[SOLVED] Creating a VLAN on Netgear DM200 with Apple AirPort Guest VLAN 1003

jhelliwell · May 29, 2019, 2:17pm

Hi all,

I can't seem to get my head around creating a separate VLAN in my home office setup. I currently have a flat, non-VLAN'd LAN that looks like this

(downstairs, next to the phone socket) ISP -> Netgear DM200 router -> Airport Extreme
(upstairs, in my office) Airport Express -> Netgear managed switch -> Devices

Now, I don't want my corporate laptop to be on the same broadcast domain/subnet as my personal gear. I want to separate these. Since I have a vlan-capable switch in the office, I thought I might create a vlan for it.

The Netgear DM200 is a modem/router, with OpenWRT installed on it.

LEDE_RELEASE="OpenWrt 18.06.2 r7676-cddd7b4c77"

The DM200 has only a VDSL modem port (wan) and one Ethernet port (lan). It does not contain switch hardware - that is "swconfig list" returns nothing.

	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd27:ad5f:7743::/48'

config dsl 'dsl'
	option annex 'b'
	option xfer_mode 'ptm'
	option line_mode 'vdsl'
	option ds_snr_offset '0'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.0.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ifname 'eth0'

config device 'lan_dev'
	option name 'eth0'
	option macaddr 'xx'

config interface 'wan'
	option proto 'dhcp'
	option clientid 'xx
	option macaddr 'xx'
	option vendorid 'xx'
	option hostname 'xx'
	option type 'bridge'
	option ifname 'dsl0.101'
	option vlan '101'

config device 'wan_dev'
	option name 'dsl0'
	option macaddr 'xx'

config interface 'wan6'
	option ifname '@wan'
	option proto 'dhcpv6'

config atm-bridge
	option unit '0'
	option atmdev '0'
	option encaps 'llc'
	option payload 'bridged'
	option vci '35'
	option vpi '8'

I tried creating a new interface eth0.3 like so

	option proto 'static'
	option ifname 'eth0.3'
	option ipaddr '172.16.3.1'
	option netmask '255.255.255.0'
	option ip6assign '64'

and put the port that my corporate laptop is connected to into vlan 3 + have the uplink to the Airport tagged, I get no connectivity. DHCP requests time out, and even if I manually use an address in the 172.16.3.0 subnet, I get nothing. Searching for help gives me articles relating to configuring the switch section, but I don't have the hardware for it.

Perhaps my issue is I'm attempting to mix non-vlan traffic with vlan traffic. I'm not sure.
Perhaps those pesky Apple wi-fi devices are stripping out vlan tags
Or more likely, I'm not setting up my dm200 config correctly.

Can anyone see what I have done wrong here? tia

jeff · May 29, 2019, 2:37pm

Does your laptop or other device on the wired network have the ability to run tcpdump?

Mixing untagged and VLAN tagged traffic on a single Ethernet segment is "fine".

Also, there is no such thing as "VLAN" on 802.11. While you can associate traffic from a given 802.11 link with a wired VLAN (assuming your hardware supports it), over the air the Ethernet concept of VLAN doesn't exist.

jhelliwell · May 29, 2019, 2:53pm

Thanks - I can sure install tcpdump / wireshark and have a look at what is happening.

As for your statement that there is no such thing as VLAN on 802.11, I take it that these Apple devices may not be passing through VLAN-tagged frames correctly. If that is the case, I may as well give up!

jhelliwell · May 29, 2019, 4:32pm

SOLVED

Thanks to clues from jeff.

The only types of vlan tagged frames that the apple devices will let through are in VLAN 1003, with the "guest network" feature on them turned on. I just switched my config on the openwrt and on the managed switch to VLAN ID 1003 and it works!

system · June 8, 2019, 4:33pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.