Hi,

after reading the docs i'm still confused and worried to
brick by router by setting up a different network setup.

I'm using White Russian rc4 with a WRT54G v1.1.

I want to achieve:

- standard WAN (PPPoE) to VLAN8 NAT (VLAN8 is the DMZ)
- WIFI (AP-mode) and VLAN7 bridged together

This makes the WRT54G acting as two independent devices.
A NAT-router to the DMZ (VLAN8) and a WLAN Access-Point
to VLAN7. All Users are wired to VLAN7 or wireless to WIFI
and get their connection by application proxies from a
seperate server which has a trunced/tagges connection to
both VLAN7+8. There is no IP-connection on VLAN7 on the WRT
- only the Layer2-bridge is used on the WRT:

SWITCH                                     WRT54G v1.1
========================================   ===============================
Port0 Port1  Port2  Port3  Port4  Port5
WAN   unused Client Client Server WRT54G
VLAN1                             VLAN1t-+-eth0-+-vlan1---PPPoE
                           VLAN8t VLAN8t-|      |-vlan8---192.168.8.249/24
             VLAN7  VLAN7  VLAN7t VLAN7t-|      |-vlan7-+
========================================                |-br0
WIFI --------------------------------------eth2---------+
==========================================================================

Questions:

What do I need? admcfg (package not found!?) or a patch?
Or are the NVRAM variables suffient for this setup on a v1.1?

What are the correct values for the NVRAM-vars on the v1.1?

Are the VLAN-tags on Port4 802.1q-compatible for a Linux-box
with loaded 8021q.o-module?

Can i brick my router? Does safemode/reset/tftpwait also
reset the switch? Which mode to revover? No serial console
on a v1.1!

Axel

(Last edited by freakout on 8 Dec 2005, 16:27)

Preview button?

Fix your diagram. Use the [code] tag for a monospace font.

I'm doing almost exactly this on v3.1 hw. See #9 in this thread.. Somewhere I posted my config but can't find it with search at the moment. The complication in your case is the need to pppoe on a third vlan but I suspect this should be doable.

Edit: I'm confused by the vlan1/pppoe on your diagram. What's the purpose of this?

With v2.2+ tagging can now be controlled with nvram vars. I'm not sure about v1.1 (ADM).

Should be, although I'm untagging on an HP switch prior to my FC box so can't say for certain. My Fedora box has two physical ethernets, one on the wired vlan and one on the wifi vlan and I untag on the HP switch. It helps to see the lights flash

Yes! I'd suggest leaving one of the lan ports on default vlan0 (vlan2 on hw v1.1?) while working out your config, otherwise you may not have access in failsafe mode (from the wired side anyway).

- DL

(Last edited by dl on 8 Dec 2005, 21:29)

This is just the WAN-connection. A DSL-Modem is connected at the WAN-Port (Port0).
Is is the same as in a standard setup vlan1=WAN.

Where can I lookup this information?

What procedure resets the switch to defaults? Reset-button? Failsave-mode? Power-cycle? boot_wait-mode?

With a v2.2+, you can use either robocfg or NVRAM variables. With a v2 or a v1, you need admcfg. If you know how to compile your own firmware, you may try the patch in this thread : http://forum.openwrt.org/viewtopic.php?id=3064 ; it allows to use the same notation as for a v2.2 with a v2 or a v1. It works fine for me.

Try this :

nvram0ports=
vlan1ports=0 5t
vlan7ports=2 3 4t 5t
vlan8ports=4t 5t

Note that with vlan0ports empty, you cannot upload a new firmware using CFE. Another solution could be :

vlan0ports=1 5*

You should then be able to use port 1 to upload a new firmware.

Thanks for the explanation.

Should these variables be like vlan<n>ports instead of nvram<n>ports? I'm confused.

Does the above mean if i compile firmware with the patch then i don't need admcfg?
Or do i need both?

So is Vincent ..

He's got the right idea, although as you noticed, the variables should be vlan<n>ports. Also, failsafe won't reconfigure the switch .. be careful with the settings or you may need to build a serial or jtag to get back in and reset them.

Duh, of course. This should be no problem.

- DL

I really would prefer to use admcfg:
- then i can let the nvram-vars in their default settings.
- I could run a admcfg-script to switch the router into my production mode manually.
in this way i have no risc to brick the router - right?

Where can i get admcfg for rc4?

Good idea, but you might consider at least breaking the default bridge using nvram.

Search the package tracker?

- DL

Found it - but:
root@wich:~# ipkg install http://192.168.8.100/admcfg_0.6996-wrt1_mipsel.ipk
Downloading http://192.168.8.100/admcfg_0.6996-wrt1_mipsel.ipk
Installing admcfg (0.6996-wrt1) to root...
Configuring admcfg
postinst script returned status 139
ERROR: admcfg.postinst returned 139
Successfully terminated.
root@wich:~# admcfg
OpenWRT ADM Config:

missing/incompatible adm.o driver

root@wich:~# insmod adm.o
Using /lib/modules/2.4.20/adm.o
Warning: loading adm will taint the kernel: no license
  See http://www.tux.org/lkml/#export-tainted for information about tainted modules
insmod: A module named adm already exists
root@wich:~# lsmod
Module                  Size  Used by    Tainted: P
adm                     2924   1 (initializing)
pppoe                   9384   0 (unused)
pppox                   1372   1 [pppoe]
ppp_generic            21892   0 [pppoe pppox]
slhc                    6352   0 [ppp_generic]
wlcompat               14896   0 (unused)
wl                    423640   0 (unused)
et                     32064   0 [adm]
diag                    2560   0 (unused)

root@wich:~# admcfg
OpenWRT ADM Config:

missing/incompatible adm.o driver

Yes, it was my mistake.

They do not work with latest whiterussian.

Where can i get a working admcfg package?
How to build one myself?

Does breaking the bridge not mean to firewall myself out?
I've seen "br0" hardwired in:
root@wich# grep br0 /etc/init.d/S45firewall
  iptables -A FORWARD -i br0 -o br0 -j ACCEPT
?

That's the lan<-->wifi connection. The following will let you talk to the cpu:
  # allow
  iptables -A INPUT -i \! $WAN  -j ACCEPT       # allow from lan/wifi interfaces

- DL

Hmm... - i thought lan<-->wifi are bridged on layer 2 with br0 and have no layer 4 ip-connection at all?
Did i understand something wrong?

Nobody seem to answer to my question about the admcfg package.
Where can i get a runnig package? Or how-to compile myself?

I failed to compile it for myself (this is why I have patched et driver instead). Previous questions about this did not get any answer (see for example the thread that I cited earlier). Moreover, there exists some doubts about adm.o which may be based on code from Linksys that is not covered by GPL.

Could you give me a patched "openwrt-wrt54g-squashfs.bin" (RC4)?