author Message
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Sun Nov 27, 2022 20:34    Post subject: Reply with quote
I got the clean spare R7000 and with the help of ho1Aetoo and Alozaros' tips and some documentation I managed to get it working in all the possible ways one must think of. Here's the resume of possible use cases I tested in r50927, all in port 3.

Netgear R7000:
LAN => vlan1
WAN => vlan2

Solution for the original question:

Quote:
The idea: setup a DD-WRT router for wireless / wired devices:
1) Local network 192.168.1.0/24 with its own DHCP and NAT;
2) Router ports 1,3,4 > access to the internal 192.168.1.0/24 network
3) Router port 2: "bridged" to the main router and get a 10.x.x.x IP.

Code:
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports "1 3 4 5t"
swconfig dev switch0 vlan 2 set ports "0 2 5t"
swconfig dev switch0 set apply

------

I. Regular LAN untagged + upstream connection tagged (id=2):
Code:
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 2 set ports '0 3t 5t'
swconfig dev switch0 port 3 set pvid 1
swconfig dev switch0 set apply


II. Regular LAN tagged (id=1) + upstream connection untagged:
Code:
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports '1 2 3t 4 5t'
swconfig dev switch0 vlan 2 set ports '0 3 5t'
swconfig dev switch0 port 3 set pvid 2
swconfig dev switch0 set apply


III. Regular LAN tagged (id=1) + upstream connection tagged (id=30):
Code:
swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 vlan 1 set ports '1 2 3t 5t'
swconfig dev switch0 port 3 set pvid 1
swconfig dev switch0 vlan 30 set ports '0 3t 5t' # You may also ommit it from the CPU port '0 3t'
swconfig dev switch0 set apply


This last one was a test to find out if I could do it with VLANs other than the default ones.

A few notes:
    - I believe that initially I was having issues because my VLANs were auto-configured to go into br0 causing all sorts of problems;
    - swconfig works and is easy to understand, the GUI not so much. I won't use the GUI anymore since it adds additional complexity and some unpredictability;
    - I'll only add a VLAN to port 5 if I need it managed by the router. Simple tagging / moving traffic around can be done just in the switch;
    - In advanced cases where routing is needed the best course of action is to create a bridge for each VLAN.


Thank you all.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).


Last edited by TCB13 on Mon Nov 28, 2022 13:46; edited 1 time in total
Sponsor
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Mon Nov 28, 2022 8:17    Post subject: Reply with quote
only the solution for the original question is from me and not from someone else

Quote:
swconfig dev switch0 set enable_vlan 1


and you don't need to activate the vlan if it is already activated Wink
you only need to activate it if you reset the switch first

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=333039&start=11

and resetting is done to get rid of other obsolete configurations
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum