Solved Cable Modem->VLAN Tagged Switch->MoCA Adapter->MoCA Adapter->VLAN Tagged Switch->AX86U Router

[GHammer]

I have a need to get the modem to another floor of a house that does not have the layout to pull ethernet cable from one location to the other.
The cable modem also will not get moved as there are no drops in the area the router needs to be in.
So, I thought, I'll just use the VLAN WAN capability of the AX86 and 2 managed switches to bring the signal to the router. So far, does not work.
The basement switch feeds a few IoT and media server devices, so needs to have the LAN available in that location.
The main floor switch feeds a home office and currently an AP.

The idea here is to have a decent AIO router on the main floor instead of a split arrangement with a router in the basement feeding a switch and AP on the main floor.
To me, that would involve having the LAN on the default VLAN 1 and the WAN on VLAN 100
Have a trunk (not a trunk switching-wise, just concept-wise) that runs VLAN 1 and 100 tagged on one port of each switch. Plug that port into the MoCA adapters.
Have a port on each switch that is VLAN 100 untagged. Have the modem attached to that port on one switch and the router WAN port attached on the other.
Make all other ports untagged members of VLAN 1

When I do this, I get "Your ISP's DHCP does not function properly"

Photos attached to show configuration and the error.

Any assistance would be great!

 

[ColinTaylor]

I don't know the answer to your question, but how does your Dual WAN setup fit into this? What is the supplying the secondary WAN?

 

[GHammer]

I don't know the answer to your question, but how does your Dual WAN setup fit into this? What is the supplying the secondary WAN?

You have to enable Dual WAN in order to have the LAN port appear. Only the LAN port will allow VLAN usage.
So, first to LAN->IPTV set the VLAN ID for Internet.
The to WAN->Dual WAN enable, then choose the secondary to be the LAN port you enabled for VLAN.
WAN for some reason has to be the primary, just won't save with it any other way.

 

[ColinTaylor]

I don't think it works like that. You don't need to use Dual WAN. The only requirement is as stated that the "WAN port is assigned to primary WAN"

With that done (which is the normal operating mode), in the IPTV/Manual settings the "Internet" VLAN is referring to the primary WAN interface, which is currently disconnected.

 

[GHammer]

I don't think it works like that. You don't need to use Dual WAN. The only requirement is as stated that the "WAN port is assigned to primary WAN"

With that done (which is the normal operating mode), in the IPTV/Manual settings the "Internet" VLAN is referring to the primary WAN interface, which is currently disconnected.

Yes, it does say that, I read too much into it. Off for a try.

 

[Crimliar]

Yes, it does say that, I read too much into it. Off for a try.

Let us know how you get on, I've seen this successfully done, but not here and as it was a while back I'm a bit fuzzy on the details.
I believe it was done using 802.1Q VLAN tagging: I believe it was Modem > switch (tagged port) > HomeAV link > switch (tagged port) > Router WAN port and then Router LAN port > switch > HomeAV > switch > devices

*I can't recall the local traffic heading back to the first switch being tagged, but as I said I'm fuzzy on just how it was done, I just know it was working!

 

[GHammer]

Well, I configured as VLAN 10 (in case 100 was too big) restarted switches. Power cycled the modem, still get the "Your ISP's DHCP does not function properly" on the router. No MoCA involved, just cable between the devices on a bench.
I then tried different combinations of tagged/untagged disabling and enabling the WAN each time. No change.

Currently, I am at a loss.

Should the VLAN be tagged, untagged, tagged one switch and nothing on the other?
I'm not willing to believe that 2 switches that do VLANs and successfully pass traffic on VLANs is not capable of this.
I will say that before going down this road very far, I did have a dual NAT setup with another router and it did work via VLANs. Just the modem is unwilling to answer it seems. But, how to prove this?

 

[Frank Monroe]

My setup is similar to what I think you are trying to do as follows: I have a four story house where the ISP's router is on the top floor. I have the ISP's router connected to the WAN port of an ASUS router configured in AP mode. Port 1 of the same ASUS router is connected to a MoCA adapter. On the other end of the coax, on the bottom floor, another MoCA adapter is connected to the WAN port of another ASUS router configured in router mode. It looks like this:

ISP Router (untagged)->ASUS AP WAN port (untagged)->ASUS AP port 1 (untagged and VLAN 1)->MoCA (untagged and VLAN 1)->MoCA (untagged and VLAN 1)->ASUS router WAN port (untagged and VLAN 1)

With this configuration, I have both the inside of the ISP router's traffic and the inside of the ASUS routers' traffic flowing in the same MoCA coax. But the two networks are isolated via the VLAN's configured on the ASUS router configured in router mode. This setup allows me to have a WiFI AP with an ethernet backhaul on the top two floors and use the same coax to get the main ISP traffic to the main ASUS router in the basement. The VLAN configuration is as follows:

ASUS in AP mode:

1: vlan1: 1t 2 3 4 8t
2: vlan2: 0 1

ASUS in router mode:

1: vlan1: 0t 1 2 3 4 5 7 8t
2: vlan2: 0 8u

To implement this, the only configuration I had to make was using jffs adding the following to init-start

robocfg vlan 1 ports "0t 1 2 3 4 5u 7 8t"

 

[ColinTaylor]

What switch model are you using?

I think as a minimum the modem must be seeing untagged traffic. Otherwise it's likely to reject it and you'll get the "Your ISP's DHCP does not function properly" error.

 

[Crimliar]

Above is a simplified diagram (I'm not a pro) showing a working 802.1Q VLAN that I have access to as I understand the network to operate. *I'm aware this is not an ideal set up! The only connection carrying the tags is the one between the two switches, though all connections to ports on the switches are within VLANs
The router connects from its WAN plan to the switch port that adds VLAN 111. This is then sent to the other switch which then removes the VLAN 111 tag before sending onward to the xDSL modem. Every device connected to the switches is in either VLAN 111 or 222 but no devices in the network other than the switches "see" their VLAN tags.

 

[GHammer]

I don't think it works like that. You don't need to use Dual WAN. The only requirement is as stated that the "WAN port is assigned to primary WAN"

After testing, yes indeed, you do have to connect to a LAN port assigned under Dual WAN in order to get a connection.
Connected to only the WAN port, ISP DHCP not functioning error. Move the cable to the LAN port assigned in Dual WAN, connected.
So, Dual WAN and assigning a LAN port is needed if you want to use a VLANed WAN.
Still not working with the ISP modem, I tested this with another router getting a dual NAT situation, but the configuration of the switches and VLANs does not change, only the WAN port assignment.

 

[ColinTaylor]

So, Dual WAN and assigning a LAN port is needed if you want to use a VLANed WAN.

That makes no sense unless you have changed your IPTV VLAN assignments from your earlier screen shot. If you're connecting to the LAN port (as a secondary WAN) you're not using VLAN tagging at all. Which is kinda what we were alluding to above. i.e. there's no real need to use VLAN tagging on the router, you only need VLANs on the switch to switch link. So you might as well disable Dual WAN and IPTV completely and you'd achieve the same results.

 

[GHammer]

That makes no sense unless you have changed your IPTV VLAN assignments from your earlier screen shot. If you're connecting to the LAN port (as a secondary WAN) you're not using VLAN tagging at all. Which is kinda what we were alluding to above. i.e. there's no real need to use VLAN tagging on the router, you only need VLANs on the switch to switch link. So you might as well disable Dual WAN and IPTV completely and you'd achieve the same results.

How then, will the ISP modem reach the far end to the router if not via VLAN?
This isn't about segregating LAN address spaces.

 

[ColinTaylor]

How then, will the ISP modem reach the far end to the router if not via VLAN?
This isn't about segregating LAN address spaces.

See @Crimliar's diagram in post #10. See how he's using VLAN111 for the WAN traffic between the switches, but the same traffic is untagged on the modem's port and the router's WAN port.

 

[GHammer]

Above is a simplified diagram (I'm not a pro) showing a working 802.1Q VLAN

Thanks, I shall give this a try now.

 

[GHammer]

See @Crimliar's diagram in post #10. See how he's using VLAN111 for the WAN traffic between the switches, but the same traffic is untagged on the modem's port and the router's WAN port.

Off to give this a try before resorting to outside CAT6, which will be a true pain.

 

[GHammer]

@ColinTaylor @Crimliar

Ok, I reconfigure the router removing the VLAN and disabling IPTV
Removed the LAN port on the WAN and disabled Dual WAN.
Rebooted the router.

Configured the switches as outlined, except keeping VLAN 1 on most ports as that is the management VLAN.
I'm attaching two pics just listing ports and their VLAN status. 10 is the modem/router 100 is the LAN

This gets the same ISP DHCP message as before.
At this point, all I can think is the Arris cable modem isn't happy about something or other.

I'm happy to try any ideas though. If it were for me, I'd already be running CAT6, as it is for a homebound friend who REALLY needs to get internet where they can use it, I'm plugging away.

 

[Crimliar]

Try it without adding in VLAN 1, it's an unnecessary complication, and probably bad practice. If you need to, go back to my diagram and think where VLAN 1 would sit in that diagram.

 

[GHammer]

Try it without adding in VLAN 1, it's an unnecessary complication, and probably bad practice. If you need to, go back to my diagram and think where VLAN 1 would sit in that diagram.

If that is both switches management VLAN and I remove it from the bridge/trunk how will the switches be managed?

 

[GHammer]

Try it without adding in VLAN 1, it's an unnecessary complication, and probably bad practice. If you need to, go back to my diagram and think where VLAN 1 would sit in that diagram.

I will remove VLAN 1 from the trunk and any other ports involved with the modem and router