Hi, I am trying to figure out the best way to do something a little out of the ordinary. I have ATT fiber home internet (XGS-PON). I have a WAG-D20 I want to use to replace the ATT provided BGW320. The issue is, ATT tags all the traffic with VLAN 0, a non-standard vlan tag and my main router (Watchguard m590) will not connect as I can’t set that vlan tag up on the WAN port. So my thought is to use OpenWRT as a bridge for this somehow. I want to connect the OpenWRT device directly to the WAG-D20 and then pass all traffic, including my static IP block to be used by the Watchguard. The OpenWRT would basically have 2 ports in use, ingress from ATT, egress to Watchguard. I don’t want the traffic messed with at all so all policies can be created on the Watchguard.
Has anyone ever done anything like this before? And help would be much appreciated. I have not installed OpenWRT on hardware yet but I’m planning to use one of those r86s devices because I need the 2 SFP+ ports.
If I'm correct, you basically need a 2-port switch that has one port configured as vlan trunk and the other one as untagged vlan 0 (** read more later on that number!). Connect your WAG-D20 to the trunk port and your Watchguard to the untagged port.
Trunk port means:
- it expects packages from the outside to always contain vlan tags
Untagged vlan 1 means:
- It only lets packages out that are tagged with vlan 1
- It strips the vlan 1 tag from packages then traveling out
- It expects packages to not contain a vlan tag when entering
- It inserts the vlan 1 tag to all packages entering.
So you don't need a router, you need a managed switch. Which can be achieved by OpenWRT. You don't need any routing software, or additional service, just the vlan bridge setting.
I'm not entirely sure what ATT is doing, though. Vlan ID 0 is not a valid number to be configured for a port. If a sender tags its package with vlan 0, it basically says "you, the receiving switch, surely have a default vlan ID. Use this, whatever the number might be". If that's the ways ATT is using the vlan 0, you're good with any managed switch. If ATT actually uses vlan ID 0 as an actual vlan ID, then you might be out of lock with any device.
So if ATT is behaving according to specs, you shouldn't hang on to "vlan 0" but use vlan 1 instead. 1 is default on most devices and "vlan 0" just means "use default".
I'd try any ordinary managed switch, use "tagged/trunk" on the D20 and "untagged vlan 1" on the Watchguard side. That should translate the "vlan 0" packages coming in from the D20 to vlan 1 within the switch and pass it to the Watchguard without tags.
May I ask what you say, how to do it? 