OpenWrt Forum Archive

Topic: wndr3700 vlans

The content of this topic has been archived on 29 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

I am trying to configure Netgear WNDR3700 with vlans.

In the swconfig documentation the following example is shown:

config 'switch_vlan' 'vlan0'
   option 'vlan'       '0'
   option 'device'     'eth1'
   option 'ports'      '0 1 2 5*'

config 'switch_vlan' 'vlan1'
   option 'vlan'       '1'
   option 'device'     'eth1'
   option 'ports'      '3 5t'

Here is a configuration for my router:

config switch_vlan
        option device   rtl8366s
        option vlan     0
        option ports    "0 1 2 5*"

config switch_vlan
        option device   rtl8366s
        option vlan     4
        option ports    "3 5t"

As soon as the port 5 is assigned to any vlan different from 0 the router does not respond on the switch interfaces and requires hard reset.
Is there any specific option I've forgotten to set up?
I also tried configuring lan interface as eth0.0 without success.

I had the same problem with my wndr3700. Traffic stops after configuring port 5 as trunk. The funny thing is that when i reboot, the new config works fine. As soon as i change something "live", traffic stops. Didn't bother to troubleshoot more as my current setup doesn't change often and works...

Here's a copy of my network config:

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'lan'
        option 'ifname' 'eth1'
        option 'proto' 'static'
        option 'type' 'bridge'
        option 'netmask' '255.255.255.0'
        option 'ipaddr' '192.168.33.1'

config 'interface' 'isp1'
        option 'ifname' 'eth0.1'
        option 'proto' 'dhcp'
        option 'dns' '208.67.220.220'

config 'interface' 'isp2'
        option 'ifname' 'eth0.2'
        option 'proto' 'dhcp'
        option 'dns' '208.67.222.222'

config 'switch'
        option 'name' 'rtl8366s'
        option 'reset' '1'
        option 'enable' '1'
        option 'enable_vlan' '1'
        option 'blinkrate' '1'

config 'switch_port'
        option 'device' 'rtl8366s'
        option 'port' '1'
        option 'led' '9'

config 'switch_port'
        option 'device' 'rtl8366s'
        option 'port' '2'
        option 'led' '6'

config 'switch_port'
        option 'device' 'rtl8366s'
        option 'port' '5'
        option 'led' '6'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '0'
        option 'ports' '4 5t'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '1'
        option 'ports' '3 5t'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '2'
        option 'ports' '2 5t'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '3'
        option 'ports' '1 5t'

config 'switch_vlan'
        option 'device' 'rtl8366s'
        option 'vlan' '4'
        option 'ports' '0 5t'

(Last edited by Adze on 14 Apr 2010, 21:42)

Are you using WAN port as a lan interface to access the router? I have a traditional setup with wan connected to ISP using pppoe.
And it doesn't work - with or without reboot, doesn't matter - everything stops working when port 5 is trunked to vlans.
I am using latest Backfire branch.

dremon wrote:

Are you using WAN port as a lan interface to access the router?

Yes, with backfire 10.03 installed...

I managed to fix this issue.
Seems like when the cpu port is trunked the VLAN0 stops working on eth0 interface.
So I made VLAN1, assigned ports to it and changed 'eth0' to 'eth0.1'. Works ok now.

Here is a new configuration:

config interface lan
        option ifname   eth0.1
        option type     bridge
        option proto    static
        option ipaddr   172.22.1.1
        option netmask  255.255.255.0

config switch_vlan
        option device   rtl8366s
        option vlan     0
        option ports    "5*"

config switch_vlan
        option device   rtl8366s
        option vlan     1
        option ports    "1 2 3 5t"

config switch_vlan
        option device   rtl8366s
        option vlan     4
        option ports    "0 5t"

This is the same switch as in the Dlink DIR-825.

I have discovered this port layout:
0 -> Physical port tag 4
1 -> Physical port tag 3
2 -> Physical port tag 2
3 -> Physical port tag 1
4 -> Physical port tag Internet (eth1)
5 -> Internal connected to the CPU (eth0)

port 4 is NOT connected to the switch and shall not be used with swconfig, use regular vconfig to add Q tags to it

The switch are capable of 16 VLANs and can have VLAN id 0-4095.

The command "swconfig dev rtl8366s port 0 set pvid 4095"

Give this result:
swconfig dev rtl8366s vlan 3 show
VLAN 3:
        info: VLAN 3: Ports: 0
                 vid     prio    member          untag   fid
        MC:     4095     0       0x0021          0x001f          0
        4K:     4095             0x0021          0x001f          0
        ports: 0 5t

This shows that it adds port 0 to VLAN number 3, not VLAN q-tag 3, and sets the vid (Q-tag) to 4095.
The first "Ports" line tells which ports in the VLAN that the Q-tag isn't sent out to, regular untagged packets.
It adds 0 5t to the second ports line that seems to which ports are allowed in the VLAN and the 5t tags traffic to the internal interface (eth0)
It takes the first VLAN number that doesn't have any ports assigned to it, that's why it's VLAN #3

If i then run:
swconfig dev rtl8366s vlan 3 set ports '0t 5t'

I got this result:

VLAN 3:
        info: VLAN 3: Ports:
                 vid     prio    member          untag   fid
        MC:     4095     0       0x0021          0x0000          0
        4K:     4095             0x0021          0x0000          0
        ports: 0t 5t

No untagged ports are configured and port 0 are removed as untagged and moved to the second "ports" line as a tagged port.
A port cannot belong to the same vlan as both tagged and untagged, that's why it moved.

If I the run the command:
swconfig dev rtl8366s port 0 set pvid 2
I got this:
VLAN 1:
        info: VLAN 1: Ports: 02
                 vid     prio    member          untag   fid
        MC:     2        0       0x0025          0x001f          0
        4K:     2                0x0025          0x001f          0
        ports: 0 2 5t

VLAN 1 was already configured and had vid 2 already set and port 2 was sending out packets untagged.
With this configuration i have VLAN 3 sending out packets to port 0 as tagged on VLAN 4095
Untagged packets on port 0 and 2 belongs to VLAN 1 with vid 2.

To have VLAN 1 and VLAN 3 handled in the router itself you have to create the virtual interfaces with vconfig command.
"vconfig add eth0 2" adds an interface with vid 2
"vconfig add eth0 4095" adds an interface with vid 4095

This creates eth0.2 and eth0.4095

From my point the parsing of the network configuration file is wrong for the switch configuration, but it's still a beta :-)

peson wrote:

This is the same switch as in the Dlink DIR-825.

I have discovered this port layout:
0 -> Physical port tag 4
1 -> Physical port tag 3
2 -> Physical port tag 2
3 -> Physical port tag 1
4 -> Physical port tag Internet (eth1)
5 -> Internal connected to the CPU (eth0)

port 4 is NOT connected to the switch and shall not be used with swconfig, use regular vconfig to add Q tags to it

The switch are capable of 16 VLANs and can have VLAN id 0-4095.

The command "swconfig dev rtl8366s port 0 set pvid 4095"

Give this result:
swconfig dev rtl8366s vlan 3 show
VLAN 3:
        info: VLAN 3: Ports: 0
                 vid     prio    member          untag   fid
        MC:     4095     0       0x0021          0x001f          0
        4K:     4095             0x0021          0x001f          0
        ports: 0 5t

This shows that it adds port 0 to VLAN number 3, not VLAN q-tag 3, and sets the vid (Q-tag) to 4095.
The first "Ports" line tells which ports in the VLAN that the Q-tag isn't sent out to, regular untagged packets.
It adds 0 5t to the second ports line that seems to which ports are allowed in the VLAN and the 5t tags traffic to the internal interface (eth0)
It takes the first VLAN number that doesn't have any ports assigned to it, that's why it's VLAN #3

If i then run:
swconfig dev rtl8366s vlan 3 set ports '0t 5t'

I got this result:

VLAN 3:
        info: VLAN 3: Ports:
                 vid     prio    member          untag   fid
        MC:     4095     0       0x0021          0x0000          0
        4K:     4095             0x0021          0x0000          0
        ports: 0t 5t

No untagged ports are configured and port 0 are removed as untagged and moved to the second "ports" line as a tagged port.
A port cannot belong to the same vlan as both tagged and untagged, that's why it moved.

If I the run the command:
swconfig dev rtl8366s port 0 set pvid 2
I got this:
VLAN 1:
        info: VLAN 1: Ports: 02
                 vid     prio    member          untag   fid
        MC:     2        0       0x0025          0x001f          0
        4K:     2                0x0025          0x001f          0
        ports: 0 2 5t

VLAN 1 was already configured and had vid 2 already set and port 2 was sending out packets untagged.
With this configuration i have VLAN 3 sending out packets to port 0 as tagged on VLAN 4095
Untagged packets on port 0 and 2 belongs to VLAN 1 with vid 2.

To have VLAN 1 and VLAN 3 handled in the router itself you have to create the virtual interfaces with vconfig command.
"vconfig add eth0 2" adds an interface with vid 2
"vconfig add eth0 4095" adds an interface with vid 4095

This creates eth0.2 and eth0.4095

From my point the parsing of the network configuration file is wrong for the switch configuration, but it's still a beta :-)

Hi Peson,

I had the exact same issue on my TP-Link TL-WR1043ND. Network file is parsed incorrectly, and swconfig misconfigured tagging on ports assignment. I found a workaround to get the vlan tagging properly on assigned ports:
In the Network file, configure each vlan sequentially, also the ones you don't use (very important!). For each VLAN you don't use, do configure it and only set port assignment to ports '0t 5t' (port 0 is wan/trunk port and port 5 is internal in my case) to it. And configure each VLAN you do want to use accordingly as you like. Here's an example of my setup where I had to use pvid's 4 and 7 on specific ports, setting my port 0 (wan) up as a trunk port:

config 'switch'
    option 'name' 'rtl8366rb'
        option 'reset' '1'
        option 'enable_vlan' '1'

config 'switch_vlan'
        option 'device' 'rtl8366rb'
        option 'vlan' '1'
        option 'ports' '3 4 5t'

config 'switch_vlan'
        option 'device' 'rtl8366rb'
        option 'vlan' '2'
        option 'ports' '0t 5t'

config 'switch_vlan'
        option 'device' 'rtl8366rb'
        option 'vlan' '3'
        option 'ports' '0t 5t'

config 'switch_vlan'
        option 'device' 'rtl8366rb'
        option 'vlan' '4'
        option 'pvid' '4'
        option 'ports' '0t 1'

config 'switch_vlan'
        option 'device' 'rtl8366rb'
        option 'vlan' '5'
        option 'ports' '0t 5t'

config 'switch_vlan'
        option 'device' 'rtl8366rb'
        option 'vlan' '6'
        option 'pvid' '6'
        option 'ports' '0t 5t'

config 'switch_vlan'
        option 'device' 'rtl8366rb'
        option 'vlan' '7'
        option 'pvid' '7'
        option 'ports' '0t 2t 5t'

(Last edited by hvandrie on 1 May 2010, 17:45)

Hi Peson, I am a recent owner of a DIR-825 and am still trying to get my head round the switch part.

You wouldn't happen to have an /etc/config/network with a working config with tagging on the physical ports 1-4 would you?

I can get 4 VLANs running, untagged one each on the external ports to tagged on eth0.x, but so far it has resisted my efforts to get tagged
comms working on the non-CPU ports.

I'm running kamikaze trunk r21744, so up to date...

Thanks!

Mavra.

peson wrote:

This is the same switch as in the Dlink DIR-825.

I have discovered this port layout:
0 -> Physical port tag 4
1 -> Physical port tag 3
2 -> Physical port tag 2
3 -> Physical port tag 1
4 -> Physical port tag Internet (eth1)
5 -> Internal connected to the CPU (eth0)

port 4 is NOT connected to the switch and shall not be used with swconfig, use regular vconfig to add Q tags to it

The switch are capable of 16 VLANs and can have VLAN id 0-4095.

The command "swconfig dev rtl8366s port 0 set pvid 4095"

Give this result:
swconfig dev rtl8366s vlan 3 show
VLAN 3:
        info: VLAN 3: Ports: 0
                 vid     prio    member          untag   fid
        MC:     4095     0       0x0021          0x001f          0
        4K:     4095             0x0021          0x001f          0
        ports: 0 5t

This shows that it adds port 0 to VLAN number 3, not VLAN q-tag 3, and sets the vid (Q-tag) to 4095.
The first "Ports" line tells which ports in the VLAN that the Q-tag isn't sent out to, regular untagged packets.
It adds 0 5t to the second ports line that seems to which ports are allowed in the VLAN and the 5t tags traffic to the internal interface (eth0)
It takes the first VLAN number that doesn't have any ports assigned to it, that's why it's VLAN #3

If i then run:
swconfig dev rtl8366s vlan 3 set ports '0t 5t'

I got this result:

VLAN 3:
        info: VLAN 3: Ports:
                 vid     prio    member          untag   fid
        MC:     4095     0       0x0021          0x0000          0
        4K:     4095             0x0021          0x0000          0
        ports: 0t 5t

No untagged ports are configured and port 0 are removed as untagged and moved to the second "ports" line as a tagged port.
A port cannot belong to the same vlan as both tagged and untagged, that's why it moved.

If I the run the command:
swconfig dev rtl8366s port 0 set pvid 2
I got this:
VLAN 1:
        info: VLAN 1: Ports: 02
                 vid     prio    member          untag   fid
        MC:     2        0       0x0025          0x001f          0
        4K:     2                0x0025          0x001f          0
        ports: 0 2 5t

VLAN 1 was already configured and had vid 2 already set and port 2 was sending out packets untagged.
With this configuration i have VLAN 3 sending out packets to port 0 as tagged on VLAN 4095
Untagged packets on port 0 and 2 belongs to VLAN 1 with vid 2.

To have VLAN 1 and VLAN 3 handled in the router itself you have to create the virtual interfaces with vconfig command.
"vconfig add eth0 2" adds an interface with vid 2
"vconfig add eth0 4095" adds an interface with vid 4095

This creates eth0.2 and eth0.4095

From my point the parsing of the network configuration file is wrong for the switch configuration, but it's still a beta :-)

I spent tonight attempting to get the switch to put 8021q tagged vlan packets onto various combinations of port 2,3,4.

With no joy:

I am running trunk snapshot from 3rd of November. And the swconfig output is showing the correct vlan entry for ports 2,3,4,5  - noting that the pvid of port 5 becomes 1001 when this is done. (But I can toggle with the * flag or the switch_ports, pvid directive.

One thing of note is that I am attempting to set the vlan id to be 1001 , I noticed the enable_vlan4k swconfig setting and toggled it in startup scripts and manually, and the swconfig dev show command now shows all the various vlan container objects upto 4095.

So basically are tagged vlan's just complete broken?

Also note, that wan vlan seems to continue to work (i.e my upstream link works gets dhcp lease). But the dhcpd on the internal lan, and vlan1001 interfaces seem to leak randomly.

Wireshark captures are not showing the vlan tag markings on any of the ports.

Has anyone who has had some sucsess with the 1043nd and tagged vlans offer advise on what I am doing wrong.



Switch is setup so:

config 'switch'
    option 'name' 'rtl8366rb'
        option 'reset' '1'
        option 'enable_vlan' '1'
        option 'enable_vlan4k' '1'

config 'switch_vlan'
        option 'device' 'rtl8366rb'
        option 'vlan' '1'
        option 'ports' '1 5t'

config 'switch_vlan'
        option 'device' 'rtl8366rb'
        option 'vlan' '2'
        option 'ports '0 5t'

config 'switch_vlan'
        option 'device' 'rtl8366rb'
        option 'vlan' '1001'
        option 'ports' '2t 3t 4t 5t'

config 'interface' 'lan'
       option 'ifname' 'eth0.1'
       option 'type' 'bridge'

config 'interface' 'vlan1001'
       option 'ifname' 'eth0.1001'

config 'interface' 'wan'
       option 'ifname' 'eth0.2'

Are there any updates on this?
Is the rtl8366s having the same problem as rtl8366rb?

yes, I have been able to get vlan tags working with my tp link, the syntax is a little odd, but does work - you need to be sure that vlan0 (the internal cpu bridge/vlan) is always in the vlan group, and the order is important. use swconfig tool to get it right.

I've been trying to read everything I can find about how to configure VLANs on the WNDR3700 but I just can't get it to work.

What I need to accomplish, is to have one port with one tagged VLAN and also untagged. I wan the tagged traffic to end up at the WAN interface and everything else to be bridged between the other switch ports and the WLAN interfaces.

Anyone have a similar config and can post an example?

Hi there, I will cut to the chase:

How to (A) configure/setup dir-825 VLAN and how to secure the traffic (iptables B) !!!
Repair the (C) LED configuration !!!

First a big thanks to the openWRT-Team:
http://wiki.openwrt.org/toh/d-link/dir-825

>> My Configuration <<
Router: ModelD-Link DIR-825 rev. B1
Firmware Version: OpenWrt Backfire 10.03.1 / LuCI 0.10.0 Release (0.10.0)
Kernel Version: 2.6.32.27

>> My AIM <<
I got from my IPS 6 global IPs so I need to configure VLAN for my machine.
LAN-GW: 192.168.1.1
SNMASK: 255.255.255.0

GLOBAL-IP: 210.190.90.33 - 210.190.90.38
Gateway: 210.190.90.33
SNMASK : 255.255.255.248
IPs globally: 210.190.90.34 - 210.190.90.38

For A and B see this:

http://wiki.openwrt.org/toh/d-link/dir- … lan-port.4

___________________________________________________________________________________________________
C - LED Configuration

1) System / LED Configuration

this section you can define it the way you want it.
In my case: I dissabled the orange led for power and globe

I will add this section only if you want me to.

Cheers and good luck

(Last edited by catanaion on 20 Aug 2012, 17:50)

In order to get this working you need to set the FID for each vlan.  It appears that they all use one table for learning MAC addresses.  The WNDR3700v1 can have up to eight (numbered 0-7) but doesn't automatically assign them when you set up a new VLAN.  Odd.

Here's the ticket addressing this.  Notice that you will also have to patch the /lib/network/switch.sh file manually so it will recognize the "option fid" in the /etc/config/network file.

https://dev.openwrt.org/ticket/8701

(Last edited by Brain2000 on 15 Feb 2016, 23:56)

The discussion might have continued from here.