DM200 transparent bridge, access to management interface

@moeller0

I guess from the if names that is the config from a BTHH5A . My Asus N66U is running Rmerlin firmware and not OpenWRT . The OpenWRT config info posted earlier in the thread is from my DM500 modem which is what I am trying to connect to through the N66U.

Correct, but this is the config I use on my main router to access the BTHH5A, so pretty much the same situation that you are in. Except I am sure my main router has a dedicated ethernet interface for the WAN side, so having multiple VLANs there is not an issue. (I have the BTHH5A configured to bridge LAN.7 with the VDSL device, while LAN.2 goes into its br-lan). Not sure how to configure using vlan.2 and untagged traffic on the same interface, but I am sure that should be possible as well.

From what I can gather the Asus splits the traffic into 2 vlans to keep them seperate. vlan1 for LAN and vlan2 for WAN. It may be due to how vlan is used internally in the router that may be causing my issues trying to access vlan2 on the wan port modem. I have posted in the asus section of SNB forum but not got a responce as of yet. I maybe need to possibly try to change the modem management IF to say vlan20 to avoid any possible issues with the vlan2 internal setup in the Asus N66U. Tghen again I may be barking up the wrong tree.

The ifconfig output was helpful, but does not show the whole picture. Do you have some of the following tools available on the N66U?

  • ip
  • vconfig
  • brctl

You could use them to display information about VLAN interfaces (VLAN ID) and bridge members. For example:

  • ip -d link ls dev vlan1
  • brctl show

I guess to set up the VLAN2 management interface on the N66U, something like the following needs to be done (untested, since I don't own this device):

Starting from the original switch config:

1: vlan1: 1 2 3 4 8t
2: vlan2: 0 8u

Renumber VLAN2 (WAN) to VLAN3:

1: vlan1: 1 2 3 4 8t
3: vlan3: 0 8u

and insert the new VLAN2 for the management interface:

1: vlan1: 1 2 3 4 8t
2: vlan2: 0t 8t
3: vlan3: 0 8u

You'll also have to set up a vlan2 interface in the network configuration of the N66U, and give it an IP address from the 172.16.2.0/24 network.

Now VLAN2 is tagged and VLAN3 is untagged on Port 0 (the N66U's WAN port), and you should be able to ping 172.16.2.250 from the N66U.

@mpa

Would it possibly be less messing (less likely to mess other things up) to change vlan2 to 3 or 20 on the D500 modem then use vlan3 (or 20) 0t 8t and leave vlan2 unchanged on the N66U . Currently the modem is set to 192.168.1.250 (was 172.16.2.250) and the N66U is 192.168.1.1. Is this ok or does the modem vlan need to be on a seperate subnet.

Both variants (VLAN 2 vs. 3) should work equally well.
However, I recommend to keep the VLAN IDs consecutive - do not use VLAN 20.

Use a unique subnet for each VLAN, but within a VLAN (say management), use IP addresses from the same subnet.

For example:

  • VLAN 2 or 3: management subnet 172.16.2.0/24 (DM200: 172.16.2.250, N66U: 172.16.2.251)
  • VLAN 1: LAN subnet 192.168.1.0/24 (N66U: 192.168.1.1)

I read on the SNB forums that its best to stay away from single digit vlans as some are reserved by ASUS in the firmware so decided to stick with vlan20 for my tests to be on the safe side. Just got to work out how to setup the new vlan20 interface on the N66U. I have used roboctl vlan 20 ports "0t 8t" to get that set and now looking how to do the rest with vconfig and brctl etc.

1 Like

The vlan20 IP on the DM500 modem i am trying to connect to on the WAN port is now 192.168.5.1. Do these commands look about right to setup the vlan on the N66U.

robocfg vlan 20 ports "0t 8t"
vconfig add eth 0 20
ifconfig vlan20 192.168.5.254 netmask 255.255.255.0 up

or do i need to also setup a bridge interface for it with brctl

I can now ping the modem on 192.168.5.1 using the above settings but I cannot get anything from http://192.168.5.1/cgi-bin/luci. A Tracert to 192.168.5.1 stops at 192.168.1.1 (the N66U IP)
This is my current ifconfig.

ASUSWRT-Merlin RT-N66U_3.0.0.4 Sun Aug  6 00:10:38 UTC 2017
admin@RT-N66U-4178:/tmp/home/root# ifconfig
br0       Link encap:Ethernet  HWaddr 50:46:5D:6D:41:78
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:22235 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8412 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4584210 (4.3 MiB)  TX bytes:1622017 (1.5 MiB)

eth0      Link encap:Ethernet  HWaddr 50:46:5D:6D:41:78
          inet addr:169.254.248.181  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1108742 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1141313 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1319115785 (1.2 GiB)  TX bytes:1421045407 (1.3 GiB)
          Interrupt:4 Base address:0x2000

eth1      Link encap:Ethernet  HWaddr 50:46:5D:6D:41:78
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:171704 errors:0 dropped:0 overruns:0 frame:20936
          TX packets:136407 errors:2 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:137046368 (130.6 MiB)  TX bytes:17618957 (16.8 MiB)
          Interrupt:3 Base address:0x8000

eth2      Link encap:Ethernet  HWaddr 50:46:5D:6D:41:7C
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8519 errors:0 dropped:0 overruns:0 frame:94588
          TX packets:27049 errors:2 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1153989 (1.0 MiB)  TX bytes:17628293 (16.8 MiB)
          Interrupt:5 Base address:0x8000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
          RX packets:974 errors:0 dropped:0 overruns:0 frame:0
          TX packets:974 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:104287 (101.8 KiB)  TX bytes:104287 (101.8 KiB)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:80.229.2.124  P-t-P:195.166.130.252  Mask:255.255.255.255
          UP POINTOPOINT RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:43791 errors:0 dropped:0 overruns:0 frame:0
          TX packets:57266 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:11305233 (10.7 MiB)  TX bytes:42756060 (40.7 MiB)

vlan1     Link encap:Ethernet  HWaddr 50:46:5D:6D:41:78
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:127088 errors:0 dropped:0 overruns:0 frame:0
          TX packets:859630 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:15593201 (14.8 MiB)  TX bytes:1275998234 (1.1 GiB)

vlan20    Link encap:Ethernet  HWaddr 50:46:5D:6D:41:78
          inet addr:192.168.5.254  Bcast:192.168.5.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

It seems I now cannot ping the modem on 192.168.5.1 but can ping the vlan20 ip 192.168.5.254

I have finally found a config that works. The management interface of the DM200 is now set to vlan20 with an IP of 192.168.1.250. The N66U is set to 192.168.1.1 and I issued rthe folloing commands to setup vlan 20 on its WAN port.

robocfg vlan 20 ports "0t 8t"
vconfig add eth0 20
ifconfig vlan20 up
brctl addif br0 vlan20

I can now access the management interface of the DM200 modem fron any connected device by using "http://192.168.1.250/cgi-bin/luci. I now need to find out how to make the settings persist a reboot for which I think I need a script.

Thanks everyone for your input.

1 Like