Posted: Mon Oct 31, 2022 22:16 Post subject: Re: 802.1q VLAN tagging on Netgear r7000 and r8000
Cobra1582 wrote:
hi does either or both above devices support vlan tagging or is it only port based, from what i can see looks like it is only port based?
Cheers
D
Yes, R8000 supports 802.1q tags and mine has a mix of single VLAN ports and trunks. The trunks go to other devices that natively support .1q and have sub-interfaces on different logical LANs.
Where you may need to be more “hands-on” and fine-tune is in the bridging and firewall tables to get the exact access you need (or wish to prevent), between VLANs, while the GUI is good for general setup. You might also find that the switch-config page in the GUI still lists the physical ports in reverse-order, possibly, temporarily, confounding any testing.
Posted: Wed Nov 23, 2022 12:13 Post subject: Re: 802.1q VLAN tagging on Netgear r7000 and r8000
Hapi12021 wrote:
Cobra1582 wrote:
hi does either or both above devices support vlan tagging or is it only port based, from what i can see looks like it is only port based?
Cheers
D
Yes, R8000 supports 802.1q tags and mine has a mix of single VLAN ports and trunks. The trunks go to other devices that natively support .1q and have sub-interfaces on different logical LANs.
Where you may need to be more “hands-on” and fine-tune is in the bridging and firewall tables to get the exact access you need (or wish to prevent), between VLANs, while the GUI is good for general setup. You might also find that the switch-config page in the GUI still lists the physical ports in reverse-order, possibly, temporarily, confounding any testing.
I've had issues making it tag some some ports and dump the traffic untagged in others... Thank you. _________________ 1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
I've had issues making it tag some some ports and dump the traffic untagged in others... Thank you.
I don’t have any experience with the R7000, only R8000. EGC commented on the 7000.
In my config, I don’t have any untagged ports that are on VLAN 0, if that’s what you are looking for. My untagged ports sit on specific VLANs.
I’m not sure in DD you could just have a “real” VLAN 0, with tagged and untagged traffic, like you do on managed switches. In DD, for a trunk, you simply tag all the VLANs you want on the port, and pick them up on the other device. Note that the other device must support 802.1q to unwind the trunk into sub-interfaces or onto separate bridges, locally. You might be able to do something like what you want with Linux’s VSwitch, on top of the physical switch, for creating entry and exit policy and other advanced features. However, I haven’t tested if VSwitch is even compiled and present in DD to begin with.
The “switch” inside of most consumer routers is still fairly limited in capability and features, compared to a dedicated managed switch. Think of the device as a router with extra ports, and not a full-blown switching device, and that’s a more accurate framework to configure its hardware. That means a bridge per VLAN and making sure all the bridges are set up on the networking tabs before heading to the switch config tab to tag ports.
If you are using the router with the firewall enabled for NAT, e.g. a typical internet gateway, stay away from VLANs 2 and 1 and 0 as they are used by the firmware for WAN and LAN, default, respectively. Traffic on the default VLAN is highly discouraged due to inherent security problems with VLAN-hopping.
Start your VLAN assignments consecutively at 3. PVID and overloading the VID has a bad history on consumer routers and not every device is compatible. If you test and know it works, great, but don’t start out that way for testing.
Last edited by Hapi12021 on Thu Nov 24, 2022 15:39; edited 7 times in total
R8000 is really just R7000 with extra (gimmick) 5.0Ghz Wifi radio band. _________________ Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.
No one can build you the bridge on which you, and only you, must cross the river of life!
When i say gimmick, i mean the WAN is the bottle neck, but if using spare radio for BH then that's a great option. _________________ Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.
No one can build you the bridge on which you, and only you, must cross the river of life!