TG789vac v2 as managed switch & more

Hi all,
I have an old modem-router combo that I'd like to tinker with.
I'm trying to recycle it into a flexible machine to keep around for emergencies and, in the meantime, to learn a bit more about vlans.

The unit is a Technicolor TG789vac v2 with a custom OpenWrt based firmware.
It's very popular here in Italy, in many ways is the equivalent of a BT HH5a, but with no official support.
It will be paired with another recycled unit: an HP ThinClient T520.
The HP will be the main router, while the Technicolor will act as managed switch ++

I already spent some time with it without success, so here I am asking for help :wink:

1 Like

Help doing what?

Some information about the device and what I'd like to do:

TG789vac v2
			  			 
rj11		rj45					rj45
[__]		[___][___][___][___]	[___]
dsl port		switch ports		wan
ptm0		eth0 eth1 eth2 eth3 	eth4


HP t520

rj45
[___] 
eth0
  • bridge ptm0 and eth0 to be able to use the modem only

  • eth1 untagged lan2 port (vlan7 from remote router)

  • eth2 local lan1/ctrl interface to be sure I can always acces the device

  • eth3 tagged trunk port (vlan7 for lan2, vlan8 for wan2 from remote router)

  • eth4 pppoe wan in case I need to use the device without an external router (cabling eth4 to eth0)

I'd like to keep firewall and other services up on the TG789 so i can use it also without the t520.

Let's start with the t520:

/etc/config/network
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config device
        option name 'vlan_ctrl'
        option type '8021q'
        option ifname 'eth0'
        option vid '6'

config device
        option name 'vlan_lan'
        option type '8021q'
        option ifname 'eth0'
        option vid '7'

config device
        option name 'vlan_wan'
        option type '8021q'
        option ifname 'eth0'
        option vid '8'

config interface 'ctrl'
        option type 'bridge'
        option proto 'static'
        option ifname 'vlan_ctrl'
        option ipaddr '10.5.20.254'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ifname 'vlan_lan'
        option ipaddr '10.52.0.254'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option proto 'pppoe'
        option ifname 'vlan_wan'
        option username '*'
        option password '*'
        option auto '1' 
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'

config dhcp 'lan'
option interface 'lan'
option start '1'
option limit '199'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'

config dhcp 'ctrl'
option interface 'ctrl'
option start '201'
option limit '24'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'

config dhcp 'wan'
option interface 'wan'
option ignore '1'

config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'

In /etc/config/firewall I just added the interface ctrl to the lan zone.

In an x86 with an Ethernet port directly connected to the CPU, just use the notation option ifname 'eth0.7' etc to designate a network will generate/receive VLAN tagged packets on the port. There's no such thing as type 8021q. Also don't have eth0 with no VLAN number anywhere in your config.

This is a good example to use a baby steps approach rather than trying to implement the whole grand final configuration and expecting it to work at the first go. First thing I would do is put a VLAN number on the T520's existing lan network then configure the other router to tag that number bridged from a wired or wifi interface so you can log into the T520 again.

Have the usb-HID drivers on the T520 so you can use a local keyboard when you lock yourself out of Ethernet. I think they are included on recent builds.

1 Like

I think it's the same using the two notations: https://openwrt.org/docs/guide-user/network/vlan/switch_configuration#creating_driver-level_vlans

I managed to have the trunk working, my problem now is how to get the dhcp lease on a device connected on eth2 and later how to configure the firewall.

Do I need it?

Yes, I'm working on the t520 by local keyboard and monitor.

Sorry for the latency, but I'm working on it while typing :wink:

Current config on TG789vac

/etc/config/network
config interface 'loopback'
        option ipaddr '127.0.0.1'
        option proto 'static'
        option netmask '255.0.0.0'
        option ifname 'lo'

config globals 'globals'
        option ula_prefix 'auto'
        option default_ps '0'

config device 'vlan_dsl'
        option name 'vlan_dsl'
        option mtu '1500'
        option vid '835'
        option ifname 'ptm0'
        option type '8021q'

config device 'vlan_eth0'
        option mtu '1500'
        option vid '1'
        option name 'vlan_eth0'
        option ifname 'eth0'
        option type '8021q'

config device 'vlan_eth1'
        option mtu '1500'
        option vid '1'
        option name 'vlan_eth1'
        option ifname 'eth1'
        option type '8021q'

config device 'vlan_eth2'
        option mtu '1500'
        option vid '1'
        option name 'vlan_eth2'
        option ifname 'eth2'
        option type '8021q'

config device 'vlan_eth3'
        option mtu '1500'
        option vid '1'
        option name 'vlan_eth3'
        option ifname 'eth3'
        option type '8021q'

config switch 'bcmsw_int'
        option qosimppauseenable '0'
        option type 'bcmsw'
        option jumbo '1'
        option unit '0'
        option enable_vlan '0'
        option reset '1'

config switch 'bcmsw_ext'
        option qosimppauseenable '0'
        option enable_vlan '0'
        option unit '1'
        option jumbo '1'
        option type 'bcmsw'
        option reset '1'

config switch_vlan 'lan_switch'
        option ports '1* 2* 3* 4* 8t'
        option device 'bcmsw_ext'
        option vlan '1'

config interface 'ctrl'
        option proto 'dhcp'
        option ifname 'eth3.6'

config interface 'lan1'
        option type 'bridge'
        option ipaddr '10.78.9.254'
        option netmask '255.255.255.0'
        list ifname 'eth2'
        option ipv6 '0'
        option igmp_snooping '1'
        option ip6assign '0'
        option force_link '0'
        option proto 'static'

config interface 'dsl'
        option type 'bridge'
        list ifname 'ptm0.835'
        list ifname 'eth0'

config interface 'lan2'
        option type 'bridge'
        option proto 'dhcp'
        list ifname 'eth1.7'
        list ifname 'eth3.7'

config interface 'wan2'
        option type 'bridge'
        option proto 'dhcp'
        list ifname 'ptm0.835'
        list ifname 'eth3.8'

config interface 'wan'
        option reqopts '1 3 6 15 33 42 51 121 249'
        option ipv6 '0'
        option iface6rd '0'
        option vendorid 'Technicolor'
        option release '1'
        option proto 'pppoe'
        option auto '1'
        option username 'timadsl'
        option password 'timadsl'
        option ifname 'eth4'
        option authfail '0'
        option mtu '1500'

With this config I can access the device by connecting to eth2 directly or by ssh from the t520 on both lan and ctrl interfaces. I can't get a dhcp lease if i connect on eth1.


All the lines about vlan_xxxX and broadcom switch should be irrilevant: I disabled vlan on bcmsw_ext, to disable internal switch tagging.
It was configured to access the interfaces by using vlan_ethX by default.

I can get the pppoe-wan1 working on the TG789 if i connect eth4 to my home router which have pppoe-relay enabled and the dsl cable connected to its modem port.

I can get my home router pppoe-wan working if i connect it to eth0 and move the dsl cable to the TG789 rj11 modem port.

I can't get pppoe-wan1 working on TG789 if i connect eth0 and eth4 with a cable.
I can't get pppoe-wan2 working in the t520 through trunk.

Let's keep it simple:
I have tagged traffic on one port, how can I get untagged traffic for vlan 7 and 8 on two other ports.
I'd like to make it work both with enable_vlan=1 on bcmsw_ext and with enable_vlan=0 to understand the differences.

@LuKePicci
can you please help me?
I know you already have experience with this subject:

Thanks :wink:

rj11		rj45					rj45
[__]		[_0_][_1_][_2_][_3_]	[___]
dsl port		switch port			wan
					[_8_]
ptm0		eth0 eth1 eth2 eth3 	eth4
  • in MST firmware you have by default a switch vlan 1 on the external switch including all untagged ports from 0 to 3 and tagged port 8, remove 0 1 and 3, keep only untagged 2 and tagged 8
  • keep the existing vlan_eth2 with vid 1, remove all except vlan_eth2 from lan bridge ifnames, the third rj45 hole (port 2, eth2) will continue working as per default settings
  • create a switch vlan 2, include untagged port 0 and tagged port 8
  • change the existing vlan_eth0 to vid 2
  • create a wan bridge, include vlan_:eth0 and ptm0 in ifnames
  • create switch vlan 7, include untagged port 1 and tagged port 3, I'm not sure why you talk about lan2, if you don't need that vlan to go up to the main system do not include tagged port 8, otherwise include it as well
  • if you needed to get vlan 7 up to the main system, change existing vlan_eth3 to vid 7 and create a lan2 interface (not a bridge) with just vlan_eth3 as ifname

I'm not sure what you want here

1 Like

It works! :smiley:
My config is not ready yet, but I'll post the relevant files once completed.
Do you recommend to keep it with bcmsw_ext enable_vlan=1 or to disable it and change config accordingly?
Also, do you know how to change the i button's handler? I'd like to execute a simple script I'm writing.

1 Like

Ok, here the config I ended up with:

/etc/config/network
config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'auto'
	option default_ps '0'

config device 'eth0'
	option mtu '1500'
	option name 'eth0'

config device 'eth1'
	option mtu '1500'
	option name 'eth1'

config device 'eth2'
	option mtu '1508'
	option name 'eth2'

config device 'eth3'
	option mtu '1500'
	option name 'eth3'

config device 'eth4'
	option mtu '1500'
	option name 'eth4'

config device 'ptm0'
	option mtu '1508'
	option name 'ptm0'

config device 'vlan_dsl'
	option type '8021q'
	option ifname 'ptm0'
	option mtu '1508'
	option name 'vlan_dsl'
	option vid '835'

config device 'vlan_ctrl'
	option type '8021q'
	option ifname 'eth2'
	option mtu '1500'
	option name 'vlan_ctrl'
	option vid '6'

config device 'vlan_rwan'
	option type '8021q'
	option ifname 'eth2'
	option name 'vlan_rwan'
	option mtu '1508'
	option vid '8'

config device 'vlan_eth0'
	option type '8021q'
	option ifname 'eth0'
	option name 'vlan_eth0'
	option mtu '1500'
	option vid '1'

config device 'vlan_eth3'
	option type '8021q'
	option ifname 'eth3'
	option name 'vlan_eth3'
	option mtu '1500'
	option vid '8'

config switch 'bcmsw_int'
	option reset '1'
	option type 'bcmsw'
	option qosimppauseenable '0'
	option jumbo '1'
	option unit '0'
	option enable_vlan '0'

config switch 'bcmsw_ext'
	option reset '1'
	option type 'bcmsw'
	option qosimppauseenable '0'
	option unit '1'
	option enable_vlan '1'
	option jumbo '1'

config switch_vlan 'lan_switch'
	option device 'bcmsw_ext'
	option vlan '1'
	option ports '1* 8t'

config switch_vlan 'ctrl_switch'
	option device 'bcmsw_ext'
	option vlan '6'
	option ports '3t 8t'

config switch_vlan 'rlan_switch'
	option device 'bcmsw_ext'
	option vlan '7'
	option ports '2* 3t'

config switch_vlan 'rwan_switch'
	option device 'bcmsw_ext'
	option vlan '8'
	option ports '3t 4* 8t'

config interface 'ctrl'
	option proto 'dhcp'
	option ifname 'vlan_ctrl'

config interface 'rwan'
	option type 'bridge'
	option proto 'none'
	list ifname 'vlan_rwan'
	list ifname 'vlan_eth3'
	list ifname 'vlan_dsl'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '10.78.9.254'
	option netmask '255.255.255.0'
	option force_link '0'
	option igmp_snooping '1'
	option ipv6 '0'
	option ip6assign '64'
	list ifname 'vlan_eth0'

config interface 'wan'
	option proto 'pppoe'
	option keepalive '5,10'
	option reqopts '1 3 6 15 33 42 51 121 249'
	option vendorid 'Technicolor'
	option graceful_restart '1'
	option authfail '0'
	option ipv6 '0'
	option release '1'
	option iface6rd '0'
	option username '***'
	option password '***'
	option mtu '1500'
	option ifname 'eth4'
	option disabled '1'

config interface 'vdsl_check'
	option proto 'pppoe'
	option ifname 'ptm0'
	option keepalive '5,10'
	option auto '0'
	option reqopts '1 3 6 15 33 42 51 121 249'
	option vendorid 'Technicolor'
	option graceful_restart '1'
	option authfail '0'
	option mtu '1500'
	option ipv6 '0'
	option release '1'
	option iface6rd '0'
	option disabled '1'

config interface 'iptv'
	option ifname 'ptm0'
	option disabled '1'

config interface 'wwan'
	option metric '10'
	option proto 'mobiled'
	option session_id '0'
	option profile '1'
	option disabled '1'
	option auto '0'

config interface 'wan6'
	option ifname '@wan'
	option proto 'dhcpv6'
	option reqopts '12 21 22 23 24 25 31 56 64 67 82 83'
	option noslaaconly '1'
	option iface_464xlat '0'
	option disabled '1'
	option auto '0'

config interface 'guest'
	option proto 'static'
	option type 'bridge'
	option ipv6 '0'
	option ip6hint '1'
	option netmask '255.255.255.128'
	option ipaddr '192.168.168.126'
	list ifname 'wl0_1'
	list ifname 'wl1_1'
	option force_link '0'
	option disabled '1'
	option auto '0'

config config 'config'
	option wan_mode 'pppoe'
	option mode 'modem'

And two simple scripts that allows me to change working mode by pressing a button:

togglemode.sh
#!/bin/sh

if [ $1 = 'combo' ];
then
	echo 'enabling modem router combo'
	uci set network.config.mode='combo'

	uci del_list network.rwan.ifname='vlan_dsl' -q
	uci delete network.rwan.disabled -q

	uci set network.wan.ifname='vlan_dsl'
	uci delete network.wan.disabled -q

	uci delete network.iptv.disabled -q

	uci set pppoerelayd.config.enable='1'

elif [ $1 = 'router' ];
then
	echo 'enabling router only mode'
	uci set network.config.mode='router'

	uci set network.rwan.disabled='1'

	uci set network.wan.ifname='eth4'
	uci delete network.wan.disabled -q

	uci set network.iptv.disabled='1'

	uci set pppoerelayd.config.enable='0'

elif [ $1 = 'modem' ];
then
	echo 'enabling bridge modem'
	uci set network.config.mode='modem'

	uci add_list network.rwan.ifname='vlan_dsl'
	uci delete network.rwan.disabled -q

	uci set network.wan.disabled='1'

	uci set network.iptv.disabled='1'

	uci set pppoerelayd.config.enable='0'
fi

uci commit pppoerelayd
uci commit network
/etc/init.d/pppoe-relay reload
/etc/init.d/network reload
exit 0
nextmode.sh
#!/bin/sh

current=$(uci get network.config.mode)

if [ $current = 'modem' ];
then
	next="combo"

elif [ $current = 'combo' ];
then
	next='router'

elif [ $current = 'router' ];
then
	next='modem'
fi

echo "current=$current	next=$next"

togglemode.sh $next 

It's a bit different from the idea from the original post, if someone is interested I can explain the details.

Thanks to the OpenWrt community!

Hi friend, I've been trying to use my vac789 as a managed switch myself.
Alas, with no success.

NEVERTHELESS this post gives me hope!! lol

Can you please explain your final config file and the end result,
so I can understand how things come together?
I'm trying to convert my vac789 so it'll "switch" like so:

eth4 should receive tagged traffic on vlans 100,200 passed from my switch,
eth3 + 2G network should be on vlan 200 and forward untagged traffic to the port and access point. (iot network)
eth2 + 5G network should be on vlan 100 and forward untagged traffic to the port and access point. (guest network)

Still can't get my head wrapped around how to do it.

I thank you in advance for your time and effort.