The modem is able to tag the data. Currently, I am using this way, but I want to handle it through the router
When you say modem, does the modem get removed from the circuit when you set up your router to tag packets? If it's feeding your router untagged packets and expecting untagged packets, then it will likely ignore your packets once they are tagged. I assume the tags are for some hardware farther upstream.
Sorry, I don't understand. The modem is actually a router, set into bridged mode. For the vdsl profile I can tick to use vlan and then specify the number. When I made the changes on the lede-router, I ticked off usage of vlan before.
I believe in bridged mode the modem either tag or not, depending on the setting. It should not strip tags off, whether they are on outbound data from the router or on inbound from the ISP.
I haven't seen you post a correct config and tell us whether it works or not. I can't really figure out if you tried a correct config, and it didn't work (say, because sending / receiving tagged packets isn't actually supported by your router/modem) or if you never actually configured it correctly and that's why it didn't work.
based on your description of what you need, you should have:
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3 4 5'
config switch_vlan
option device 'switch0'
option vlan '7'
option ports '1t 6t'
and then make WAN connect to eth0.7
this does what you asked for: tag packets outgoing / incoming on WAN with VLAN 7. if that doesn't work it's because you're mistaken about what is needed, or haven't configured your ISP modem/router correctly.
I have to admit that I did not provide much data, I reckoned this would be a simple thing.
My Archer C7 is sitting behind a modem-router ('modem') that has been put into bridged mode. The modem can handle vlan tagging. Here is a screenshot:
Modem still connected to the internet:
And this is the corresponding network setting on the Archer C7:
cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'left unchanged'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option delegate '0'
option ifname 'eth1.1'
config interface 'wan'
option proto 'pppoe'
option username 'ISP login name'
option password 'ISP password'
option delegate '0'
option ipv6 '0'
option peerdns '0'
option dns '213.73.91.35 208.67.220.220 208.67.222.222'
option ifname 'eth0.7'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3 4 5'
config switch_vlan
option device 'switch0'
option vlan '7'
option ports '1t 6t
This is the setting that did not work, no internet connection. I rebooted both devices, waiting for at least 10 minutes. No joy.
Reverted back on both Archer C7 and modem, rebooted both, and internet access was back.
From the data provided above it should be clear what is needed. What is wrong?
There's no need for a VLAN tag here. If you have your public IP arriving at your router, and incoming connections pass through the modem, that is all that is possible.
VLAN tagging is for cases where the ISP does not let the customer configure the modem, and it is set up to use VLAN tags. Mostly this is done so the ISP has a separate VLAN for their IPTV boxes. When there is just Internet service, with one Ethernet cable from the modem to the router, it does not need to be tagged.
@oscar, you've turned off vlan tagging on the router/modem so it's not surprising that it doesn't like getting vlan tags.
I don't see any reason for you to have vlan tags in this setup.
What's wrong seems to be your supposition that somehow you have to tag your packets vlan 7.
VLAN 7 tagging is commonly used on German xDSL even without a second channel like IPTV.
Do you expect any benefit from this? You could just keep the working configuration and be done with it.
Sure, but on the connection between his router and his ISP equipment, he's turning off vlan tagging on the ISP device, and then sending tagged packets to it... and somehow being surprised that it doesn't work.
If he turns on vlan tagging on the ISP equipment and has tagging on his LEDE router, it may work, but it has basically zero benefit unless he wants a second channel on his WAN side. vlan tagging is explicitly used to multiplex/de-multiplex different "channels"
It does make sense to do the vlan tagging on the (OpenWrt-) router, instead of making the modem do it for the router - and for several configurations it's even necessary (e.g. 'internet' on vlan tag 7, IP-TV on vlan tag 8, keeping the modem management interface untagged, etc.). How that is about to be configured on the modem is another question, I'm personally doing exactly that (vlan tagging on the router, not the modem), but using a different VDSL modem - so I can't really help you with the vmg1312-b30a (your wan6 configuration should use option ifname '@wan' though).
That is precisely what I mean by multiplexing, this is what vlans are for, but when there is only one network, tags provide no real value.
I suspect if the ISP equipment has vlan turned on and tag 7 selected it will work, but again has no value compared to untagged in this application
First of all, thank you all for your useful comments, by them I did learn a lot. And I have found the underlying reason, why it did not work.
In Germany, vlan tagging was announced some years ago in connection with the "new" internet access, i.e. mandatory VoIP. On the website of the largest ISP, which is also mine, they talk a lot about vlan tagging and that it should be '7'.
Few of weeks ago I was forced to switch to 'new internet access'. My assumption was that vlan tagging is from then an essential requirement. The ISP offers two types of accesses, with and without IPTV. About one year ago they decided to abandon the requirement for different vlan tags for with and without IPTV. As @dlakelan pointed out, tagging provides no real value since.
It took me a couple of hours to find out that vlan-tag requirement for internet access is by default turned off by the ISP. The only "benefit" of using vlan is to bypass the need for entering your credentials to log in on their web site, i.e. none.
Apparantly, setting vlan when it is not activated is counter productive 
Cheers
Oscar
I will try out on Monday to activate vlan, just in order to see whether it works. This ISP does not require it, others make it essential for connection. Better be prepared ....
By the way, what is the purpose of the vlan-2 setting in LEDE/OpenWRT? Apparently it is kind of useless, but a default.
The typical gigabit router like the C7 has two CPU ports, with a separate switch chip driving all the Ethernet ports. The main CPU chip lacks the hardware to drive Ethernet cables directly, its two ports are connected to the switch chip through a local interface called GMII which is designed to only travel a few inches on a circuit board.
The switch can switch anything between its 7 ports, so internally two VLANs are set up to isolate the WAN from the LAN inside the switch. In the default configuration it does not affect anything outside the switch.
1 Like
The vlan 2 setting is because many routers only have 1 connection between the switch and the cpu (ie. eth0) so in order to have a wan separate from the lan you need to multiplex them through the switch, that means tagging wan 2 and lan 1
glad you figured out your scenario, and your explanation makes a lot of sense now.
Hello, after a couple of days testing I am back again to report.
In view of the specification of my ISP, that currently no vlan-tagging seems to be not required, I ticked off the corresponding entry in the modem, with internet being cut instantaneously.
I am completely lost. The information policy of the ISP is grotty, as is the training of the 'service' people there. In short, I don't know whether or not vlan tagging is required. Will take a while to find this out, but it is the first step to take.
Cheers
Ocar
when you say "ticked off" do you mean put a check-mark in the box or not? It's a quirk of english that in this case it's not entirely clear.
It looks like putting a check mark in the "active" box will cause vlan 7 tagging to appear ON THE WAN side. If you already have internet with it turned off, there is literally NO reason to turn it on. and turning it on it seems causes your internet to cut out. So I think this confirms that you should simply leave this box unchecked and turn off tagging on the WAN.
If the zyxel supports tagging on the LAN side, you could turn this on, but it again has absolutely NO advantage to you unless you have more than one separate "channel" such as for example an IPTV connection that operates independent of the main internet connection, or a VOIP service or the like.
So, if I were you, and I had internet already, and there was no extra service I was trying to enable like a separate IPTV or VOIP service... I'd stop right there and move on.
Oh sorry, I thought I had posted a different picture from the Zyxel modem above. With 'ticking off' I refer to this one: 
I tried
- on Zyxel modem: vlan active, 802.1q set to 7 (never touched 802.1p). LEDE router with default vlans. Connected to internet
- vlan ticked off on Zyxel modem, i.e. inactive (my assumption, the manual does not say anything about it). On the LEDE router, vlan set a discussed above, i.e. ports 1 and 6 tagged with vid 7, replacing default vlan 2. Alternatively, only port 1 tagged. WAN was linked to eth0.7. No connection to the internet
- as 2), but added vid 7 to the two existing vlans with the above settings. No connection to the internet
Bottom Line: vlan tagging is required, but works only when done on the Zyxel modem, but not when set on LEDE router.
I could strip off the access data from my router. As far as I know, these are no longer required within vlans.
I will let you know.
Vlan tagging is a property of a given link, tags are not end to end. So if the ISP wants to receive tags it is the modem that MUST put them there, or at least not strip them. When you turn off the vlan tagging on the modem it is probably stripping them.
It seems you must retain this modem and keep vlan tagging turned on.
If you had an Ethernet link you might be able to bypass the modem entirely, but if it's DSL then obviously it needs to remain in the circuit
Thank you for the advice. This was the point I wished to learn from the Zyxel User Manual. I spent couple of days searching the internet on this point, without finding any information.
I think this thread is now over and done, marked as solved. Thank you all, dlakelan in particular, for your patience and support.
Oscar
2 Likes