Posted: Wed Apr 10, 2024 0:36 Post subject: Configuring VLAN
Hi,
I use an activated DD-WRT r55678 (dd-wrt_x64_full_vga_2GB) firmware.
Despite multiple hours spent on various guides search and trial - error attempts I didn't manage to create a working VLAN on eth1 (for safety reasons - IoT network).
The Networking configuration settings as in the attached picture (default settings).
It may be helpful to mention that the command "nvram show | grep vlan.*ports"
returns "size: 21553 bytes (109519 left)
vlan3ports=1"
I would be grateful if smn could give me some help in this - preferably through command line.
A screenshot of your Switch Config tab would also be useful. Did you set that up? _________________ - Linksys EA8500: I-Gateway, AP/VAP 5ghz only r57753: Features: WDS-AP, VLANs, Samba, WG, Entware
- Linksys EA8500: WDS Station x2 - r57753
- Netgear R6400v2: WAP/VAP 2.4ghz only w/VLANs over single trunk port. r57753
- Linksys MX4300 (WAP/VAP (7)) - r58244: Features in use: multiple VLANs over single trunk port
- Linksys MR7350: Testing r58244
- Linksys Velop WHW03v1 x2: OpenWRT w/GRETAP tunnel for VLANs on VAPs
- OSes: Fedora 39, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '95, never having owned a Windows PC.
By following your instructions I have done some configurations in Networking tab in order to attach any device on physical port Eth1 to VLAN7.(attached picture)
Although everything seems to me OK none of the devices connected on physical port Eth1 gets online.
I have tried a lot to find a way around with no success
I rely on your expertise and your goodwill for some further help:-)
x86 do not have a "switch config" tab because they do not have a switch...
Duh! I knew that. Wasn't paying enough attention when I posted. Sorry for the bad information. _________________ - Linksys EA8500: I-Gateway, AP/VAP 5ghz only r57753: Features: WDS-AP, VLANs, Samba, WG, Entware
- Linksys EA8500: WDS Station x2 - r57753
- Netgear R6400v2: WAP/VAP 2.4ghz only w/VLANs over single trunk port. r57753
- Linksys MX4300 (WAP/VAP (7)) - r58244: Features in use: multiple VLANs over single trunk port
- Linksys MR7350: Testing r58244
- Linksys Velop WHW03v1 x2: OpenWRT w/GRETAP tunnel for VLANs on VAPs
- OSes: Fedora 39, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '95, never having owned a Windows PC.
disable STP on br1
enable net isolation on br1
delete the additional DHCP server for br0
Which IP address range does the normal LAN network have?
(hopefully a different one than br1)
second question do the devices connected to eth1 get IP addresses in the range 192.168.107.1/24?
and finally the price question, is there a device connected to eth1 that is capable of VLAN7 tagging?
this is a tagged VLAN
only devices that can handle IEEE 802.1q, such as managed switches or other routers, can be connected to a tagged port.
If you want to connect a normal end device to the port that is not capable of tagging, then it will not work.
But then you don't need a tagged VLAN... then you can delete eth1.7 again and bridge eth1 with br1.
Firstly I applied your remarks with no success .Moreover it may be helpful to mention that:
1. My normal LAN network have basic IP address 192.168.1.1/24 starting at 192.168.1.2 with Maximum DHCP Users 240. The br1 Network have basic IP address 192.168.107.1/24 starting at 192.168.107.2 with Maximum DHCP Users 240.
2. The IoT network on eth1 is based upon an ASUS RT-AC68U with factory firmware configured as Access Point with factory default settings.
3. The smart devices, connected through the aforementioned AP, are mostly of the sonoff smart switch type, Alexa echo dot, and some wifi capable devices like A/Cs and kitchen appliances. So I cant be sure if they are capable of tagging or not.
Secondly I followed the alternative proposed solution by bridging eth1 with br1 (1st Picture) which seem to work i.e. I cannot ping from one virtual network to the other.(2nd Picture)
I feel really indebted
P.S. Should I denote this topic as SOLVED or smth?
The Asus router is certainly capable of VLAN tagging.
But this is not required for such a simple configuration.
Tagging is required if you want to transport several VLANs via one port and one cable.
The GUI setting "network isolation" only becomes active when a WAN connection is established.
If there is no WAN connection, the networks are not isolated from each other.
If you want to change this, you need manual firewall settings.
Your help was invaluable in order to increase the safety in my network.
As for any additional firewall settings that you have mentioned in previous post, according to my limited experience, it would be more like opening up a can of worms
In any case I got a lot of useful knowledge about VLANs, tagging, bridges etc.