VLANs for LAN ports

[ghost_o]

Before I start down this path (I cannot wait for [open/dd]WRT support) - has anyone tried modifying the lan ports for more vlans? I know the switch in these supports 16.

I need to make the 5Ghz Radio on a separate network than the default LAN, and add it to one of the LAN ports like so:

#LAN
vlan1hwname=et0
vlan1ports=1 3 4 8*

#WAN
vlan2ports=0 8u
vlan2hwname=et0

#NEWLAN2
vlan3hwname=et0
vlan3ports=2 8*

This is where I do not know what to do:
lan_ifnames=vlan1 eth1 eth2 wl0.1 wl0.2 wl0.3

I assume the br0 is created from that list, but I now need a br1 - I can do all of this from the command line, but I just need to make sure my logic is sane before I mess with nvram. I can already modify the wl0.x, etc once it is running - I just want to make sure my logic is right for making the lan port a part of the VLAN properly, and if there is something I can do for a new lan_ifnames - (lan2_ifnames?) - that will allow the firmware to set this up automatically? I am only used to swconfig - this is my first broadcom proprietary router and I do not want to hose it, but I desparately need isolated networks (not the MAC filtered guest stuff they implemented).

Also if there is a binary (I cannot find it) like `swconfig` on the unit, that would make me able to control it on the fly and not just when the unit boots, then please tell!

I was bummed to see how they implemented guest networking to say the least..

TIA

-Greg

 

[jobongo]

If I understand your problem then I don't think this will work. I don't think that the coding is there to pull the variables from nvram like that. I may be wrong as i haven't dived into the source code at all. As far as separating the 5Ghz radio from the default lan this can be done. I did something similar to this in order to dedicate a guest network for VPN use. Here is the link for it http://forums.smallnetbuilder.com/showthread.php?t=9839
Basically you have to raise everything to the network layer in order for it to be routed the way you want form the interface that you want. Then you can add scripts to specify an IP and dhcp range and put everything that is connected to that radio on a separate network. As far as the vlans go, I have not messed with them. I thought about it when I was trying to separate VPN traffic but I found this way to be easier.

I am not sure what you are doing but I created a script at https://github.com/RMerl/asuswrt-merlin/wiki/How-to-setup-SSID-for-VPN-and-SSID-for-Regular-ISP-using-OpenVPN.
If you understand my "chicken scratch" then feel free to use it. If not let me know.

 

[ghost_o]

Thanks - I read your script before posting. My issue is I must have a LAN port included to reach the "rest" of my network on that segment - but it must be completely segmented (work VPN, lab etc..).

I'll try the nvram variables and post back. They should work according to what I read in the code, but I just wanted verification if someone has done it.

I'll be the guinea pig I guess.

Thanks!

 

[ghost_o]

OK - it took a while of digging more through the sources, but the switch modification utility is included in the distro, so it makes it quite easy. No nvram variables need to be adjusted (as the broadcom-init will overwrite any vlans between 1 and 3).

If others are interested, I will make a script that can be used for mixing / matching interfaces and bridges to have isolated segment(s) like I needed.

-Greg

 

[rafwes]

I was successful to set up vlans with the robocfg command in /jffs/scripts/services-start. Never tried to create new vlans but this could work:

robocfg show
robocfg vlan 1 ports "1 3 4 8t"
robocfg vlan 2 ports "0 8t"
robocfg vlan 3 ports "2 8t"
robocfg show
vconfig add eth0 3
ifconfig vlan3 up