DM200 transparent bridge, access to management interface

I have installed the a1comms (imacarpet) transparent bridge firmware on my Netgear DM200. The bridge is working great with my Asus N66U router but cannot seem to work out how to access the management interface which is on VLAN2. The network config is. -

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdcd:064d:fec0::/48'

config atm-bridge 'atm'
	option vpi '0'
	option vci '38'
	option encaps 'llc'
	option payload 'bridged'
	option nameprefix 'dsl'

config dsl 'dsl'
	option annex 'a'
	option xfer_mode 'mixed' 
	option tone 'auto'
	option firmware '/lib/firmware/dm200.bin'

config interface 'mgmt'
	option type 'bridge'
        option ifname 'eth0.2'
        option proto 'static'
        option ipaddr '172.16.2.250'
        option netmask '255.255.255.0'

config device 'lan_dev'
	option name 'eth0'
	option macaddr '%LAN_MAC%'

config interface 'wan_adsl'
	option type 'bridge'
        option ifname 'eth0 dsl0'
	option proto 'none'
	option auto '0'

config interface 'wan_vdsl'
        option type 'bridge'
        option ifname 'eth0 dsl0.101'
        option proto 'none'
        option auto '0'	

config device 'wan_dev'
	option name 'dsl0'
	option macaddr '%WAN_MAC%'

I have tried connecting a PC directly to the DM200 with the IP set to 172.16.2.254 but get no response using http://172.16.2.250. I am looking for help in how to config the PC or the N66U to allow me to access the management interface which should be on VLAN2 with an IP of 172.16.2.250.

Thanks

Andy.

Without a switch between the two, I’d approach it by changing your OpenWrt switch config to not use VLAN 2 as it does now (changing it to VLAN 10 or something), then adding a VLAN 2 interface on the management subnet (tagged on the switch port the other device is attached to). Then you can use ssh to port forward.

Edit: looks like you’ve got some of that already. Forwarding can be challenging if you can’t install static routes on the upstream device. Seeing your switch config would help.

1 Like

Update:
The OpenWrt config you posted is from the DM200, right?

https://wiki.archlinux.org/index.php/VLAN

@mpa

The OpenWRT config posted is from the DM200 so its IP is172.16.2.250, hence why I set PC to 172.16.2.254.

@jeff

This is my switch config on the N66U

Switch: enabled gigabit
Port 0: 100FD enabled stp: none vlan: 2 jumbo: off mac: 10:e8:78:a7:93:11
Port 1: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 1c:87:2c:44:32:ab
Port 2: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 3: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 0c:f9:c0:31:6c:f0
Port 4: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 8: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 50:46:5d:6d:41:78
VLANs: BCM53115 enabled mac_check mac_hash
1: vlan1: 1 2 3 4 8t
2: vlan2: 0 8u

Hope this info may help. Pretty new to network setup and never used VLANs so on quite a steep learning curve atm trying to get my head around it all.

Thanks

Andy.

8u (untagged) should be 8t (tagged), and I guess 0 should be 0t as well.

@mpa

I assume the N66U Lan IP also needs to be in the 172.16.2.x range.

I suggest not to change the LAN IP, but to follow @jeff's advice instead: add a VLAN2 management interface on the Asus N66U after getting rid of any previous use of VLAN2.

@mpa

Cant change any config on the DM200 whilst its in bridge mode as I have no access which is why I am trying to config the N66U to access the management interface on it thats been setup as default on VLAN2 with the config I first posted. I will start by changing the current default setting I posted to vlan2: 0t 8t on the N66U. As I have never used VLAN I should not have any previous use of VLAN2. The Lan IP of the N66U is currently set to 192.168.1.1 with all connected devices on 192.168.1.x.

I meant to set up a VLAN2 management interface on the N66U.

Can't speak about the Asus, but many routers use VLAN2 for WAN in their default configuration.

If its of use to anyone heping me out this is the ifconfig output from my N66U

ASUSWRT-Merlin RT-N66U_3.0.0.4 Sun Aug  6 00:10:38 UTC 2017
admin@RT-N66U-4178:/tmp/home/root# ifconfig
br0       Link encap:Ethernet  HWaddr 50:46:5D:6D:41:78
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0  
		  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1     
		  RX packets:1925294 errors:0 dropped:0 overruns:0 frame:0    
		  TX packets:995067 errors:0 dropped:0 overruns:0 carrier:0   
		  collisions:0 txqueuelen:0
		  RX bytes:429442321 (409.5 MiB)  TX bytes:230220902 (219.5 MiB) 
		  
eth0      Link encap:Ethernet  HWaddr 50:46:5D:6D:41:78
	      inet addr:169.254.248.181  Bcast:169.254.255.255  Mask:255.255.0.0
	      UP BROADCAST RUNNING MULTICAST  MTU:1508  Metric:1
	      RX packets:28564357 errors:0 dropped:0 overruns:0 frame:0
	      TX packets:28396142 errors:0 dropped:0 overruns:0 carrier:0
	      collisions:0 txqueuelen:1000
	      RX bytes:972103020 (927.0 MiB)  TX bytes:242679946 (231.4 MiB) 
	      Interrupt:4 Base address:0x2000
	  
eth1      Link encap:Ethernet  HWaddr 50:46:5D:6D:41:78
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
		  RX packets:19002779 errors:0 dropped:0 overruns:0 frame:2891365
		  TX packets:17983309 errors:43 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:1000
		  RX bytes:691450887 (659.4 MiB)  TX bytes:2263032560 (2.1 GiB)
		  Interrupt:3 Base address:0x8000

eth2	  Link encap:Ethernet  HWaddr 50:46:5D:6D:41:7C
		  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
		  RX packets:1475587 errors:0 dropped:0 overruns:0 frame:2290312
		  TX packets:4414299 errors:9 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:1000
		  RX bytes:190318483 (181.5 MiB)  TX bytes:4283807740 (3.9 GiB)
		  Interrupt:5 Base address:0x8000

lo        Link encap:Local Loopback
		  inet addr:127.0.0.1  Mask:255.0.0.0
		  UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
		  RX packets:102392 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:102392 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:0
		  RX bytes:10637030 (10.1 MiB)  TX bytes:10637030 (10.1 MiB)

ppp0	  Link encap:Point-to-Point Protocol
		  inet addr:80.229.2.124  P-t-P:195.166.130.250  Mask:255.255.255.255
		  UP POINTOPOINT RUNNING MULTICAST  MTU:1492  Metric:1
		  RX packets:24302079 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:22218011 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:3
		  RX bytes:3982658246 (3.7 GiB)  TX bytes:1247003816 (1.1 GiB)

vlan1	  Link encap:Ethernet  HWaddr 50:46:5D:6D:41:78
		  UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
		  RX packets:4167639 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:6094259 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:0
		  RX bytes:927167837 (884.2 MiB)  TX bytes:3303123033 (3.0 GiB)

A few things I see here:

You are using VLANs, even if you haven't configured them. Switches use VLANs internally to segregate ("wire") traffic. It looks like Merlin, like OpenWrt, uses VLAN 1 and VLAN 2 in the switch for LAN vs. WAN traffic. If you want to use VLAN 2 for another purpose, you'll need to change that configuration.

I also don't see any VLAN 2 interface on your Asus router, nor any interface with 172.16.2.250 assigned. The self-assigned 169.254.248.181 on eth0 is puzzling, though I don't know how Merlin handles its interfaces.

1 Like

I dont know if this will help at all but this is a segment of the readme.md from the github firmware that I built and installed on the DM200.

This firmware when built and flashed to the Netgear DM200, will make it operate in a transparent bridge mode, where it will auto-configure to either ADSL or VDSL, depending on what is detected on the line.

Networking Setup

The internet connection from the ISP is always bridged directly to the ethernet port, untagged (you don't need to specify VLAN 101 for FTTC, this is handled internally), allowing you to do PPPoE or just DHCP directly on your ethernet router, depending on the connection type from your ISP.

Management Interface (VLAN 2)

As well as the connection bridge, we also expose a management network on VLAN 2, allowing you to access connection status, or manage the modem (SSH, Luci, firmware flash, etc).

Modem network settings for VLAN 2 :

IP Address:            172.16.2.250
Network Mask:          255.255.255.0

Expected router IP:    172.16.2.254

Services exposed:

SSH (port 22):               root@172.16.2.250

Web:
    Status Overview page:    http://172.16.2.250/
    Status JSON feed:        http://172.16.2.250/cgi-bin/luci/a1comms/status/json
    Luci Web Admin Panel:    http://172.16.2.250/cgi-bin/luci

A drawing of your connections would help, as would a link to the firmware that you've installed. Right now I am very confused as to where you expect there to be the 172.16 address and fromwhere you expect to be able to access it.

The firmware was built from the following github page.

Basically I have the DM200 modem setup with the above firmware as a Transparent vdsl bridge connected to my line and Its single Lan port connected to the WAN port on the N66U. All devices are then either wired to the N66U lan ports or wireless and currently all set to 192.168.1.x range. My next test will be to alter the router and connected devices to 172.16.2.x range to see what happens when I try to access the DM200 management interface on 172.16.2.250.

Then this isn't official OpenWrt. Have you submitted a ticket here: https://github.com/a1comms/openwrt-netgear-dm200-bridge/issues/new

Did you setup your PC to access VLAN2 tagged on Ethernet?

When I tried the direct connection from DM200 to PC I did not have any settings on the PC to access a tagged Vlan as not exactly sure how to do it. I have not as yet submitted anything to github as thought its most probably just my setup being a newbie to rthis and not really an issue with the firmware.

"Configure VLANs in a Microsoft Windows Environment"
https://docs.oracle.com/cd/E19407-01/820-7898-11/z40001c91004554.html

1 Like

I dont have a VLan option in my adaptor settings so unable to follow that guide but will have a search around the net and see what I come up with.

2 Likes

My laptop had the Vlan setting in its drivers and I managed to get that to connect to the DM200 management interface on Vlan2 so all that remains now is to try and get a config that allows a connection via the N66U.

So, I just use:

config interface 'WAN4BTHH5A'
        option proto 'static'
        option ipaddr '192.168.100.2'
        option netmask '255.255.255.0'
        option ifname 'eth1.2'

To access my modem.

In your case with 172.16.2.250 I would guess the following might work

config interface 'WAN4DM200'
        option proto 'static'
        option ipaddr '172.16.2.251'
        option netmask '255.255.255.0'
        option ifname 'eth0.2'

but that assumes that eth0 is a real interface not connected to the wan port via the switch. I also added that interface into the firewall zone containing wan.
Most of the time this works....