I would suggest to first reset the dm200 modem to defaults (firstboot) and configure it as router for testing, this should answer the question of what you need for your ISP (VLAN settings in particular). Once you've sorted that, you can reset it again and work on your preferred setup, refer to https://openwrt.ebilan.co.uk/viewtopic.php?f=7&t=266 (yes, different device, but relatively similar) for quite some configuration hints and tweaks.
1 Like
My OpenWrt DM200 worked as modem/router before, so my DSL settings are correct. It has only 1 LAN while the BT Home Hub 5A mentioned in your link has 4.
Back to my original question: How should I set up the VLAN, mostly on my ArcherC7 router?
If you say that your ISP doesn't require specific VLAN IDs, the default config fir VLANs should work out of the box.
You have already configured the management vlan 2.
On DM200 side you don't use vlan on the ethernet interface of the bridge. So doesn't it work if you use eth0 instead of eth0.2 on the C7?
The OpenWrt DM200 doesn't have any VLAN config out of the box. It has only 1 Ethernet port.
1 Like
eth0.2 on the C7 didn't work. Would I need to change the Firewall settings of the DM200?
Ok let's try one more thing:
DM200: LAN interface, remove the bridge, use ifname eth0. wan_adsl and wan_vdsl use eth0.3 instead of eth0.
C7: wan at eth0.3 and add the following lines:
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '1t 6t'
Ok. I changed it.
Result:
- What doesn’t work yet:
- access internet
- access modem through router
- What works:
- access modem directly with a PC through the single Ethernetport of the modem. This is a big improvement over the earlier config, where I had to reset the DM200 to make changes.
Questions
3. Which firewall-zone should WAN_ADSL and WAN_VDSL on the DM200 be assigned to? Was unspecified. I changed it to wan.
4. What option ifname should config interface 'adsl2_modem' have? eth0.2 or eth0.3?
Thanks a lot for the help so far. Can I provide any other info that would help?
Post these configs from both devices to see where we stand.
uci export network; uci export firewall
I don't see any reason to keep the firewall on the DM200. These are bridges for passing the ethernet frames carrying the pppoe frame to the xDSL. Remove all zones and leave the defaults to ACCEPT.
eth0.2 untagged should be the right.
@DM200:~# uci export network; uci export firewall
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'secret'
config atm-bridge 'atm'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
option vci '35'
option vpi '8'
config dsl 'dsl'
option annex 'a'
option tone 'av'
option ds_snr_offset '0'
config interface 'lan'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device 'lan_eth0_dev'
option name 'eth0'
option macaddr 'secret'
config device 'wan_dsl0_dev'
option name 'dsl0'
option macaddr 'secret'
config interface 'wan_adsl'
option type 'bridge'
option ifname 'eth0.3 dsl0'
option proto 'none'
option auto '0'
config interface 'wan_vdsl'
option type 'bridge'
option ifname 'eth0.3 dsl0.101'
option proto 'none'
option auto '0'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
And here the output from the archer c7. Additional info: From the archerc7 I can traceroute to the dm200 at 192.168.2.1
@ArcherC7:~# uci export network; uci export firewall
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix ‚secret‘
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.3'
option proto 'pppoe'
option password 'secret‘
option ipv6 'auto'
option username 'some_numbers@bb.monzoon.net'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '1t 6t'
config interface 'dsl_modem'
option proto 'static'
option ipaddr '192.168.2.2'
option netmask '255.255.255.0'
option ifname 'eth0.2'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan adsl2_modem'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option input 'ACCEPT'
option forward 'REJECT'
option name 'guest'
option output 'ACCEPT'
list device 'wlan1-1'
option network 'lan'
config forwarding
option dest 'wan'
option src 'guest'
config rule
option dest_port '53'
option name 'Guest-DNS'
option target 'ACCEPT'
option proto 'tcp udp'
option src 'guest'
option dest '*'
config rule
option dest_port '67-68'
option name 'Guest-DHCP'
option dest 'lan'
option target 'ACCEPT'
option proto 'udp'
option src 'guest'
config rule
option dest_port '22 80 443'
option name 'Guest-Drop-AP-Management'
option proto 'tcp udp'
option target 'DROP'
option src 'guest'
option dest_ip '192.168.1.1'
Remove the one you are not using.
Then restart the ppp and check the logs:
killall -HUP pppd ; logread -f | grep ppp
I disabled wan_vdsl by putting it into comments with # ( I currently have ADSL and will switch to VDSL once the DM200 works).
Here the logs from the archer C7 connected to the Dm200.
@ArcherC7:~# killall -HUP pppd ; logread -f | grep ppp
Sat Jan 25 22:04:56 2020 daemon.warn pppd[2276]: Timeout waiting for PADO packets
Sat Jan 25 22:04:56 2020 daemon.err pppd[2276]: Unable to complete PPPoE Discovery
Sat Jan 25 22:04:56 2020 daemon.info pppd[2276]: Exit.
Sat Jan 25 22:04:56 2020 daemon.err insmod: module is already loaded - ppp_generic
Sat Jan 25 22:04:56 2020 daemon.err insmod: module is already loaded - pppox
Sat Jan 25 22:04:56 2020 daemon.err insmod: module is already loaded - pppoe
Sat Jan 25 22:04:56 2020 daemon.info pppd[2354]: Plugin rp-pppoe.so loaded.
Sat Jan 25 22:04:56 2020 daemon.info pppd[2354]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.7
Sat Jan 25 22:04:56 2020 daemon.notice pppd[2354]: pppd 2.4.7 started by root, uid 0
Sat Jan 25 22:05:11 2020 daemon.warn pppd[2354]: Timeout waiting for PADO packets
Then the loop repeats with the same messages
On C7 the configuration is correct according to the device page.
On DM200 is the bridge up? Because with auto 0 you don't bring up the interface on boot.
1 Like
Fantastic! Now I have internet.
I changed 'wan_adsl' on the DM200 to option auto '1'.
Here is my config from the DM200:
@DM200:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'secret'
config atm-bridge 'atm'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
option vci '35'
option vpi '8'
config dsl 'dsl'
option annex 'a'
option tone 'av'
option ds_snr_offset '0'
config interface 'lan'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device 'lan_eth0_dev'
option name 'eth0'
option macaddr 'secret'
config device 'wan_dsl0_dev'
option name 'dsl0'
option macaddr 'secret'
config interface 'wan_adsl'
option type 'bridge'
option ifname 'eth0.3 dsl0'
option proto 'none'
option auto '1'
What doesn't work yet is the optional objective of accessing the modem through the Router.
Once you get this up and running, have a look at https://github.com/moeller0/lantiq_dsl_parser. This should allow you (with octave) to get some diagnostics and statistics out of your router from a machine inside your network, to plot SNR and bitloading over the frequency bins. Please note that this is work in progress that has seen zero testing outside my own VDSL2 link and will change in the future (as it currently queries way to much and hence also takes too long).
So, I would be delighted to get some testing done on a real ADSL link! This is a general invitation for testers.
To not highjack this thread any longer, I created a new topic for all discussion abou this:
https://forum.openwrt.org/t/simply-tool-to-query-lantiq-modem-statistics-and-diagnostics-useful-for-moem-routers-running-openwrts-dsl-cmd/53857?u=moeller0
1 Like
Now I can also access the modem through the router (at least the web GUI, SSH doesn't work yet). I assigned my dsl_modem on the Archer C7 to the WAN Firewall zone.
Thanks everybody and especially @trendy trendy for all the help.
For reference here my Network config on the router Archer C7:
@ArcherC7:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'secret'
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option proto 'pppoe'
option password 'secret'
option ipv6 'auto'
option username 'secret'
option ifname 'eth0.3'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '1t 6t'
config interface 'dsl_modem'
option proto 'static'
option ipaddr '192.168.2.2'
option netmask '255.255.255.0'
option ifname 'eth0.2'
Here is my config from the DM200:
@DM200:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'secret'
config atm-bridge 'atm'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
option vci '35'
option vpi '8'
config dsl 'dsl'
option annex 'a'
option tone 'av'
option ds_snr_offset '0'
config interface 'lan'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device 'lan_eth0_dev'
option name 'eth0'
option macaddr 'secret'
config device 'wan_dsl0_dev'
option name 'dsl0'
option macaddr 'secret'
config interface 'wan_adsl'
option type 'bridge'
option ifname 'eth0.3 dsl0'
option proto 'none'
option auto '1'
1 Like
if dsl_modem interface is in the wan firewall zone in C7 then it will be NATed on the egress, so all hosts in the LAN will be able to access the DM200.
SSH should work along with web gui, there is no difference in how packets are treated. Check if there is an access list for SSH or if SSH is listening on this interface or if firewall is blocking it.
Before I allowed SSH access on the DM200 only from the LAN. I removed that restriction and now I can SSH into it. Thanks again.
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.