So even though I had TAGGED ports 1 to 3 for Internet (vlan 35) I still had to use the SWITCH function of my TP-LINK Archer to tag vlan 35 for my WAN port. I'm not sure why that was the case.. I tried NOT taggin the port.. however I couldn't get pppoe authenticated.
So that's the problem I'm having now.. the Raspberry pi doesn't have a SWITCH/tagging capability.. so I have to rely on my managed switch to ensure the tagging is done.. which doesn't appear to be working.. cause I can't get pppoe authenticated.
The Bell HH3000 is functioning properly with this setup. It seems it has its own built-in taggin capability, so it doesn't care what I have setup on my managed switch. IPTV/Internet work fine on this device. If I hookup my Raspberry pi to one of the LAN ports of the HH3k it's able to authenticate. (that's why I believe it does its own tagging)
Tagging is implemented on the internal Ethernet port by adding a VLAN number when placing the port into a network, e.g. eth0.35 Packets will go out on the cable tagged. Since there's only one port you'll also need another VLAN for the LAN side, traditionally eth0.1. So add VLAN 1 tagged to port 3 in the switch. The switch will strip the tags for LAN devices connected to ports 4 and 5, you can connect a regular PC there for example. It would be good to take VLAN 1 entirely out of ports 1 and 2.
Then configure the OpenWrt networks with eth0.1 in lan and eth0.35 as the pppoe device. Do not have plain eth0 anywhere in the configuration.
It is best to log in by wifi or serial port while doing this so that you don't lose administrative access.
I'm a bit confused. Since the Raspberry pi only had 1 ethernet port I got a TP-LINK USB3 ethernet adapter as well.
On the Raspberry pi:
The onboard ethernet port (eth0) is connected to my separate LAN unmanaged switch.
The usb-ethernet port (eth1) is/will be connected to PORT 3 of my managed switch.
The TP-LINK managed switch doesn't let me make any changes to VLAN 1. It seems to be hard-coded.
Should I be making any other changes to the config I currently have on my management switch?
On the Raspberry pi I tried to set eth0.1 and eth1.35 (currently with a static IP for my local lan) and it can't reach my lan.
I thought you were replacing the C7 and connecting the Pi to the Internet via port 3 of the managed switch.
In that case you would use eth1.35 with proto pppoe.
eth0 being the LAN with a separate unmanaged switch you would leave it untagged.
As an advanced topic if you were to change VLAN 35 to untagged on port 3 of the switch (which would require removing VLAN 1) then the SG105 will add / remove tags on the way to the ONT and you would just connect port 3 to eth1 (no tag) with proto pppoe.
Make sure the latest firmware is in the SG105E. Even at that those switches are limited and not very secure.
according to the screenshot it says ALL PORTS are untagged on VLAN 1.
I don't even know if vlan1 actually does anything.. I've tried to reconfigure it multiple ways and it always reverts back to this defaults value.
I've tried UNTAGGING port 3 (internet) from VLAN 35 and set my WAN to eth1 (instead of eth1.35) I still can't get authenticated. I'm testing this with my C7 right now since I'm pretty sure i'll get the same results with the PI.
Go to PVID setting and change port 3 from 1 to 35. The PVID is the default VLAN destination for when an untagged packet arrives at a port.
If I remember the way to neuter VLAN 1 and enforce tagged only operation on a port is to set up dummy VLANs one for each port then set PVID to that VLAN. Any inadvertent or malicious untagged packets will reach a dead end.
When using a C7 the internal switch configuration has to match your VLAN scheme. Since the switch chip is a 7 port fully connected space, it requires everything inside to be tagged to be directed properly. Generally you leave the CPU ports tagged then strip the tags with untagged setting of the external port. OpenWrt handles PVID automatically.
After this is done.. what am I supposed to change on my C7 network settings?
(I will replace the C7 with the PI once I get this going! I'm assuming the settings will be the same? minus any switch settings in /etc/config/network)
On the C7, the minimum change would be in its switch change the external port that is associated with VLAN 35 and connected to the SG105E from tagged to untagged. This will have untagged pppoe WAN packets on the cable. The SG105E will then re-tag them 35 on the way to the ONT.
WAN on the C7 should still be eth1.35 because it has to be tagged (with some unique number, it may as well be 35) to pass through the C7 switch chip. Change only the external port on the switch chip.
On the SG105E set port 3 untagged in VLAN 35, and set its PVID to 35.
This is how everything is/will be hooked up:
C7 (eth1.35) WAN is hooked up to PORT 3 on the SG105E. (eth0 is the LAN)
I will UNTAG port 3 on VLAN 35 on the SG105E
I will set PORT 3 to PVID 35 on the PVID Settings screen on the SG105E.
Do I have to change ANY of the SWITCH settings on the C7?
ok I guess I could simply delete the entire vlan right?
Right now I have my LAN set to eth1.1 - It'll be ok to change it to eth0?
My network config will be this (on the C7):
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdeb:f39d:2945::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0' # it WAS eth1.1
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.76.1'
config interface 'wan'
option proto 'pppoe'
option password '******'
option ipv6 'auto'
list dns '45.90.28.130' #nextdns
list dns '45.90.30.130' #nextdns
option peerdns '0'
option username '******'
option ifname 'eth1.35'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3 4 5'
option vid '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '6t 1'
option vid '2'
I realize once I switch to the PI I won't have a SWITCH section define. Everything else will remain the same.
Sorry for all the questions.. I've just been toying for this for so long... I just want to make sure I've got everything covered! I do appreciate the help tremendously!!
You could go back to the default C7 configuration where eth0.2 is the WAN and it takes VLAN 2 through the internal switch to come out untagged on the blue WAN Ethernet port.
This would be comparable to using a USB adapter on the Pi dedicated to WAN and using untagged packets.
In either case you're using the SG105E to convert from untagged to tagged for the ONT.
OMG! This FINALLY works! I was finally able to get my C7 to connect without needing to tag anything on it.. and NOW my pi4b works flawlessly too!
I've been struggling for years to get this working properly on my C7.. lol (I had given up.. since it was working with the C7's vlan stuff)
This whole time I needed to UNTAG port 3 and set the PVID on port 3 to 35 and that did the trick on my SG105E.
Thanks SOOO much for your assistance! Hopefully all this troubleshooting will help someone else in the future!
I guess I could simply delete the entire vlan right?