OpenWrt Forum Archive

Topic: TP-Link Archer C7 v2 switch and vlan help

The content of this topic has been archived on 5 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

I have searched the net and read all of the similar threads on this forum and wiki pages but I still cannot get vlans running. I have locked myself out of this router way too many times over the last few days. I promise I'm not lazy, just mentally challenged.

From the switch wiki page: "The TP-Link Archer C7 has eth0 = WAN, and eth1 = LAN (the 4 switch ports). Port 0 of the switch = eth1 (labelled CPU in Luci), Port 6 = eth0. Port 1 is labelled WAN in Luci."

The layout from the wiki:

0    eth1
1    WAN
2    LAN1
3    LAN2
4    LAN3
5    LAN4
6    eth0

Default switch page is shown as:

CPU|P1|P2|P3|P4|P5|P6

U | O | U | U | U | U | O

O | U | O | O | O | O | U

U = Untagged. O = OFF. Nothing is tagged by default.


I would like to assign LAN2 and LAN3 to one vlan and assign LAN4 to another vlan while leaving LAN1 on the default lan. Can someone PLEASE give me step by step directions from Luci?

(Last edited by Samz on 14 Jun 2015, 15:11)

Ok, so these is the layout on your switch:

0    eth1
1    WAN
2    LAN1
3    LAN2
4    LAN3
5    LAN4
6    eth0

And this is your current configuration:

CPU|P1 |P2 |P3 |P4 |P5 |P6
 U | O | U | U | U | U | O
 O | U | O | O | O | O | U

So, on eth1 (CPU) you should currently see the traffic from ports 2 to 5 (LAN1 to LAN4), and on eth0 you have port 6 (WAN), is that correct?

Now, the first think to consider is that having both tagged and untagged packets on the same interface does not currently work on many devices; so, to be on the safe side, I would tag all traffic coming to eth1. That means that there will not be a "default" VLAN, all three will be equal. Let's create first those VLANS:

VID|CPU|P1 |P2 |P3 |P4 |P5 |P6
 1   T | O | U | O | O | O | O
 2   T | O | O | U | U | O | O
 3   T | O | O | O | O | U | O
 9   O | U | O | O | O | O | U

This creates VLAN1 (LAN1), VLAN2 (LAN2, LAN3), and VLAN3 (LAN4); as you are tagging on the CPU side, you will have now interfaces eth1.1, eth1.2, and eth1.3, instead of eth1. Thus, save these changes, but do not apply them, or you will lose connection to your router. Next, change your configuration for the LAN network to eth1.1 instead of eth1, and create the proper networks for eth1.2 and eth1.3. Apply those changes, and try to reach the router from LAN1.

There is no change on eth0 / WAN, because it is not tagged on the port 6.

Hope this helps!

I just got my hands on an Archer c7 and i cannot get the vlan config working. It's pretty simple, i just want an third VLAN for a DMZ. I read several posts and while they all sound logical, they didn't work. As soon as i switch CPU to tagged, the router becomes unreachable and i have to do a failsafe recovery.

So, my planned setup is this, VID1 LAN, VID2 WAN, VID3 DMZ on P4:

VID|CPU|P1 |P2 |P3 |P4 |P5 |P6
1   T | O | U | U | U | O | O
2   O | U | O | O | O | O | U
3   T | O | O | O | O | U | O

Looks correct, but didn't work, router becomes unreachable.

Why doesn't it work? Has anyone a working DMZ setup like this and can share it?

Regards.

What is in your /etc/config/network? Once you tag the CPU interface, you lose your ethx interfaces, and must use ethx.y instead.

(Last edited by eduperez on 21 Dec 2015, 00:18)

damn, you're right and i feel stupid. thanks a lot ;-)

editing /etc/config/network manually did the trick:

root@OpenWrt:/# swconfig dev switch0 vlan 1 show
VLAN 1:
        vid: 1
        ports: 0t 3 4 5
root@OpenWrt:/# swconfig dev switch0 vlan 2 show
VLAN 2:
        vid: 2
        ports: 0t 2
root@OpenWrt:/# swconfig dev switch0 vlan 3 show
VLAN 3:
        vid: 3
        ports: 1 6

funny thing is, luci shows two additional interfaces eth0.1, eth0.2 and eth0.3, not defined anywhere. it seems the defined vlans are somehow 'mirrored' to eth0.

Hi pharaoh,

I'm trying to get pretty much the same setup you achieved (Normal LAN + DMZ on one port) on the same router.

I would really appreciate if you could post the relevant config files (network, firewall, dhcp).

thanks!

It doesn't look like pharaoh is active anymore, unfortunately. I'd like to see the config files as well, because I'm concerned how we get eth0.y instead of eth1.y when it's the CPU eth1 port that gets tagged, not the eth0<->WAN VLAN.

I'm also curious to know if tagging port 5 for both normal (NATted) LAN and a new VLAN would let me provide a public IP address to the system connected to that port. Rather than a fully open DMZ, I just want to make certain services on one of my computers available via one of the IP addresses in a /30 I've been assigned.

The discussion might have continued from here.