VLAN tagging of wireless AX86u vlanctl

gorstj

Occasional Visitor
What is the command to tag all wireless activity on wl1.1 with a VLAN tag?

Use scenario:
- isolated 5gz guest wifi (wl1.1 on br2)
- disabled DHCP for the br2
- DHCP server and gateway is connected to a managed switch on VLAN 502

When I connect to a AIMESH node guest 5gz (i.e. the traffic comes in to e.g. eth4.502 tagged with VLAN 502) then it works as expected (i.e. gets a DHCP address and access gateway)

When I connect via main router to guest 5gz (wl1.1 on br2) it does not manage to get a DHCP address etc.
I assume because traffic on wl1.1 is not tagged with VLAN 502

What is the command to tag all traffic leaving wl1.1 with VLAN 502?

Been looking a vconfig and vlanctl with no avail.

This is the closest I have come to:
Code:
vlanctl --if wl1.1 --tx --tags 0 --push-tag --set-vid 502 0 --rule-append
[ERROR vlanctl] vlanCtl_insertTagRule, 470: Invalid argument
 

drinkingbird

Very Senior Member
What is the command to tag all wireless activity on wl1.1 with a VLAN tag?

Use scenario:
- isolated 5gz guest wifi (wl1.1 on br2)
- disabled DHCP for the br2
- DHCP server and gateway is connected to a managed switch on VLAN 502

When I connect to a AIMESH node guest 5gz (i.e. the traffic comes in to e.g. eth4.502 tagged with VLAN 502) then it works as expected (i.e. gets a DHCP address and access gateway)

When I connect via main router to guest 5gz (wl1.1 on br2) it does not manage to get a DHCP address etc.
I assume because traffic on wl1.1 is not tagged with VLAN 502

What is the command to tag all traffic leaving wl1.1 with VLAN 502?

Been looking a vconfig and vlanctl with no avail.

This is the closest I have come to:
Code:
vlanctl --if wl1.1 --tx --tags 0 --push-tag --set-vid 502 0 --rule-append
[ERROR vlanctl] vlanCtl_insertTagRule, 470: Invalid argument

Which model router - there are two different chipsets with totally different commands to do VLAN stuff.
 

gorstj

Occasional Visitor
Thanks for coming back to me. It was an AX86U as per title but not in the post body.

I now have this working by moving all the 502 interfaces into a different bridge as there seemed to be something in the br2 which was causing some mischief.

In case it helps someone, here is the services-start script I am using.

I am now having issues with crashes but will start a new thread for that.

Code:
▒#remove VLAN 502 interfaces from br2
brctl delif br2 wl1.1
brctl delif br2 eth1.502
brctl delif br2 eth2.502
brctl delif br2 eth3.502
brctl delif br2 eth5.502
brctl delif br2 eth4.502
brctl delif br2 eth6.502
brctl delif br2 eth7.502

#add br502 interface and turn on STP
brctl addbr br502
brctl stp br502 on

#add VLAN502 interfaces to br502
brctl addif br502 wl1.1
brctl addif br502 eth1.502
brctl addif br502 eth2.502
brctl addif br502 eth3.502
brctl addif br502 eth4.502
brctl addif br502 eth5.502
brctl addif br502 eth6.502
brctl addif br502 eth7.502

#bring br502 up
ifconfig br502 up

#disable hardware switching (?cause of crashes without?) and restart EAPD (required?)
ethswctl -c hw-switching -o disable
killall eapd
eapd

#bring up br502 interface
ifconfig br502 [your IP] netmask 255.255.255.0
route add -net [network-range] netmask 255.0.0.0 gw [gateway-IP] br502

#open UDP ikev2 VPN to br502
iptables -I INPUT -i br502 -p udp -m multiport --dports 500,4500 -j ACCEPT

#not sure if this is necessary
nvram set lan2_ifnames="wl1.1 eth1.502 eth2.502 eth3.502 eth4.502 eth5.502 eth6.502 eth7.502"
nvram set lan2_ifname="br502"
nvram set br2_ifname="br502"
nvram commit
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top