1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tagged + untagged traffic on single LAN port?

Discussion in 'Tomato Firmware' started by funkyjunkman, May 22, 2014.

  1. funkyjunkman

    funkyjunkman Network Newbie Member

    I am new to VLAN configurations, and have read a number of useful articles, manuals, and threads like this one http://www.linksysinfo.org/index.ph...vlan-for-airport-extreme-guest-network.69665/ but am running in to a roadblock. It could be my configuration, hardware, or firmware version so I'm asking for a bit of insight here.

    The equipment:
    I have an Asus RT-N66U flashed with Shibby's Tomato version 1.28.0000 MIPSR2-117 K26AC USB AIO-64K. I do not use the wireless functionality on this device due to it's location.

    The network has a Netgear GS724T switch that supports VLAN tagging.

    An Engenius ECB3500 WAP is in use that allows for multiple SSIDs and VLAN tagging of that traffic.

    Due to existing wiring limitations, all traffic from the Netgear switch (including traffic from the ECB3500) travels on one Cat6 wire to the RT-N66U.

    Originally, I did not use VLAN tagging and no traffic is currently tagged.

    What I am trying to achieve:

    I would like to add a guest SSID on the ECB3500 and tag that traffic with a VLAN ID so that it stays segregated and on it's own IP range separate from the current office traffic.

    What I have tried so far, unsuccessfully:

    I have set up the new SSID and tagged all traffic from that connection as VLAN ID 10.

    I have set up a new bridge on the RT-N66U for this new traffic to travel over, as well as configuring the VLAN page to recognize and route this traffic as necessary.

    I used the telnet commands to allow all LAN ports on the RT-N66U to recognize the VLAN tagged traffic as well as untagged traffic.

    Unfortunately, when it is configured as seen below it only recognizes VLAN ID 10 traffic on all LAN ports. If one of those ports is unchecked (via telnet), then it operates as normal but ignores VLAN ID 10 traffic on that port.

    I don't want to have to force all existing (default) traffic to get tagged by the switch in order for the RT-N66U to recognize both data streams. It is also impractical for me to wire the WAP directly to one of the ports on the RT-N66U due to existing wiring conditions.

    This is the bridge I created:
    [​IMG]

    This is what the routing table looks like:
    [​IMG]

    This is what the VLAN page looks like:
    [​IMG]

    I have not made any changes beyond what is seen above, and running the command
    Code:
    nvram set vlan10ports="1t 2t 3t 4t 8"
    nvram commit
    reboot
    Maybe I missed a step? Maybe I'm trying to do something impossible?
    Any insight would be greatly appreciated. I'm definitely out of my depth here!
     
  2. TyShawn

    TyShawn Reformed Router Member

    I'm also looking into this same setup. I want to setup a guest wireless on a /23, a staff wireless on a /24, and a management group for my APs and switches /27. is there anything special I need to do to make this work correctly?
     
  3. funkyjunkman

    funkyjunkman Network Newbie Member

    UPDATE - CLARIFICATION:

    If both VLAN 1 and VLAN 10 are active on Port 1 THEN

    * If tagged is checked for both VLAN 1 and VLAN 10 - Both VLAN 1 and VLAN 10 traffic works fine - Untagged traffic is ignored

    * If tagged is checked for just VLAN 10 - Only VLAN 10 traffic works fine - Untagged (and VLAN 1, of course) traffic is ignored

    * If tagged is unchecked on both - both VLAN 1 and VLAN 10 tagged traffic is ignored - untagged traffic is handled by the bridge designated as default

    It seems like I should be able to mix tagged and untagged traffic on a single Port, where untagged traffic is automatically treated like VLAN 1 traffic because it has been chosen as 'Default'.
     
    sleepytime and TyShawn like this.
  4. TyShawn

    TyShawn Reformed Router Member

    Can anyone help with this question?
     
  5. sleepytime

    sleepytime Network Newbie Member

    Anyone found a solution to solve this problem?
     
  6. TyShawn

    TyShawn Reformed Router Member

    No not yet.
     
  7. blah123

    blah123 Reformed Router Member

    Have you tried checking that trunk vlan support override? I've not done this on my tomato system but when you put more than one vlan on a link that is usually referred to as a trunk. So it seems like you might need that.
     
  8. TyShawn

    TyShawn Reformed Router Member

    I'll try that again, but it may not be supported on my model. I'll report back soon.

    UPDATE
    I tried using "Trunk VLAN support override (experimental)" and that did not help with this setup.
     
    Last edited: Jun 6, 2014
  9. blah123

    blah123 Reformed Router Member

    Have you tried plugging in something with wireshark or similar to see if the packets were being tagged correctly (or not tagged as the case may be)?
     
  10. sleepytime

    sleepytime Network Newbie Member

    I am also interested in doing this type of setup with my RT-N66U and WRT54GL. I haven't had any luck in getting it to work tho. It seems that the whole tagging feature is at very experimental stage. After a simple VID change, my RT-N66U will not respond to wired connection. WAN DHCP will also say renewing... forever. It's very buggy.
     
  11. TyShawn

    TyShawn Reformed Router Member

  12. sleepytime

    sleepytime Network Newbie Member

    Since tagging doesn't really work, I have been trying to setup a VPN between the router and the AP. The way that I am thinking is to have a VPN running then have wl0.1 bridge to the VPN (tap interface). I am not sure if this is going to work coz I am not able to find the tap interface in the vlan page. Has anyone tried this before?
     

Share This Page