Hello,
Is it possible to have a hybrid port on D-Link DIR300?
I followed the instructions from http://oldwiki.openwrt.org/OpenWrtDocs( … d)300.html and compiled my own image. It works great, except that I want to process tagged and untagged frames on one of the switch ports.
I tried something like this in my cfg:

config switch '0'

option vlan2 "0 1 2 3 5*t" # LAN
option vlan1 "4 5t" # WAN
option vlan6 "4t 5t" # service1
option vlan5 "4t 5t" # service2

but only vlans 2,5,6 are working. I want to make untagged frames on port 4 go to vlan1 and every other tagged frame to go to its coresponding vlan.
This setup works fine on other platforms (tested on Buffalo with Broadcom), but this Dlink device is cost effective and it will be great to have hybrid ports on it.

Thanks!

Hi beatman,

The way the switch works is there is a ADD_TAG and REMOVE_TAG registers for each port, not for each vlan. The way my driver works is if you add a "t" it turns on ADD_TAG and turns off REMOVE_TAG, otherwise it turns on REMOVE_TAG and turns off ADD_TAG.

What you might need to do is turn off both ADD_TAG and REMOVE_TAG which basically says that packets will come into the OS with whatever vlan tags it has, and will be sent back with whatever vlan tags it has. (the interface for this is only accessible with the swconfig version)

However, here's the problem: You can probably already receive untagged packets from port 4 directly on "eth0". However, when you send packets back directly on "eth0", how does it know which port you intend them for?  I have a feeling that other switches have these flags per port AND per vlan, which I'm afraid simply doesn't exist on the IP175C.

This is definitely a flaw because it basically makes the vlan tagging worthless unless you have complete enough control over your network to setup vlans on every computer.

However, on the other hand, is there a particular reason you need to use vlan tags that you can't do at the IP layer? I can understand wanting to support computers without vlan support. However, for the computers that do send vlan tagged packets, personally I have managed to accomplish everything just with IP aliasing and iptables rules on the router--in which case you drop all vlan tags on the port (don't use the t flag)
Also, security-wise, by allowing tagged and untagged packets on the same port, you lose any of the security benefits of vlan tagging because any host can choose a vlan number and the switch will accept its packets.

Anyway, here's the datasheet if you are interested. If you find a way to set a register to allow per-port tag settings I would definitely update the driver.
http://www.icplus.com.tw/Data/Datasheet … 081121.pdf

Hi Phorn,
First of all, thank you for your attention on this topic!

The reason I want to have this setup is that I want to differentiate the services - for example voip, iptv with stb and internet.
I have network segments covering large areas with thousands of users which basicly are using internet service (the untagged traffic). Let say some of them want to use our voip services. We give the client a package with voip phone and a wireless router, one of its ports will be used to connect the voip phone. So on the wifi routers wan port I have untagged packets for the internet connection and tagged voip traffic, which is untagged on the voip phone port. The reason I do this is to increase the quality of the voip service and to avoid voip traffic to go through the 'internet' gateway, which is a machine with thousands of iptables rules and significant amount of traffic. The same is for the iptv service.
During now, I used this setup on devices like Buffalo WHR-HP-G54 (Broadcom integrated switch) and Asus WL-500g Premium (switch BCM5325). On this devices it works fine, but their price last year went up, and now it is more than two times more than the DIR300, so I decided to test the compatibility of this device with my needs.

Once again - the security is not a problem, the goal is to have better quality of the other services.

I have a solution if we don't solve this 'problem' - for those users, who I give this devices, I will configure a separate tagged vlan for their internet service, which is not a problem, but this is related with more routings and RIPE won't be happy when I waste their IP space for this

I will read the datasheet and do some tests with swconfig and will write the results soon here.