1 (edited by Samz 2015-06-14 15:11:11)

Topic: TP-Link Archer C7 v2 switch and vlan help

I have searched the net and read all of the similar threads on this forum and wiki pages but I still cannot get vlans running. I have locked myself out of this router way too many times over the last few days. I promise I'm not lazy, just mentally challenged.

From the switch wiki page: "The TP-Link Archer C7 has eth0 = WAN, and eth1 = LAN (the 4 switch ports). Port 0 of the switch = eth1 (labelled CPU in Luci), Port 6 = eth0. Port 1 is labelled WAN in Luci."

The layout from the wiki:

0    eth1
1    WAN
2    LAN1
3    LAN2
4    LAN3
5    LAN4
6    eth0

Default switch page is shown as:

CPU|P1|P2|P3|P4|P5|P6

U | O | U | U | U | U | O

O | U | O | O | O | O | U

U = Untagged. O = OFF. Nothing is tagged by default.


I would like to assign LAN2 and LAN3 to one vlan and assign LAN4 to another vlan while leaving LAN1 on the default lan. Can someone PLEASE give me step by step directions from Luci?

Re: TP-Link Archer C7 v2 switch and vlan help

Ok, so these is the layout on your switch:

0    eth1
1    WAN
2    LAN1
3    LAN2
4    LAN3
5    LAN4
6    eth0

And this is your current configuration:

CPU|P1 |P2 |P3 |P4 |P5 |P6
 U | O | U | U | U | U | O
 O | U | O | O | O | O | U

So, on eth1 (CPU) you should currently see the traffic from ports 2 to 5 (LAN1 to LAN4), and on eth0 you have port 6 (WAN), is that correct?

Now, the first think to consider is that having both tagged and untagged packets on the same interface does not currently work on many devices; so, to be on the safe side, I would tag all traffic coming to eth1. That means that there will not be a "default" VLAN, all three will be equal. Let's create first those VLANS:

VID|CPU|P1 |P2 |P3 |P4 |P5 |P6
 1   T | O | U | O | O | O | O
 2   T | O | O | U | U | O | O
 3   T | O | O | O | O | U | O
 9   O | U | O | O | O | O | U

This creates VLAN1 (LAN1), VLAN2 (LAN2, LAN3), and VLAN3 (LAN4); as you are tagging on the CPU side, you will have now interfaces eth1.1, eth1.2, and eth1.3, instead of eth1. Thus, save these changes, but do not apply them, or you will lose connection to your router. Next, change your configuration for the LAN network to eth1.1 instead of eth1, and create the proper networks for eth1.2 and eth1.3. Apply those changes, and try to reach the router from LAN1.

There is no change on eth0 / WAN, because it is not tagged on the port 6.

Hope this helps!

Re: TP-Link Archer C7 v2 switch and vlan help

I just got my hands on an Archer c7 and i cannot get the vlan config working. It's pretty simple, i just want an third VLAN for a DMZ. I read several posts and while they all sound logical, they didn't work. As soon as i switch CPU to tagged, the router becomes unreachable and i have to do a failsafe recovery.

So, my planned setup is this, VID1 LAN, VID2 WAN, VID3 DMZ on P4:

VID|CPU|P1 |P2 |P3 |P4 |P5 |P6
1   T | O | U | U | U | O | O
2   O | U | O | O | O | O | U
3   T | O | O | O | O | U | O

Looks correct, but didn't work, router becomes unreachable.

Why doesn't it work? Has anyone a working DMZ setup like this and can share it?

Regards.

4 (edited by eduperez 2015-12-21 00:18:28)

Re: TP-Link Archer C7 v2 switch and vlan help

What is in your /etc/config/network? Once you tag the CPU interface, you lose your ethx interfaces, and must use ethx.y instead.

Re: TP-Link Archer C7 v2 switch and vlan help

damn, you're right and i feel stupid. thanks a lot ;-)

editing /etc/config/network manually did the trick:

root@OpenWrt:/# swconfig dev switch0 vlan 1 show
VLAN 1:
        vid: 1
        ports: 0t 3 4 5
root@OpenWrt:/# swconfig dev switch0 vlan 2 show
VLAN 2:
        vid: 2
        ports: 0t 2
root@OpenWrt:/# swconfig dev switch0 vlan 3 show
VLAN 3:
        vid: 3
        ports: 1 6

funny thing is, luci shows two additional interfaces eth0.1, eth0.2 and eth0.3, not defined anywhere. it seems the defined vlans are somehow 'mirrored' to eth0.

Re: TP-Link Archer C7 v2 switch and vlan help

Hi pharaoh,

I'm trying to get pretty much the same setup you achieved (Normal LAN + DMZ on one port) on the same router.

I would really appreciate if you could post the relevant config files (network, firewall, dhcp).

thanks!

Re: TP-Link Archer C7 v2 switch and vlan help

It doesn't look like pharaoh is active anymore, unfortunately. I'd like to see the config files as well, because I'm concerned how we get eth0.y instead of eth1.y when it's the CPU eth1 port that gets tagged, not the eth0<->WAN VLAN.

I'm also curious to know if tagging port 5 for both normal (NATted) LAN and a new VLAN would let me provide a public IP address to the system connected to that port. Rather than a fully open DMZ, I just want to make certain services on one of my computers available via one of the IP addresses in a /30 I've been assigned.