VLAN mess

Discussion in 'Tomato Firmware' started by rs232, Jul 16, 2016.

  1. rs232

    rs232 Network Guru Member

    Have you ever tried to set up VLAN between a new router and an old one?

    You might or might not have noticed that the default VLAN is different on a model basis e.g.:

    ASUS AC56U has by default VLAN 1 and 2

    Buffalo WHR-HP-G54

    has by default VLAN 0 and 1

    Incidentally I have and additional VLAN I use to transfer guest WLAN traffic as well. so it turns into 1-2-3 for new devices, 0-1-2 for old devices.

    You might think, never mind just change either and make them talking the same VLAN number... not quite! doing so after a reboot you get a real mess in the VLAN config page as tomato expects to have that first VLAN numbered that way it thinks, so it recreates it regardless adding all the LAN ports to it:

    What I want:


    What I get after a reboot:


    Unless I'm missing something, it sounds like a bug to me.

    Last edited: Jul 17, 2016
  2. rs232

    rs232 Network Guru Member

    Another issue, if you try to set up the VLAN ID (VID) to e.g. 0 it will always revert back to the VLAN number

    e.g. from the screen above, if I change

     1    1
     1    0
    The GUI will accept it but convert automatically the 0 into a 1

  3. rs232

    rs232 Network Guru Member

    Another issue:

    it seems like it is not to possible to have a trunk on the WAN port for VLAN1 as the setting is accepted but it disappears after the requested reboot.
  4. rs232

    rs232 Network Guru Member

    This unelegant solution seems to be a work-around:

    nvram set vlan1ports=""
    nvram set vlan2ports="0t"
    With a bad teaste in the mouth though...
  5. Elfew

    Elfew Network Guru Member

  6. shibby20

    shibby20 Network Guru Member

    my current configuration on RT-AC3200


    the same configuration had on R7000. But i know i CANNOT use VLAN0. If i try set vlan0 then all stopped working.

    @rs232 try remove vlan0 and set vlan2 as your your br0 (same as i did).

    BTW vlan5 and 6 are used for bonding (LACP) between my my router and NAS - 2Gbps link :)
    crashnburn likes this.
  7. rs232

    rs232 Network Guru Member

    Thanks Shibby, my point as per original post is: Tomato assumes there's always one VLAN set and if that specific VLAN doesn't exists it recreates it.

    K24 devices have this must have VLAN numbered "0" where newer devices have this must have VLAN numbered "1".

    So if I remove VLAN0 on the 2.4 devices it simply will be recreated with all the ports in it! Same applies to VLAN1 for 2.6+/ARM devices.

    Therefore the communication between these 2 type of devices is just bugged and where I found myself not possible at all unless I remove any VLAN config and proceed with untagged frames communication.

    If I understood this well, it's just the matter to have tomato bypassing this "wanted VLAN re-reaction" at boot time if another any VLAN has the default VLAN flag set. That's what the default VLAN is for btw ;)

    I have other VLANs set on different sites between 2.6 ad ARM devices and it works totally fine e.g. the problem doesn't exists unless you try to remove VLAN1. So bottom line tomato assumes the existence of a specific VLAN number, this sounds a bit of a restriction especially if you plan to have tomato talking to other vendors/networks where that VLAN might not exists.
  8. Elfew

    Elfew Network Guru Member

    Maybe a note about this issue/feature below the VLAN setting?
  9. rs232

    rs232 Network Guru Member

    I was hoping for a resolution at the code level, this to me is rather important.
    A note would just warn the user about a known bug...
  10. Elfew

    Elfew Network Guru Member

    I agree
  11. tvlz

    tvlz LI Guru Member

    Last edited: Jul 28, 2016
    rs232 likes this.
  12. rs232

    rs232 Network Guru Member

    Thanks for this!

    I currently have the default VLAN 1 and 2. I have uploaded and mounted, created VLAN "0" only (unassigned to anything), clicked save and got the following message:

    The field "manual_boot_nv" is invalid. Please report this problem

    Same issue if I assign VLAN 0 to e.g. the WAN
  13. tvlz

    tvlz LI Guru Member

    Should be fixed now.

    In the Notes section it mentions using VLAN 0 is not a good idea if you need tagging/trunking to work.
    rs232 likes this.
  14. koitsu

    koitsu Network Guru Member

    VLAN ID 0 is special per IEEE 802.1Q standard. VLAN ID 0 (VID=0) intentionally represents a frame without an actual VLAN ID but still support 802.1P priority (the 3-bit field called PCP; this is essentially Ethernet-level QoS, though it's technically CoS (Class of Service)). Cisco has a document describing this feature and it reads pretty easily (in English). I should note I have no idea what happens to the DEI bit, but I imagine it's honoured in this case (as it plays a role with PCP) and that Cisco's documentation accidentally omitted it.

    There's a further explanation of why VLAN 0 is special over here. This may help readers understand the purpose behind a packet/frame with 802.1Q header might need to not specify a VLAN (hence VID=0).

    I have no idea what TomatoUSB actually does with VLAN 0 (I do not use 802.1Q/VLANs with TomatoUSB, but have familiarity with VLANs on ProCurve managed switches).

    I'm a little surprised by any device that by default includes VLAN 0 in its VLAN list. That's either supposed to be "special" and someone didn't realise it, or it's "special" and someone did realise it but TomatoUSB doesn't. I simply don't know. Would Buffalo know? :)
    Monk E. Boy, PeterT and Elfew like this.
  15. rs232

    rs232 Network Guru Member


    Works like a charm!!!! many thanks :)
    I feel like I have been given freedom for the first time :cool:

    There's only one thing I have noticed so far: The GUI gives you an error if you don't have a VLAN ID for the WAN. e.g. from the above screen try to remove the 3rd line and you'll get:

    Cannot proceed: one VID must be assigned to WAN.

    This overall it's a good message and perhaps should be kept but perhaps as a warning only rather than a show stopper? It's just that in my specific case on this device I don't have a WAN as such and I refer to a LAN default gateway for external communication.

    Can the advanced-vlan.asp perform a control on the following option to decide whether to provide a WAN warning or not?


    Not 100% certain but this should be the relevant nvram variable:


    P.S. is the advanced-vlan.asp merged into any tomato repository e.g. Shibby?

    Last edited: Jul 23, 2016
  16. Elfew

    Elfew Network Guru Member

  17. rs232

    rs232 Network Guru Member

    tvlz solution works perfectly. e.g. you have complete freedom to set up any VLAN?trunk on any port (no GUI override). The other 2x points of mine are just potential improvements.
  18. tvlz

    tvlz LI Guru Member

    Should be updated in Shibby v138
    shibby20 likes this.
  19. Elfew

    Elfew Network Guru Member

    Tvlz what do you think about these improvements?
  20. tvlz

    tvlz LI Guru Member

    It will need some research to see if it is possible, just removing the GUI check won't work.
    Elfew likes this.
  21. Elfew

    Elfew Network Guru Member

    @tvlz anyway thank you for your contribution! Great job!
  22. tvlz

    tvlz LI Guru Member

    A simple test to see if the change is the problem, flash back to a version <v138 and do this & let me know the results.
  23. tvlz

    tvlz LI Guru Member

    If that change was the problem, a possible fix to the vlan reset problem with v138 is in the testing directory

    EDIT:The change was the problem testing a fix
    Last edited: Aug 10, 2016
  24. backloop

    backloop Network Newbie Member

    I am also having issues with VLAN configurations in shibby's version 138 firmware.

    On RT-N66U I have the following setup in V137 firmware and all is good :)
    After the upgrade to V138 (without clearing nvram) I have:

    If I try to set shibby's VLAN config from a few posts above in V138, I can set it
    but after saving (and the reboot) it has changed to:

    I had similar issues on a R7000 before I tried this N66U.
    What has changed from V137?
    Any more information I can provide that would be helpful?
  25. Elfew

    Elfew Network Guru Member

    First of all clean your nvram. Then config vlan again. Lets us knoe
  26. backloop

    backloop Network Newbie Member

    Ok. I switched to V138 on a R7000 and clearing the nvram the initial VLAN config is:
    I then set it to this and save it
    (the router reboots due to the change) and I get

    Any ideas?
  27. tvlz

    tvlz LI Guru Member

    If you want to test a fix you need to replace the advanced-vlan file as shown here, use the advanced-vlan file from the testing directory.

    EDIT:Seems to work so I moved them out of testing directory.

    Can you try the new advanced-vlan file in the testing directory on your MIPSR1 Buffalo WHR-HP-G54 router, I want to see if the changes work the same.
    Last edited: Aug 12, 2016
  28. backloop

    backloop Network Newbie Member

    That is the ticket for the R7000, every test I tried worked without issue.
    Thank you

    When I get a chance I'll try some tests on the N66 as well.
    crashnburn likes this.
  29. rs232

    rs232 Network Guru Member

    Sorry about the late replay.
    Ok, incidentally I am in a different country now and don't have local access to that device any more, however I have mounted the latest advanced-vlan-r1.asp remotely, created a new vlan and added it to an existing trunk (less risky operation), rebooted and can see the operation was successfull and router to router communication still operational. I have finally removed the VLAN an re-rebooted and everything seems to be working fine.

    One thing I'm not able to test though, which I suppose is a must do: it's the removal of vlan0 from this MIPS1 device as the default behaviour is to recreate it if missing.
  30. tvlz

    tvlz LI Guru Member

    No problem, I looked over the code and it should be fixed now.

    Tomato throws a fit if you don't have WAN listed, requiring a nvram reset, so it doesn't look to easily done/worth the time it would take, if it is possible.
  31. Joel Goldwein

    Joel Goldwein New Member Member

    Just wanted to thank you for working on this. FYI, it (see second part of message #24) is also an issue for RT-AC66U in V138. Hope you post V139 soon :)

  32. franzk

    franzk New Member Member

    About vlan setup problem on v138, please check my quick fix for v138:

    From command line or via browser "Execute System Commands":

    nvram set manual_boot_nv=1
    nvram commit

    Now setup VLAN, after reboot check if it helps.

    crashnburn likes this.
  33. Joel Goldwein

    Joel Goldwein New Member Member

    Thanks so much - that did the trick!
  34. tvlz

    tvlz LI Guru Member

    That works too

    I needed to get the VLAN page fixed & tested before the next release that's why I didn't just tell people to set those.
    Now that the vlan page is fixed & tested, use those commands if you want.
    crashnburn likes this.
  35. Joel Goldwein

    Joel Goldwein New Member Member

    I think I may have spoken to soon re "... that did the trick". I had to set my RT-AC66U v138 back to single WLAN mode. When I have two WLANS, there does not seem to be internet access even though the VLAN page is fixed and appears correct. Any other great ideas?
    Last edited: Aug 26, 2016
  36. tvlz

    tvlz LI Guru Member

    I assume your talking about setting up multi-wans?
    I know nothing about that, you should probably start a new thread about it.
  37. Robby

    Robby Reformed Router Member

    Nobody seems to have reported the specific issue I'm having, but for me the VLAN page won't even show anything at all (basically a blank page), only the Save and Cancel buttons are shown. I have a Linksys E3200 running AdvancedTomato 3.3-138.

    I have applied the fix described in this post and that has fixed the issue. The VLAN page now loads and shows the VLAN settings. Thanks tvlz.
  38. bltoby

    bltoby Reformed Router Member

    this helped, Thanks.
  39. snakeaj

    snakeaj New Member Member

    nvram set manual_boot_nv=1
    nvram commit

    thank you! helped for me!
  40. rs232

    rs232 Network Guru Member

    Thanks for this, but what does this do/achieve precisely?

    crashnburn likes this.
  41. koitsu

    koitsu Network Guru Member

    crashnburn and rs232 like this.
  42. BigTomato

    BigTomato New Member Member

    Shibby I confirm as Joel said above that

    "nvram set manual_boot_nv=1
    nvram commit"

    fixes the GUI part of the VLAN page but DOES NOT fix the issue. The ports are not assigned to the desired LAN. I have downgraded to 136 and all works now. There is something you changed after 136 that causes the issue.
  43. gff1stof3

    gff1stof3 New Member Member

    I have what I thought was a VLAN issue when trying to configure MultiWAN using 138/VPN on an RT-AC66U and can also confirm "nvram set manual_boot_nv=1, nvram commit" fixes the GUI but does NOT fix MultiWAN.

    After finding this fix however, I am not sure the MultiWAN issue I am having is VLAN related. To clarify I set up a third VLAN and assigned it to WAN2 but did NOT assign it to a LAN port. I left all other VLAN's just like the defaults. When the router is configured for single WAN it works perfectly with that VLAN configuration and survives reboots. Now if under the MultWAN config I select 2 WAN's and set the second one to disabled you would expect the router to continue working. And it appears that it is however I have no access to the internet from any client PC's.

    Will try downgrading to 136 and post any useful results.
    crashnburn likes this.
  44. tvlz

    tvlz LI Guru Member

  45. BigTomato

    BigTomato New Member Member

    Hi tvlz
    I have an Asus RT-N66U and the port order seems to be correct. Also I do not have the error "unknown port mapping using default". It is just on the advanced VLAN page the new assignments will not stick after reboot. If I apply the "nvram set manual_boot_nv=1, nvram commit" they will stick on the GUI but not in reality as the ports will not work.

    And just to be certain I set port 1 to LAN (br0) and set ports 2,3,4 to LAN1 (br1). If it was a simple port reordering issue it would not matter in my case. I did not even try this with MultiWan just to keep things simple.

    As I said above everything works fine now after downgrading to 136.
    crashnburn likes this.
  46. Sadmam

    Sadmam New Member Member

    Hey all,

    I also add the same problem on V138 on a Asus RT-N66U.
    Previously I was on V128... I didn't saw the need to upgrade to a multi-wan version since I did'n used it... but V128 was getting pretty dated so installed the latest version... Witch ended up being a problem...
    As for suggestion on this post I'm currently on V136, and working ok.

    So thanks for the solution.

    Keep up the good work.
  47. crashnburn

    crashnburn LI Guru Member

    I went through the thread and there's a lot of experiments and things that have been tried out. But what's the conclusion (Atleast for me - which/ what works and what should I try now)?

    - will this be fixed in 139?
    - should I try the many experimental fixes suggested on that thread on my 138?
    - or just go down to 136 for now?

    PS : I just want a basic 2 wan working on my rt-n16 and I am unable to even get ports to leave the defaul VLAN. - Which of the above do you suggest?

    Details posted here:

    @Lorenceo @shibby20 @rs232 - Thoughts on what steps to take?

    Via iPhone Tapatalk
  48. Sadmam

    Sadmam New Member Member

    I don't use dual WAN... but everything else is working just fine on 136, so I downgraded to this version .
    Its been a while since 138 got out, maybe this VLAN bug gets fixed on 139.
  49. wmckin7

    wmckin7 New Member Member

    The nvram script did not work on my R7000 running v138 Any Idea when 139 will be out and if it will fix this issue?
  50. Sadmam

    Sadmam New Member Member

    Hey all,

    Using v140 and all seems ok.

    Thanks @shibby20
  51. kthaddock

    kthaddock Network Guru Member

  52. dingmel

    dingmel LI Guru Member

    Upgraded to v140, am still having the problem listed above. on a AC66U. has anyone managed to get dual wans working?
  53. Sadmam

    Sadmam New Member Member


    Srr for the delay...

    My router is Asus RT-N66U, on V40 no problem whatsoever.
  54. dingmel

    dingmel LI Guru Member

    Thanks for the reply bro. How did you get yours working? My WAN2 fails to get an IP address, despite DHCP being enabled on the source. Also, with 2 Wans enabled, there is no internet on clients, despite WAN1 being connected.
  55. Sadmam

    Sadmam New Member Member

    I don't use dual WAN... Sorry... just single WAN here... my problem was with the VLANS getting resetted on boot.
    I think other people here use it that way... maybe they can say something.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice