[SOLVED] Frustration VLAN Asus RT-AC68R v3.0-r51576

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
tickerguy
DD-WRT Novice


Joined: 15 Dec 2016
Posts: 13

PostPosted: Mon Feb 06, 2023 0:14    Post subject: [SOLVED] Frustration VLAN Asus RT-AC68R v3.0-r51576 Reply with quote
This has been running the kong build from 2018 for a long time, but of course that's gone so I thought I'd update it.

Unfortunately I didn't realize I had to copy everything out of both the setup screens and NVRAM before I did it, and have lost my secondary VLAN -- attempting to restore it "best as I remember" has been a ridiculous exercise in frustration leading to lockups and repeated failures.

The configuration I need is a primary SSID on both 2.4g and 5g, which works fine -- its the secondary "Guest" network that's the problem.

The guest network has a different SSID and PW (of course) and should show up on the same wire as VLAN 3; the gateway has an interface listening there (and the switch knows what to do with it as well.)

I have my own DHCP server and firewall; the local network is on 192.168.10.x for the primary and 192.168.4.x for the guest. The gateway for both is at .200 (along with the DHCP and DNS servers.) No firewall or other services are needed; the AP is connected to a switch which knows about VLAN 3 which is the guest, and it has been working fine.

So basically as long as the AP emits the packets from the secondary SSID on VLAN 3 all is well; both can go over one wire and its been on LAN port 1 of the AP forever. But the GUI appears to hose this up good, and I've been unable to figure out the proper incantations (either via nvset commands or via the gui) to get it to work, and what I've tried has locked me out 'hard' and forced me to do a hard reset and start over multiple times.

I've searched through the VLAN configuration stuff I can find but am lost as to what I had set up on Kong's builds and has been working for a long time.

Any pointers on where to start looking appreciated - I'm reasonably sure this was doable without anything other than the GUI config on Kong's stuff, but its been nearly five years so I could easily be wrong.

Thanks in advance.

(Specifically, what is the closest to the Kong build's settings I described here does not appear to work and locks me out of the unit instantly when I try it. https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=306181&highlight=)
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Mon Feb 06, 2023 0:48    Post subject: Reply with quote
its easy, either use swconfig start up commands or try via GUI...on Broadcom routers works via GUI but best is via commands..and you'd need and extra dhcp on the vlan or on the br...

more to come later, now bed time for me : P

post as many details you can, it helps a lot...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
tickerguy
DD-WRT Novice


Joined: 15 Dec 2016
Posts: 13

PostPosted: Mon Feb 06, 2023 1:08    Post subject: Reply with quote
Alozaros wrote:
its easy, either use swconfig start up commands or try via GUI...on Broadcom routers works via GUI but best is via commands..and you'd need and extra dhcp on the vlan or on the br...

more to come later, now bed time for me : P

post as many details you can, it helps a lot...


Do not need DHCP on the router itself (for either the primary or guest); topology looks like this:

Gateway/firewall [Base and & Vlan 3] == Switch [Base and Vlan 3] == Asus AP

The gateway/firewall assigns addresses on both the base and VLAN 3 (as well as handling NAT outbound to the Internet as a whole with appropriate filtering; the Asus box is just an AP, no routing.)

wl0.1 SSID is set for the guest, Masqerade/NAT enabled, unbridged, IP address set to 192.168.4.252/24, AP isolation on.

On the switch configuration page I added the VLAN 3 ID, but if I turn on "tagged" for the LAN port that is in use along with 1 and 3 all communications (not just for the guest network) ceases immediately. I can recover if I only turn it on for the one LAN port I'm using for the uplink by moving the cable to one of the others, but obviously that does me no good in terms of it actually working.

On networking I defined "Tagging" for wl0.1 as tag number 3.
I defined br1 and assigned both vlan3 and wl0.1 to it. The bridging table looks like this:

Bridge Name STP Interface
br0 no eth1 eth2 vlan1 vlan2
br1 no vlan3 wl0.1

I'm missing something from what I had that was working before on the Kong build and when I have br1 up the router locks on me intermittently -- I suspect its crashing and rebooting but not sure.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Feb 06, 2023 11:01    Post subject: Reply with quote
Moved this thread to the appropriate Broadcom forum.

Attached my personal notes about using VLAN's, maybe they are useful, I use a Broadcom router more or less the same as you are and setting things up has never been easier Wink



DDWRT VLANs, VAPs and WAPs-6.pdf
 Description:

Download
 Filename:  DDWRT VLANs, VAPs and WAPs-6.pdf
 Filesize:  639.46 KB
 Downloaded:  89 Time(s)


_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
tickerguy
DD-WRT Novice


Joined: 15 Dec 2016
Posts: 13

PostPosted: Mon Feb 06, 2023 13:15    Post subject: Reply with quote
Aha.

I was (massively) overthinking it which is where I got tied up in knots putting an address on the secondary interface and such. The one thing that DID have me seriously confused is that I couldn't figure out how to get the trunk port to run untagged for vlan1, as my switch is set up that way (untag primary member, tag everything else), but that's an easy change in the switch config for this specific port. This is something the GUI should support (a "this is primary" checkbox would do it, if the hardware can.)

Thanks; the PDF made it clear enough to figure it out.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Feb 06, 2023 13:31    Post subject: Reply with quote
Glad you solved it.

The DDWRT GUI actually needs to show the CPU port(s) and should have the ability to have a VLAN with one untagged and one or more tagged ports.

This has been extensively discussed but as it is easy to use swconfig to manually accomplish all this and the GUI needs a whole rewrite I fear it is not going to happen anytime soon.

Volunteers welcome Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum