VLAN pass through

Discussion in 'Tomato Firmware' started by Brilosoft, Jul 30, 2018.

  1. Brilosoft

    Brilosoft Network Newbie Member

    Hi all,

    I'm a long time Tomato user on a wide selection of routers dating back to my WRT54g (what a legend), I'm currently running FreshTomato on 2 rt-ac56u's which are part of a larger network. My specific question is regarding Vlans which is something I've not worked, now I only really need the ac56u's to allow all vlan traffic to pass through, the management network is untagged but I need to pass vlans 30 and 50 through the ac56u's untouched.

    Is this possible?

    If so how? Apologies if I've missed this topic but mainly the vlan topics are about setting up a vlan for guest wifi separation.

    Thanks in advanced for the help

    Brilo
     
  2. Sean B.

    Sean B. LI Guru Member

    How are these different VLANs connected to the 56u? Each on their own cable/port? Or are they trunked through a single cable/port?
     
  3. Brilosoft

    Brilosoft Network Newbie Member

    They will be trunking in both vlans eg in port 1 out port 4 and vice versa, at some point I might want to tag a specific port at a later date but that's another bridge to cross at a later date.

    Sorry I didn't put that in the original post.

    Brilo
     
  4. Sean B.

    Sean B. LI Guru Member

    Are any client computers/devices connected to the 56u going to be placed inside any of those VLANs? If not, where does this "pass through" setup fit into the network topology? IE: Is the 56u a node in the path to the WAN, or another network etc?
     
  5. Brilosoft

    Brilosoft Network Newbie Member

    OK so basic topology is that the 56u's are mid points within the entire system thus the need to pass vlans through.

    Code:
     { Primary router }- - - -{ General switch }- - - - -{ 1st 56u }- - - -{ 2nd 56u }- - - -{ Unifi Switch }- - - -{ Unifi AP} 
    The unifi ap & switch tags certain wifi clients and devices with the selected vlans (30 & 50) it works fine elsewhere in the network but when I tried passing through the 56u's it fails(this was using Merlin Firmware).

    Brilo
     
  6. Sean B.

    Sean B. LI Guru Member

    Upfront note: This may very well not be doable. SOHO routers do not go as deep in VLAN functionality as commercial grade switches/routers. VLAN support is rooted in both the hardware and software levels, so even with 3rd party firmware that extensively opens control of the router, the hardware may simply not match the task. For instance, I'm not terribly confident VLAN ID's 30 & 50 will be supported. So understand this is a "best effort" concept.

    For clarity of the example, I'm going to fill in some blanks about your network, so keep in mind these will need to be changed accordingly:

    This will be the "2nd 56u" as shown in your flowchart:

    1. The untagged management VLAN will be described as being in the 192.168.1.0/24 (255.255.255.0) subnet. Will use the IP of 192.168.1.1 for ease, however any available IP address within the subnet can be used.

    2: VLAN 30 will be described as being in the 192.168.2.0/24 (255.255.255.0) subnet. Will use the IP of 192.168.2.1 for ease, however any available IP address within the subnet can be used.

    3: VLAN 50 will be described as being in the 192.168.3.0/24 (255.255.255.0) subnet. Will use the IP of 192.168.3.1 for ease, however any available IP address within the subnet can be used.

    4: LAN port #1 will be connected to the Unifi switch.

    5: LAN port #4 will be connected to the "1st 56u".

    ------------------------------

    Web interface:
    • Basic->Network - WAN
      • Type = disabled
    • Basic->Network - LAN
      • Bridge br0:
        • IP address = 192.168.1.1
        • Netmask = 255.255.255.0
        • DHCP = disabled
      • Bridge br1:
        • IP address = 192.168.2.1
        • Netmask = 255.255.255.0
        • DHCP = disabled
      • Bridge br2:
        • IP address = 192.168.3.1
        • Netmask = 255.255.255.0
        • DHCP = disabled
    • Default gateway = 192.168.1.2 (see "1st 56u" configuration)
    • DNS = DNS servers of your choice

    • Advanced->VLAN
      • VLAN1
        • VID = leave default ( unless management VLAN is using a specific ID )
        • Ports = 1 , 4
        • Tagged = none ( see note below )
        • Default = yes
        • Bridge = br0
      • VLAN2
        • Do not change
      • VLAN3
        • VID = 30
        • Ports = 1 , 4
        • Tagged = 1 , 4
        • Bridge = br1
      • VLAN4
        • VID = 50
        • Ports = 1 , 4
        • Tagged = 1 , 4
        • Bridge = br2
    Tomato may not allow ports that are part of other VLANS to be a part of VLAN1 without being tagged. If this is this case, we will have to do so manually ( can be automated via scripts ), let me know and I'll provide instructions.

    --------------------------------------------

    The "1st 56u" configuration will be identical, except for the IP addresses for the 3 bridges, what is connected to ports 1 and 4, and the Default gateway IP. As stated before, change IP addresses and port #'s to match your network.

    Br0 = 192.168.1.2

    Br1 = 192.168.2.2

    Br2 = 192.168.3.2

    Default Gateway IP = IP address associated to the appropriate "next hop" upstream node.

    Port #1 = Connected to "2nd 56u"

    Port #4 = Connected to "General switch"

    --------------------------------------------

    Let me know how it goes, and as much detail as you can on any issues.
     
  7. Brilosoft

    Brilosoft Network Newbie Member

    Thanks for all the info Sean, I will let you know how it goes but I'm not on site for a few days.

    Thanks again
     
  8. Brilosoft

    Brilosoft Network Newbie Member

    Right an update on this, apologies for taking so long but its school holidays here in the UK so family life has be delaying my network updating.

    So yesterday I finally got sometime to add the VLAN 50 which is for segregating my in-laws cottage guests from the rest of the network.

    I had tried this previously with only part working, the AP's tagging data traffic would work as long as the where on the section on the network no passing through the rt-AC56u's.

    Thankfully with Sean B directions I now have the other three AP's now tagging and passing traffic perfectly, when I had attempted it before any clients attempting to get an IP from the 3 AP's who's traffic passed though the rt-AC56u's would fail to get an IP or have any net access.

    Before I had done a far more basic Topo for our network but took sometime to get that updated so here is far clear Topo its not 100% accurate so few bits to adjust but about 90% right.

    Many Thanks again Sean

    Just the VLAN 30 to enable next and a few other ideas I need to think thought and possible post again about.

    James Topo.jpg
     
    Sean B. likes this.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice