VLANs with WRT54GS

cybermcm · July 29, 2017, 5:34pm

Hi,

I recently upgraded my home network with a pfSense firewall and now I want to use a VLAN config to seperate LAN/WLAN and Lab net.
I setup a NETGEAR WNDR3700 without problems but now I'm stuck with my old WRT54GS (LEDE Reboot 17.01.2). I'm failing to setup working VLAN config. After a fresh setup (cable connected to LAN port 1I just enable an additional VLAN (9) and change the management VLAN (1) to tagged. VLAN 1 is working, VLAN 9 is not working (I'm getting no DHCP address from the firewall or if I set a static IP I can't ping the gateway on the same subnet).

Is there a limitation with the WRT54GS or am I doing something wrong?

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fdb7:20fa:15e9::/48'

config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'

config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'

config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '1t 2 3 4 5t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 5t'
option vid '2'

config interface 'VLAN9'
option _orig_ifname 'eth0.9'
option _orig_bridge 'true'
option ifname 'eth0.9'
option proto 'dhcp'

config switch_vlan
option device 'switch0'
option vlan '3'
option vid '9'
option ports '1t 5t'

Any ideas?

cybermcm · August 1, 2017, 8:29pm

sorry to bump this up... anyone with experience on VLAN configuration with WRT54GS out there?

jow · August 1, 2017, 8:46pm

Iirc the switch on the wrt54gs does not use an extra vid option. Try setting both vlan and vid to 9.

cybermcm · August 2, 2017, 6:27am

thanks for your answer but I'm not sure how to achieve this. My intention is to create 2 WLANs with 2 SSIDs and each WLAN should have it's own VLAN (e.g. 10 and 19). I will setup a third interface (VLAN 1) for AP/router management operations.
This setup works with an NETGEAR WNDR3700 but not with my WRT54GS (maybe a limitation?).
I'm not an expert on networking stuff but I think I can only set one vid per port (set to 1 with my Netgear AP).

jow · August 2, 2017, 7:33am

The Broadcom switch on this device is limited to 4 bit vlans, so tags > 15 will not work.

jow · August 2, 2017, 7:37am

The proper config would be:

config switch_vlan
    option device switch0
    option vlan 9
    option ports '1t 5t'

Option "vid" is not defined for broadcom switches.

cybermcm · August 2, 2017, 8:14am

OK, thanks for the info, I'll try that and report back. The config was created by LuCI...

jow · August 2, 2017, 8:22am

In this case I need the output of swconfig dev switch0 help

cybermcm · August 2, 2017, 10:48am

root@LEDE:~# swconfig dev switch0 help switch0: adm6996_gpio(ADM6996L), ports: 6 (cpu @ 5), vlans: 16 --switch Attribute 1 (int): enable_vlan (Enable VLANs) Attribute 2 (none): apply (Activate changes in the hardware) Attribute 3 (none): reset (Reset the switch) --vlan Attribute 1 (int): vid (VLAN ID) Attribute 2 (ports): ports (VLAN port mapping) --port Attribute 1 (int): pvid (Primary VLAN ID)

cybermcm · September 3, 2017, 7:32am

sorry to bump this up but anyone out there who can point me in the correct direction? still trying to set up VLANs with my old AP

Sinclair · April 11, 2018, 8:58pm

Hi cybermcm,

have you found a solution for the wrt54gs vlan config? I'm looking for a equal configuration of my wrt54gs and brick it at the first try to config the vlans. Before brick (factory reset helps ) i have a working manangement port ob switch port 4 and then tried to set the rest of the switch to tagged vlan mode -> lost all connections!

The wrt54gs is my "learning device" before buying a new and more powerfull router as wifi-ap with network separation and vlan tagging via freeradius.

jeff · April 11, 2018, 9:34pm

The WRT54GS is pretty painful to learn on, between its tiny flash and memory, and its antique hardware. Much of what you learn will be work-arounds and hacks that you won't need on a more current piece of hardware.

To reduce your pain, If you're not ready to "make the plunge", I'd suggest picking up something more current, be it something like an Archer C7 for ~$30 on the used market, or one of the $20-30 devices in What's your favourite cheap LEDE/OpenWrt device? - #161

Sinclair · April 11, 2018, 10:27pm

Thanks for your suggestion, Jeff.

I think not the old hardware my problem. I have already tried the PEAP with freeradius installed on an other server and so i have learned much for this part. Luci is a little bit slow, but the memory and flash is currently not full.

My real problem is understanding the "vlan-thing" and making a config for network separation (e.g. "management", "office", "server", "printer", "childen" over 2 HP Layer2 switches and the wrt including wifi). When i have a "slow" but running configuration, i buy a new router with GBit LAN and simultaneously 2.4 and 5GHz wifi. Favorite is currently a WRT1900AC(S). The wrt54 is also to slow compared to my internet connection speed of 120MBit.
P:S.: Common network configuration especially using linux/debian is no problem for me.

jeff · April 11, 2018, 10:49pm

For better or for worse, OpenWRT configures things very differently than does a "server" version of Linux. One thing to be careful of with OpenWRT are the switches. It seems as if, at least for many devices, VLAN is an entry in an internal table of a limited number of VLANs (swconfig dev switch0 show or the like) and VID is the actual tag (defaulting to the VLAN value if omitted).

cybermcm · April 12, 2018, 6:05am

@Sinclair: I gave up. The VLAN config seems to be broken on the WRT54GS. I did the setup with a Netgear WNDR3700-100PES and a LINKSYS WRT1900ACS. Both worked from the beginning...

RangerZ · April 12, 2018, 2:51pm

If you goal is to set up a guest WLAN on the AP you may want to look at this blog which does not use VLANs.
https://blog.doenselmann.com/gaeste-wlan-auf-openwrt-access-point/

Sinclair · April 16, 2018, 10:41pm

@RangerZ: Thanks, but a guest WLAN is not what i'm looking for.

Now, after learning a little bit more i stuck on the same problem described here: https://serverfault.com/questions/765063/openwrt-dynamic-vlan

@cybermcm: Do you had the same problem on the WRT54GS? Whats the combination of wpad/hostapd on your WRT1200ACS? wpad(-full) + hostapd-common or hostapd(-full) only?
Is it possible to share your WRT1200ACS config? Because this type of router is currently my favorite to buy.

cybermcm · April 17, 2018, 5:52am

@Sinclair: Sorry can't post it. I never used wpad/hostapd. I tried to use my APs as firewall. Meanwhile I switched to pfSense for the firewall and VLAN part and my Netgear and Linksys devices are "dumb" APs with WPA2 keys.

lleachii · April 17, 2018, 12:34pm

Isn't that a Broadcom???

You can't do 2 SSIDs...please test this first. I tried this many times on OpenWRT with the original WRT series routers...before I understood it was a (closed source) driver issue.

cybermcm · April 17, 2018, 3:35pm

As far as I remember 2 SSID were possible but not different VLANs... but maybe I'm wrong