What's new

rt-ac68u VLAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

nonno

New Around Here
Hi all,
this is my first post here but I enjoy reading this forum from quite a lot.

Since I now have a full Gb ethernet connection at home I decided to start an hobby project to learn about linux and networks: build a small home server using an intel nuc running linux. To isolate the server from the rest of the network I decided to place it in a vlan.
The server is connected to port2 of a netgear gs105e managed switch, configured to assign vlan200 to port2. Port1 is a trunk to route vlan200 and vlan1 to the port 4 of my rt-ac68u obviously running Merlin fw.

After some weeks of study and trials/errors I manged to get the server running and the vlan working, but I still have dhcp issues when rebooting the ac68u. It seems the linux client on vlan200 can get a valid dhcp ip address only when renewing the dhcp lease (by timeout or manual intervention), otherwise the server keeps its address (I can reach it) but the router dhcp lease log does not show it.

Now I'm at a loss, with my level of knowledge I don't really have more debug ideas so I kindly ask for your help and suggetions. I've read some knowledgeable people (like @Martineau) talking about a delay or some kind of synchronization needed to have this working, but I couldn't make it.

As a last thing, I run skynet, diversion and stubby on the router I don't know if this can affect my configuration.

dnsmasq.conf.add:

Code:
#
# Add DHCP custom range for VLAN 200
#
#listen-address=192.168.200.1  <- not sure it's needed or useful but makes no difference
interface=vlan200
dhcp-range=vlan200,192.168.200.10,192.168.200.200,255.255.255.0,86400s
dhcp-option=vlan200,3,192.168.200.1
dhcp-option=vlan200,6,192.168.200.1,0.0.0.0
#
#manually assign a static ip address of the 192.168.200.* pool to the
#lubuntu machine
#
dhcp-host=lubuntu-machine,192.168.200.43
#
#local redirection for server:
#
address=/my.home.ddns.address/192.168.200.43



vlan-config script launched by services-start:

Code:
#!/bin/sh
#
/usr/bin/logger "================== VLAN CONFIG START ==================="
robocfg show | grep -i vlan200 > /dev/null 2>&1 || \
(
  /usr/bin/logger "========= ROBOCFG"
  # lan ports 1-4 assigned to vlan1 when untagged, port 5 is the CPU
  robocfg vlan 1 ports "1 2 3 4 5t"
  # or all the ports can carry vlan200 if tagged as such
  robocfg vlan 200 ports "1t 2t 3t 4t 5t"

  /usr/bin/logger "====== VCONFIG"
  # Create VLAN200
  vconfig add eth0 200 || /usr/bin/logger "VLAN 200 already exists"

  /usr/bin/logger "====== IFCONFIG"
  # Bring VLAN200 up (note that dnsmasq has already been configured for this address)
  ifconfig vlan200 192.168.200.1 netmask 255.255.255.0 up

  brctrl addif br200 vlan200
)
/usr/bin/logger "=================== VLAN CONFIG DONE ==================="


vlan-firewall script lauched by firewall-start: I removed all drop rules to make sure I'm not blocking something useful

Code:
#!bin/sh
#
/usr/bin/logger "======= VLAN200 IPTABLES ======"
# set iptables rules for VLAN200 to access the WAN only
iptables -I FORWARD -i vlan200 -m state --state NEW -j ACCEPT
iptables -I INPUT -i vlan200 -j ACCEPT

/usr/bin/logger "=================== VLAN200 IPTABLES DONE ==================="

plus I run at nat-start:
Code:
#!bin/sh
#
/usr/bin/logger "====== IPTABLES NAT FORWARDING"
#configure port forwading for lubuntu-machine - fixed ip address in dnsmasq.conf.add
#I use the same chain used by official port forwarding, seems no side effects
iptables -t nat -I VSERVER -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.200.43
iptables -t nat -I VSERVER -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.200.43
/usr/bin/logger "=================== IPTABLES DONE ==================="

Thank you
 
Hi all,
this is my first post here but I enjoy reading this forum from quite a lot.

Since I now have a full Gb ethernet connection at home I decided to start an hobby project to learn about linux and networks: build a small home server using an intel nuc running linux. To isolate the server from the rest of the network I decided to place it in a vlan.
The server is connected to port2 of a netgear gs105e managed switch, configured to assign vlan200 to port2. Port1 is a trunk to route vlan200 and vlan1 to the port 4 of my rt-ac68u obviously running Merlin fw.

After some weeks of study and trials/errors I manged to get the server running and the vlan working, but I still have dhcp issues when rebooting the ac68u. It seems the linux client on vlan200 can get a valid dhcp ip address only when renewing the dhcp lease (by timeout or manual intervention), otherwise the server keeps its address (I can reach it) but the router dhcp lease log does not show it.

Now I'm at a loss, with my level of knowledge I don't really have more debug ideas so I kindly ask for your help and suggetions. I've read some knowledgeable people (like @Martineau) talking about a delay or some kind of synchronization needed to have this working, but I couldn't make it.

As a last thing, I run skynet, diversion and stubby on the router I don't know if this can affect my configuration.

dnsmasq.conf.add:

Code:
#
# Add DHCP custom range for VLAN 200
#
#listen-address=192.168.200.1  <- not sure it's needed or useful but makes no difference
interface=vlan200
dhcp-range=vlan200,192.168.200.10,192.168.200.200,255.255.255.0,86400s
dhcp-option=vlan200,3,192.168.200.1
dhcp-option=vlan200,6,192.168.200.1,0.0.0.0
#
#manually assign a static ip address of the 192.168.200.* pool to the
#lubuntu machine
#
dhcp-host=lubuntu-machine,192.168.200.43
#
#local redirection for server:
#
address=/my.home.ddns.address/192.168.200.43



vlan-config script launched by services-start:

Code:
#!/bin/sh
#
/usr/bin/logger "================== VLAN CONFIG START ==================="
robocfg show | grep -i vlan200 > /dev/null 2>&1 || \
(
  /usr/bin/logger "========= ROBOCFG"
  # lan ports 1-4 assigned to vlan1 when untagged, port 5 is the CPU
  robocfg vlan 1 ports "1 2 3 4 5t"
  # or all the ports can carry vlan200 if tagged as such
  robocfg vlan 200 ports "1t 2t 3t 4t 5t"

  /usr/bin/logger "====== VCONFIG"
  # Create VLAN200
  vconfig add eth0 200 || /usr/bin/logger "VLAN 200 already exists"

  /usr/bin/logger "====== IFCONFIG"
  # Bring VLAN200 up (note that dnsmasq has already been configured for this address)
  ifconfig vlan200 192.168.200.1 netmask 255.255.255.0 up

  brctrl addif br200 vlan200
)
/usr/bin/logger "=================== VLAN CONFIG DONE ==================="


vlan-firewall script lauched by firewall-start: I removed all drop rules to make sure I'm not blocking something useful

Code:
#!bin/sh
#
/usr/bin/logger "======= VLAN200 IPTABLES ======"
# set iptables rules for VLAN200 to access the WAN only
iptables -I FORWARD -i vlan200 -m state --state NEW -j ACCEPT
iptables -I INPUT -i vlan200 -j ACCEPT

/usr/bin/logger "=================== VLAN200 IPTABLES DONE ==================="

plus I run at nat-start:
Code:
#!bin/sh
#
/usr/bin/logger "====== IPTABLES NAT FORWARDING"
#configure port forwading for lubuntu-machine - fixed ip address in dnsmasq.conf.add
#I use the same chain used by official port forwarding, seems no side effects
iptables -t nat -I VSERVER -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.200.43
iptables -t nat -I VSERVER -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.200.43
/usr/bin/logger "=================== IPTABLES DONE ==================="

Thank you

Perhaps you should move this to Help setting up VLAN on ASUS RT-AC68U and possibly you may find it useful if I PM you my VLAN_Switch.sh script?

Basically, whilst VLAN200 on Port 4 is the default for my script, you should follow the example for integration with a downstream VLAN capable switch e.g. post #36 or simply examine what my script does - particularly with its firewall rules etc.
 
Perhaps you should move this to Help setting up VLAN on ASUS RT-AC68U and possibly you may find it useful if I PM you my VLAN_Switch.sh script?

Basically, whilst VLAN200 on Port 4 is the default for my script, you should follow the example for integration with a downstream VLAN capable switch e.g. post #36 or simply examine what my script does - particularly with its firewall rules etc.

Thank you, for me it's ok to merge this thread in Help setting up VLAN on ASUS RT-AC68U! I opened a new thread because I didn't want to hijack that thread with my configuration. How can I do that?

In any case I surely will appreciate your script, I hope I will be able to understand what I'm doing wrong.
 
I surely will appreciate your script,

I hope I will be able to understand what I'm doing wrong.
I don't believe you are doing anything wrong.

Whilst my script does things slightly differently, its USP is the ability to display detailed diagnostics/statistics about a VLAN configuration.

I will PM you the link.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top