AVM 4040: vlan

weka · December 12, 2019, 12:05pm

Hello!

I am in need of a new router, because my old one won't support new versions of OpenWRT any more. (Not enough memory!)

The AVM 4040 came to my attention, but I also read the warnings about VLAN1 and VLAN2 and now I am confused. Does this mean that only two of the LAN ports can be used for VLANs?

I need a router that can be configured to serve 5 subnets: 4 LAN and 1 WAN. It's not important if they are configured as VLAN or as "real" networks like eth0, eth1, eth2, eth3. I just need 5 different networks that can be administrated and restricted by firewall rules and routing.

So, my question is: can this be done using the 4040 or should I better look for another device?

Thanks in advance for hints and help!

trendy · December 12, 2019, 1:19pm

You can use other vlan ids, not 1 and 2, like the other members of the forum did in that mentioned thread.

weka · December 12, 2019, 3:09pm

So it is just all about the names "vlan1" and "vlan2", and not about the actual hardware LAN ports? If I get it right now, I will be able to use any of the five LAN ports and assign any network I like to them, as long as I do use the names "vlan1" and "vlan2". Correct?

One more question: how many independent WiFi networks can be realized with this box? Right now my old router opens 3 wireless networks: 1 for my business notebook, one for all the private android devices, and one for guests. Will this also be possible with the 4040?

trendy · December 12, 2019, 3:33pm

Not exactly. The name that you will use for the interface is totally up to you. What you cannot use is VLAN IDs 1 and 2. You can use 3, 4, ... etc.

No idea, you would have to run the iw phy command to find out.

aboaboit · December 12, 2019, 3:36pm

Here is the output on my 4040:

Wiphy phy1
        max # scan SSIDs: 16
        max scan IEs length: 199 bytes
        max # sched scan SSIDs: 0
        max # match sets: 0
        max # scan plans: 1
        max scan plan interval: -1
        max scan plan iterations: 0
        Retry short limit: 7
        Retry long limit: 4
        Coverage class: 0 (up to 0m)
        Device supports AP-side u-APSD.
        Available Antennas: TX 0x3 RX 0x3
        Configured Antennas: TX 0x3 RX 0x3
        Supported interface modes:
                 * managed
                 * AP
                 * AP/VLAN
                 * monitor
                 * mesh point
        Band 2:
                Capabilities: 0x19ef
                        RX LDPC
                        HT20/HT40
                        SM Power Save disabled
                        RX HT20 SGI
                        RX HT40 SGI
                        TX STBC
                        RX STBC 1-stream
                        Max AMSDU length: 7935 bytes
                        DSSS/CCK HT40
                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                Minimum RX AMPDU time spacing: 8 usec (0x06)
                HT TX/RX MCS rate indexes supported: 0-15
                VHT Capabilities (0x339959b2):
                        Max MPDU length: 11454
                        Supported Channel Width: neither 160 nor 80+80
                        RX LDPC
                        short GI (80 MHz)
                        TX STBC
                        SU Beamformer
                        SU Beamformee
                        MU Beamformer
                        MU Beamformee
                        RX antenna pattern consistency
                        TX antenna pattern consistency
                VHT RX MCS set:
                        1 streams: MCS 0-9
                        2 streams: MCS 0-9
                        3 streams: not supported
                        4 streams: not supported
                        5 streams: not supported
                        6 streams: not supported
                        7 streams: not supported
                        8 streams: not supported
                VHT RX highest supported: 0 Mbps
                VHT TX MCS set:
                        1 streams: MCS 0-9
                        2 streams: MCS 0-9
                        3 streams: not supported
                        4 streams: not supported
                        5 streams: not supported
                        6 streams: not supported
                        7 streams: not supported
                        8 streams: not supported
                VHT TX highest supported: 0 Mbps
                Frequencies:
                        * 5180 MHz [36] (20.0 dBm)
                        * 5200 MHz [40] (20.0 dBm)
                        * 5220 MHz [44] (20.0 dBm)
                        * 5240 MHz [48] (20.0 dBm)
                        * 5260 MHz [52] (20.0 dBm) (radar detection)
                        * 5280 MHz [56] (20.0 dBm) (radar detection)
                        * 5300 MHz [60] (20.0 dBm) (radar detection)
                        * 5320 MHz [64] (20.0 dBm) (radar detection)
                        * 5500 MHz [100] (27.0 dBm) (radar detection)
                        * 5520 MHz [104] (27.0 dBm) (radar detection)
                        * 5540 MHz [108] (27.0 dBm) (radar detection)
                        * 5560 MHz [112] (27.0 dBm) (radar detection)
                        * 5580 MHz [116] (27.0 dBm) (radar detection)
                        * 5600 MHz [120] (27.0 dBm) (radar detection)
                        * 5620 MHz [124] (27.0 dBm) (radar detection)
                        * 5640 MHz [128] (27.0 dBm) (radar detection)
                        * 5660 MHz [132] (27.0 dBm) (radar detection)
                        * 5680 MHz [136] (27.0 dBm) (radar detection)
                        * 5700 MHz [140] (27.0 dBm) (radar detection)
                        * 5720 MHz [144] (disabled)
                        * 5745 MHz [149] (disabled)
                        * 5765 MHz [153] (disabled)
                        * 5785 MHz [157] (disabled)
                        * 5805 MHz [161] (disabled)
                        * 5825 MHz [165] (disabled)
                        * 5845 MHz [169] (disabled)
        valid interface combinations:
                 * #{ managed } <= 1, #{ AP, mesh point } <= 16,
                   total <= 16, #channels <= 1, STA/AP BI must match, radar detect widths: { 20 MHz (no HT), 20 MHz, 40 MHz, 80 MHz }

        HT Capability overrides:
                 * MCS: ff ff ff ff ff ff ff ff ff ff
                 * maximum A-MSDU length
                 * supported channel width
                 * short GI for 40 MHz
                 * max A-MPDU length exponent
                 * min MPDU start spacing
        Device supports VHT-IBSS.
Wiphy phy0
        max # scan SSIDs: 16
        max scan IEs length: 209 bytes
        max # sched scan SSIDs: 0
        max # match sets: 0
        max # scan plans: 1
        max scan plan interval: -1
        max scan plan iterations: 0
        Retry short limit: 7
        Retry long limit: 4
        Coverage class: 0 (up to 0m)
        Device supports AP-side u-APSD.
        Available Antennas: TX 0x3 RX 0x3
        Configured Antennas: TX 0x3 RX 0x3
        Supported interface modes:
                 * managed
                 * AP
                 * AP/VLAN
                 * monitor
                 * mesh point
        Band 1:
                Capabilities: 0x19ef
                        RX LDPC
                        HT20/HT40
                        SM Power Save disabled
                        RX HT20 SGI
                        RX HT40 SGI
                        TX STBC
                        RX STBC 1-stream
                        Max AMSDU length: 7935 bytes
                        DSSS/CCK HT40
                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                Minimum RX AMPDU time spacing: 8 usec (0x06)
                HT TX/RX MCS rate indexes supported: 0-15
                Frequencies:
                        * 2412 MHz [1] (20.0 dBm)
                        * 2417 MHz [2] (20.0 dBm)
                        * 2422 MHz [3] (20.0 dBm)
                        * 2427 MHz [4] (20.0 dBm)
                        * 2432 MHz [5] (20.0 dBm)
                        * 2437 MHz [6] (20.0 dBm)
                        * 2442 MHz [7] (20.0 dBm)
                        * 2447 MHz [8] (20.0 dBm)
                        * 2452 MHz [9] (20.0 dBm)
                        * 2457 MHz [10] (20.0 dBm)
                        * 2462 MHz [11] (20.0 dBm)
                        * 2467 MHz [12] (20.0 dBm)
                        * 2472 MHz [13] (20.0 dBm)
                        * 2484 MHz [14] (disabled)
        valid interface combinations:
                 * #{ managed } <= 1, #{ AP, mesh point } <= 16,
                   total <= 16, #channels <= 1, STA/AP BI must match, radar detect widths: { 20 MHz (no HT), 20 MHz, 40 MHz, 80 MHz }

        HT Capability overrides:
                 * MCS: ff ff ff ff ff ff ff ff ff ff
                 * maximum A-MSDU length
                 * supported channel width
                 * short GI for 40 MHz
                 * max A-MPDU length exponent
                 * min MPDU start spacing
        Device supports VHT-IBSS.

aboaboit · December 12, 2019, 3:38pm

For sure it can go up to 2, I posted the "iw phy" output above, have a look.

Regarding the VLAN, I used 101 and 102 and they work nicely. As already said, steer clear of 1 and 2 and it should be fine.

trendy · December 12, 2019, 3:41pm

Thanks @aboaboit! Looks like it can support up to 1 managed and up to 16 ap.

aboaboit · December 12, 2019, 3:45pm

What is the meaning of "managed" in this context? I know what a managed switch is but wifi?
Here I have 2 SSIDs in 2 VLANs.

trendy · December 12, 2019, 3:47pm

It's the client mode.

aboaboit · December 12, 2019, 3:48pm

Ah, right, I forgot about that because I don't use it

weka · December 12, 2019, 3:56pm

Not exactly. The name that you will use for the interface is totally up to you. What you cannot use is VLAN IDs 1 and 2. You can use 3, 4, ... etc.

This is where you confuse me a little bit more.

What exactly is the difference between your words and mine?

Let me put my question this way: can I create 5 VLANs on the 4040 and assign one VLAN to each of the 5 hardware ports?

Or are two of those ports preoccupied and taboo for me to use?

aboaboit · December 12, 2019, 3:59pm

the wan port is not part of the switch, so I guess you could go up to 4.

weka · December 12, 2019, 4:06pm

So I will get 4 VLAN ports plus 1 WAN port, which will add up to 5 independent cabled networks?

trendy · December 12, 2019, 4:07pm

You are confusing the VLAN IDs and the physical ports.

You can, however you have 4 ports attached on the switch as @aboaboit mentioned.
If you want to assign 5 or more interfaces on 4 physical ports, then you would need to trunk the VLANs occupying the same port.

weka · December 12, 2019, 4:12pm

Yes, there is still a bit of confusion at my site.

No, I don't need more then 5 networks. At least not yet...

4 VLAN ports, plus 1 WAN port that will be connected to the ISP, will be enough.

jeff · December 12, 2019, 4:48pm

"VLAN" - "Virtual LAN" -- it is an extra "tag" on each Ethernet packet that many switches and "manually configured" Ethernet adapters on various hosts can read to read/write "the right" packets from/to the line. A little "magic" that allows multiple network segments to be carried on a single cable.

Port -- in this context is a physical socket on the back of your router. If you plug an "ordinary" device into a port, it only sees "untagged" (no VLAN) packets. In practical applications, this means one "client" port can support one network segment.

Trunking -- When you plug a VLAN-aware switch or device into a port, then that single wire can carry more than one network and the device on the other end "sorts it out". Often this is used to connect a "managed" ("VLAN-aware") switch in that then splits out the VLANs into its own ports, so that ordinary devices could be plugged into their own ports on that switch and see a "normal" (untagged), single network.

weka · December 12, 2019, 8:48pm

Thank you!

I admit my knowledge about VLAN is not very great. I came across this technique when I was searching for a way to build a firewall between my ISP and my own private network. This need braught me to OpenWRT.

Right now I am using a TP-Link for that purpose, which has reached its limits. But I can choose between "tagged" and "untagged" on each port of the switch. In the latter case, they behave like "ordinary" network ports. I assume that this is possible with the 4040 as well. If the 4040 is only capable of tagged network traffic, I'll have to look for another device.

jeff · December 12, 2019, 8:52pm

Given what I understand of your desired configuration, you will probably

Tag packets on the SoC's interface(s) to allow them to be handled separately by the CPU and by the switch in the SoC ("box")
Configure the switch to "wire" one VLAN to one (or more) "LAN" ports
Set those switch ports to be untagged for the devices you connect to them

weka · December 12, 2019, 8:56pm

Yes, that is correct: the TP switch is configured quite like you said. The CPU is wired to eth0, which gets "tagged" traffic, and each port of eth1 is configured as a separate VLAN (1-5) with untagged traffic. The WAN port is the 5th VLAN.

weka · December 14, 2019, 10:33am

Thank you (all) for your help and the explaining so far!

After what I've read so far, the 4040 should be exactly what I need: it can be run with OpenWRT and it has enough memory to be on the safe side for the next few OS releases. As a bonus, it also blends in perfectly with my old 7390. (Which I still use as a phone box: DECT, voicebox, fax.)