Simple VLAN (Native with tagged VLAN) from AC-68U to AC-86U

[kyrios]

Main router : RT-AC3200 with FreshTomato 2021.7
192.168.10.1/24 : for main network (VLAN ID : 1) with DHCP server
192.168.20.1/24 : for guest network (VLAN ID : 3) with DHCP server

----
AP1 = RT-AC68U (AsusWRT-Merlin 386.7_2)
Set as AP with IP = 192.168.10.2
WAN Port = Trunk port to main router (RT-AC3200)
LAN 1 = member of VLAN 3, wired guest.
LAN 2, 3, 4 = member of VLAN1, wired main network.

#!/bin/sh
# WAN Port as Trunk Port
robocfg vlan 1 ports "0 2 3 4 5t"  <<-- remove LAN port #1 from native VLAN
robocfg vlan 3 ports "0t 1 5t"  <<<-- LAN Port #1 for wired Guest (VLAN 3)
vconfig add eth0 3
ifconfig vlan3 up

brctl addbr br1
brctl addif br1 vlan3
ifconfig br1 192.168.20.2 netmask 255.255.255.0
ifconfig br1 up

nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set lan_ifname="br0"
nvram set lan1_ifnames="vlan3"
nvram set lan1_ifname="br1"

killall eapd
eapd

Above code is perfectly fine for AC-68U running AsusWRT-Merlin.
Now the wifi chip is dead (2.4GHz), I have bought AC-86U to replace it.
The purpose is similar to AC-68U, WAN port as trunk port and LAN port 1 for wired guest.

# Physical port to interface map:
# eth0   WAN
# eth1   LAN 4
# eth2   LAN 3
# eth3   LAN 2
# eth4   LAN 1
# eth5   2.4 GHz Radio
# eth6   5 GHz Radio

vlanctl --mcast --if-create eth0 3
vlanctl --if eth0 --rx --tags 1 --filter-vid 3 0 --pop-tag --set-rxif eth0.v3 --rule-append
vlanctl --if eth0 --tx --tags 0 --filter-txif eth0.v3 --push-tag --set-vid 3 0 --rule-append
ifconfig eth0.v3 up

brctl delif br0 eth4  <<-- remove LAN port #1 from native VLAN
brctl addbr br1  <<-- create br1 for VLAN 3
brctl addif br1 eth4 <<-- add LAN port #1 to br1
brctl addif br1 eth0.v3 <<-- add WAN port with tagged to VLAN 3
ifconfig br1 192.168.20.2 netmask 255.255.255.0
ifconfig br1 up

nvram set lan_ifnames="eth0 eth1 eth2 eth3 eth5 eth6"
nvram set br0_ifnames="eth0 eth1 eth2 eth3 eth5 eth6"
nvram set br1_ifname=br1
nvram set br1_ifnames="eth0.v3 eth4"
nvram set lan1_ifname=br1
nvram set lan1_ifnames="eth0.v3 eth4"

ethswctl -c hw-switching -o disable

killall eapd
eapd

problem is :
LAN port #2, #3, #4 can't get IP address (192.168.10.x) from DHCP server.
While LAN port #1 has no problem get IP address (192.168.20.x).

@Yota @LeandroBR @Jack Yaz

 

[drinkingbird]

Main router : RT-AC3200 with FreshTomato 2021.7
192.168.10.1/24 : for main network (VLAN ID : 1) with DHCP server
192.168.20.1/24 : for guest network (VLAN ID : 3) with DHCP server

View attachment 45505
View attachment 45506
----
AP1 = RT-AC68U (AsusWRT-Merlin 386.7_2)
Set as AP with IP = 192.168.10.2
WAN Port = Trunk port to main router (RT-AC3200)
LAN 1 = member of VLAN 3, wired guest.
LAN 2, 3, 4 = member of VLAN1, wired main network.

#!/bin/sh
# WAN Port as Trunk Port
robocfg vlan 1 ports "0 2 3 4 5t"  <<-- remove LAN port #1 from native VLAN
robocfg vlan 3 ports "0t 1 5t"  <<<-- LAN Port #1 for wired Guest (VLAN 3)
vconfig add eth0 3
ifconfig vlan3 up

brctl addbr br1
brctl addif br1 vlan3
ifconfig br1 192.168.20.2 netmask 255.255.255.0
ifconfig br1 up

nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set lan_ifname="br0"
nvram set lan1_ifnames="vlan3"
nvram set lan1_ifname="br1"

killall eapd
eapd

Above code is perfectly fine for AC-68U running AsusWRT-Merlin.
Now the wifi chip is dead (2.4GHz), I have bought AC-86U to replace it.
The purpose is similar to AC-68U, WAN port as trunk port and LAN port 1 for wired guest.

# Physical port to interface map:
# eth0   WAN
# eth1   LAN 4
# eth2   LAN 3
# eth3   LAN 2
# eth4   LAN 1
# eth5   2.4 GHz Radio
# eth6   5 GHz Radio

vlanctl --mcast --if-create eth0 3
vlanctl --if eth0 --rx --tags 1 --filter-vid 3 0 --pop-tag --set-rxif eth0.v3 --rule-append
vlanctl --if eth0 --tx --tags 0 --filter-txif eth0.v3 --push-tag --set-vid 3 0 --rule-append
ifconfig eth0.v3 up

brctl delif br0 eth4  <<-- remove LAN port #1 from native VLAN
brctl addbr br1  <<-- create br1 for VLAN 3
brctl addif br1 eth4 <<-- add LAN port #1 to br1
brctl addif br1 eth0.v3 <<-- add WAN port with tagged to VLAN 3
ifconfig br1 192.168.20.2 netmask 255.255.255.0
ifconfig br1 up

nvram set lan_ifnames="eth0 eth1 eth2 eth3 eth5 eth6"
nvram set br0_ifnames="eth0 eth1 eth2 eth3 eth5 eth6"
nvram set br1_ifname=br1
nvram set br1_ifnames="eth0.v3 eth4"
nvram set lan1_ifname=br1
nvram set lan1_ifnames="eth0.v3 eth4"

ethswctl -c hw-switching -o disable

killall eapd
eapd

problem is :
LAN port #2, #3, #4 can't get IP address (192.168.10.x) from DHCP server.
While LAN port #1 has no problem get IP address (192.168.20.x).

@Yota @LeandroBR @Jack Yaz

So your VLAN 3 is working but VLAN 1 is not? I'd check your settings to make sure you have VLAN 1 untagged on the WAN port of the new router/AP, since it wouldn't be there by default as far as I know (it isn't on mine but I don't have an HND based router).

 

[kyrios]

Yes..
When code is not pasted into SHH nor written into services-start file, it will become just dumb AP.
All LAN ports (1-4) will be members of VLAN 1, thus will get DHCP.
But I need 1 port for wired Guest (VLAN 3) purpose.

 

[drinkingbird]

Yes..
When code is not pasted into SHH nor written into services-start file, it will become just dumb AP.
All LAN ports (1-4) will be members of VLAN 1, thus will get DHCP.
But I need 1 port for wired Guest (VLAN 3) purpose.

Right but when you added VLAN 3 tagged to the WAN port make sure you didn't remove VLAN 1 or inadvertently tag it.

 

[kyrios]

No, I do not think so.
You could also examine my code.
I think still not right. Especially in vlanctl, i think the error is over there.
Or maybe the brctl command is not complete

 

[drinkingbird]

No, I do not think so.
You could also examine my code.
I think still not right. Especially in vlanctl, i think the error is over there.
Or maybe the brctl command is not complete

Have a look at this thread

RT-86U - vlanctl & ethctl usage puzzle

All, While the search revealed several hits on the vlanctl and ethctl commands used in the new Broadcom chips, as in the RT-86U, there is not yet a definitive guide or howto on to properly use them to control the VLANs on these routers. Obviously in contrast to the more we’ll known robocfg...

www.snbforums.com

Especially a post near the end where they found that after disabling hardware switching, it becomes much simpler to configure vlans

No, actually, what I meant is that you don't need to use VLANCTL to create VLAN, but directly use IP LINK (it's simpler, I tested and worked):

Example:

ip link add link ethX name vlan10 type vlan id 10
ip link add link ethX name vlan20 type vlan id 20
ifconfig vlan10 192.168.10.1 netmask 255.255.255.0 up
ifconfig vlan20 192.168.11.1 netmask 255.255.255.0 up
ip addr del 192.168.A.B/24 dev ethX

Then, add these new interfaces to the bridges.

To connect Router + APs to extend guests networks, I can't think another way without using VLAN. Just controlling by ebtables/iptables, this is possible only using the same router, but not multiple (router+APs).

Also another post here using the simpler method and keeping VLAN 1:

VLANs, Trunk interface, tagged and untagged traffic RT-AX86U and RT-AX88U

It took me a while to make this thing work. I could find some configs but nothing worked as provided. After combining information from several different posts I came to the working solution posted below. As it took me a while to get it to work I figured I'd share it here in case anyone else...

www.snbforums.com

 

[kyrios]

I do not think IP Link can tag/trunk the VLAN.
Router to router is double NAT.
Mine is router to AP. Even between them is TP-Link Managed switch (for 8 IP Cams)

 

[drinkingbird]

I do not think IP Link can tag/trunk the VLAN.
Router to router is double NAT.
Mine is router to AP. Even between them is TP-Link Managed switch (for 8 IP Cams)

Those posts seem to think it can be done that way but you'll have to experiment with it. There is a lot of info in them on both methods.