Wireless and VLANS

[TomT]

Is it possible to put the 2.4ghz wireless in a specific VLAN ?
Router is RC-68U running Merlin Firmware: 378.54_2

This is related to my question here :
http://www.snbforums.com/threads/vlan-configuration-netgear-gs108e.28074/

Thanks

 

[L&LD]

Easily? No.

But I think that with some digging into the settings manually, you might.

But first, I would suggest you upgrade to the latest firmware anyway, no matter what.

 

[TomT]

Thanks I do plan to upgrade even though I've no issues with this version.

I'll search for WiFi and vlan any links or pointers would be helpful.

Thanks

 

[ASAT]

Aren't VLANs only for grouping of Ethernet ports? And, the Wi-Fi is already on its own interfaces. Depends what you're trying to accomplish. Here's the interfaces defined by the Asus router:

eth0 is Ethernet WAN port
vlan1 is Ethernet LAN ports 1-4
eth1 is 2.4 GHz Wi-Fi
eth2 is 5.0 GHz Wi-Fi
wl0.1 is 2.4 GHz Guest#1 Wi-Fi
wl1.1 is 5.0 GHz Guest#1 Wi-Fi
wl0.2 is 2.4 GHz Guest#2 Wi-Fi
wl1.2 is 5.0 GHz Guest#2 Wi-Fi
wl0.3 is 2.4 GHz Guest#3 Wi-Fi
wl1.3 is 5.0 GHz Guest#3 Wi-Fi

 

[TomT]

Thanks

Currently I'm not using LAN ports 3 & 4
Is it possible to create new VLANS and the assign ports 3 & 4 to the new VLANS as well as VLAN 1 ?

 

[ASAT]

Is it possible to create new VLANs and the assign ports 3 & 4 to the new VLANS as well as VLAN 1 ?

I think Yes. A simple example would be if you had a managed switch connected to LAN port#4 of the router. This would be a tagged port that handles all VLANs in use by the switch. So if you want the router to filter those VLANs, you would need to create each VLAN on the router itself and assign the tagged port to each VLAN. Host ports are untagged. Inter-switch ports are tagged.

 

[Ron Rossi]

Thanks

Currently I'm not using LAN ports 3 & 4
Is it possible to create new VLANS and the assign ports 3 & 4 to the new VLANS as well as VLAN 1 ?

I am new here. It seems to set up a VLAN on ports 3 and/or 4 you can use LAN->IPTV tab. You probably knew that though. I have not figured out DHCP on the new VLAN nor bridging to it.

 

[TomT]

I want to connect a switch to port 4 on the ASUS.
The switch will have multiple VLANS configured (ID's 5,10,15 & 20) Port 4 will connect to port 1 on switch.

I'm assuming I need to configure port1 as tagged on the switch but what do I set port 4 on the router as ?

Port 3 on the router is for a PC that should have access to all VLANS configured. Any idea how I set that up ?

Thanks

 

[Ron Rossi]

On my Asus I don't have the ability to monkey much with the VLAN settings. In the IPTV tab you can create an isolation. However it sounds like your question is how to have traffic from VLAN 5, 10, 15, & 20 (which I assume are unique to the downstream switch) get to the internet on your Asus through port 4. I am PRETTY SURE (meaning I am not positive, but since no one else has answered I will give it a shot) you would set port 1 on the switch to be an untagged member of all 4 VLANs. When data leaves the switch you don't want it tagged, since there is no corresponding VLAN to receive the data. When it comes in, then the switch will take care of where it goes based on the MAC or IP depending on the layer the switch is operating on. This is what I would try anyway.

My switch is a Netgear GS116E and with port based configuration there is no way to associate a port with multiple VLANs. Using 802.1Q based advanced setup I could have all the ports untagged and any port belonging to multiple VLANs. For the multi-VLAN port (1 in your case) you need to pick a PVID and I am not sure it matters which you pick.

YMMV as I am learning myself

I want to connect a switch to port 4 on the ASUS.
The switch will have multiple VLANS configured (ID's 5,10,15 & 20) Port 4 will connect to port 1 on switch.

I'm assuming I need to configure port1 as tagged on the switch but what do I set port 4 on the router as ?

Port 3 on the router is for a PC that should have access to all VLANS configured. Any idea how I set that up ?

Thanks

 

[ASAT]

Here's my guess for RT-AC68U router. If you have a different router, it may number the ports differently. In this sample code, the RT-AC68U router will expect VLAN tagged data from the switch. So if nothing else works for you, give this try.

/jffs/scripts/firewall-start

robocfg show | grep -e vlan5: > /dev/null 2>&1
if [ $? -ne 0 ]; then
  robocfg vlan 5 ports "4t 5t"
  vconfig add eth0 5
  ifconfig vlan5 up
  brctl addif br0 vlan5
fi

robocfg show | grep -e vlan10: > /dev/null 2>&1
if [ $? -ne 0 ]; then
  robocfg vlan 10 ports "4t 5t"
  vconfig add eth0 10
  ifconfig vlan10 up
  brctl addif br0 vlan10
fi

robocfg show | grep -e vlan15: > /dev/null 2>&1
if [ $? -ne 0 ]; then
  robocfg vlan 15 ports "4t 5t"
  vconfig add eth0 15
  ifconfig vlan15 up
  brctl addif br0 vlan15
fi

robocfg show | grep -e vlan20: > /dev/null 2>&1
if [ $? -ne 0 ]; then
  robocfg vlan 20 ports "4t 5t"
  vconfig add eth0 20
  ifconfig vlan20 up
  brctl addif br0 vlan20
fi

 

[TomT]

Hi. Happy New Year.

I had a play with vlans on my network yesterday.

I made NO changes to my ac68u and connected my PC to port 1, network printer to port 2 and used port 3 to link to my vlan switch.

Port 3 links to port 8 on my switch which is configured with 3 vlans. 1, 10(home) & 20(work)

Devices in vlans 10 & 20 can access the internet and printer fine. But can't see each other. So that seems to work.

My PC connected to the router can access both vlans, so that sems to be OK.

The next challenge will be to see if I can put a guest WiFi into a specific vlan and set the vpn client to use a specific vlan.

Anyone any ideas on that ?
Thanks

 

[K07L9]

Hi !

In the framework of what you are trying to achive, I am also looking for a tuto to route anyone who connect to a guest wifi through a VPN. Most of the tutos I have found try to do this based on IP filtering with firewall rules using iptables. Look in http://www.snbforums.com/threads/selective-routing-with-asuswrt-merlin.9311/

None of the solutions given there is using the guest wifi interfaces "wl0.x" for the filtering. I was hoping that maybe using the interface 'for example 1 guest wifi wl0.1) to MARK all the packet and route them through vpn would be most practical; though I do not know if It is simple to implement. Because It is not consistent to deal with range of IP, besides random IPs (DHCP) , for a selective routing. Maybe VLAN is a way to go...

Any Idea