using tomato, lan + vlan on two routers

Discussion in 'Tomato Firmware' started by twe4k, Jul 27, 2012.

  1. twe4k

    twe4k Serious Server Member


    I just bought a second asus router in order to get a better reception throughout the house. I'm now using Asus RT-N16 as the main router, plugged into the modem and with the DHCP server enabled and Asus WL-520GU as a WAP, both have shibby tomatousb v1.28 installed.

    Configuring the LAN all worked perfectly, I now have one comon ssid and devices switch to whichever has the strongest signal. I also added a VLAN for guests on the RT-N16 and this also works without problems. The issue is, I don't know how to proceed to add a VLAN on the WL-520... it looks like because DHCP is disabled for LAN it's also not working for the VLAN, and I don't know how to associate the VLAN of the second router to the VLAN of the first, in order to use the other DHCP server...

    Anyone know if this is possible ?

    Here's a little schematic to help illustrate my situation

    GATEWAY ---------ethernet--------- ROUTER
    wifi []..................................wifi
    wifi(guest) []...................wifi(guest)

    wifi(guest) on the WL-520GU doesn't work... when I try connecting to it I can't get an IP.

    thank you for your help !
  2. twe4k

    twe4k Serious Server Member

    So... I'm bumping this in hopes of getting some help
    I've been trying this on and off ever since the original post and I still haven't gotten it to work properly.

    In hopes of getting more stability and chances more on my side, I now installed a Toasman build on my WL-520GU (v1.28.7633 .3-Toastman-VLAN-IPT-ND ND USB Lite).

    I also tried simply enabling the DHCP server on br1 of the WAP but it still doesn't work... a device connecting to it gets assigned an IP but has no WAN access.
    After playing more around I think that 801.q tagging could be a way to do it but I gave it a try to no avail.

    Basically, if anyone with more networking knowledge could help me out here it would be very appreciated :)
  3. gfunkdave

    gfunkdave LI Guru Member

    You have to make sure you install a VLAN-compatible build of Tomato on both the main router and the WAP.

    On the router, set up two VLANs on different subnets. Set up two wifi networks (different SSIDs), and bridge your guest wifi to your guest VLAN, and your regular wifi to your regular VLAN. I think you've done this all already.

    On the WAP, set up two matching VLANs on the same subnets as on your router. Give the WAP an IP on each VLAN that is unique on each VLAN. Turn off DHCP and DNSMasq on the WAP.

    Then (this may be what you missed), ensure that the ports into which is plugged the cable connecting the WAP and the router are set as trunked and carrying traffic for both VLANs.
    twe4k likes this.
  4. twe4k

    twe4k Serious Server Member

    thank you for your help !

    I have done the first two parts but now I'm not so sure for the part about setting the ports as trunked and carrying traffic for both VLANs ...
    here is the VLAN page from the router followed by the one from the WAP, should these settings be correct ? considering the WAN port of the router WAP is plugged into my router's Port 1

    also to note that the router is not directly connected to the WAP as it goes through a switch before that ...

  5. gfunkdave

    gfunkdave LI Guru Member

    This looks largely correct. It could be a few things.

    Since you have the AP connected to the network via its WAN port, ensure the WAN port is bridged to the LAN. If it is, then try plugging into a different port on your AP .

    But I suspect the real problem is your switch. Try directly connecting the two routers without the switch between them. Even if it is a switch that understands VLAN tagging, it might not work quite right with Tomato. I had a similar problem trying to get a Cisco smart switch to talk to Tomato and respect Tomato's VLAN tagging. All issues went away when I directly connected the two Tomato routers.
    twe4k likes this.
  6. twe4k

    twe4k Serious Server Member

    thank you SOOOOO much :D

    finally got everything to work perfectly !

    turns out, most of my problems come from the fact that the port layout written on the wl-520gu differ from the one in tomato... I wrote the real in red ports underneath:


    but now everything is working exactly as I intended
  7. gfunkdave

    gfunkdave LI Guru Member

    Very weird. How did you figure that out?

    So the switch between the routers doesn't cause problems after all?

    Glad it's working.
  8. twe4k

    twe4k Serious Server Member

    Yeah weird indeed, I suspected it because I read about other routers having similar issues, but I didn't think the wan and Port 4 would also be inverted...

    I found the correct layout by good old trial and error, creating 2 separate vlans, one with and the other without dhcp and putting the each port individually in the vlan without dhcp and connecting my computer to the ports to find out which one corresponded.

    As for the switch, it's now connected on a different port and the WAP is directly on the router, I haven't tried going through the switch yet, I'm just glad everything is working :p
  9. SteveF

    SteveF Serious Server Member

    Hi twe4k,

    I have the same router with the following setup on VLAN:

    LAN(br0): ports 1-3, WAN port, no tagging (wired only)
    WAN: port 4, no tagging
    LAN1(br1): no port selected (wireless only VLAN)

    Everything works except some ping function:

    1. I can NOT ping client 2 from client 1 both on LAN(br0) - I should be able to ping from either to the other
    2. I CAN ping client 3 on LAN1(br1) from client 1 on LAN(br0) - According to my understanding this should not happen

    Did you check the ping functions with your router setup?

    Thanks for your response in advance.

  10. twe4k

    twe4k Serious Server Member

    Hi Steve, sorry for the very late reply but I finally got some time to quickly test this

    here's my setup for the tests I did:
    Ports 1(tagged), 2, 3 on LAN
    Ports 1(tagged), 4 on LAN1

    client 1 on LAN (br0) wired
    client 2 on LAN (br0) wireless
    client 3 on LAN1 (br1) wireless

    I was able to ping from client 1 to client 2 AND client 3
    I was able to ping from client 2 to client 1
    I was unable to ping from client 3 to client 1

    did you check the advanced > LAN Access page ? (mine is set to have access to LAN1 from LAN only)

    hope this helps...
  11. SteveF

    SteveF Serious Server Member

    Hi twe4k, indeed your reply helps and it is consistent with your LAN Access page definition, that is, access to LAN1 from LAN (you have forward access from LAN to LAN1 but not backward access from LAN1 to LAN)

    Regarding this situation:

    <<1. I can NOT ping client 2 from client 1 both on LAN(br0) - I should be able to ping from either to the other>>

    I found out that the ping was disabled in both client 1 and client 2 (both of them have Windows 7) since the default out of the box for Windows 7 is disabled ping so that was the reason that I could ping between the two of them.On my LAN Access page no access is programmed between the two LANs either way.

    I am OK, no outstanding issues for me now. The Asus WL-520GU is solid like a rock, in fact, I just bought a used Linksys WRT54G router and I find it more temperamental than the Asus. One other thing I found: the Linksys router seems to be able to have only one Virtual Wireless while the Asus WL-52GU can have four.

    I use the following versions:

    Asus WL-520GU: tomato-ND-1.28.7633.3-Toastman-VLAN-IPT-ND-Std.bin
    Linksys WRT54G: tomato-WRT54G_WRT54GL-1.28.7633.3-Toastman-VLAN-IPT-ND-Std.bin

    The two version seems identical in terms of functionality other than the aforementioned Virtual Wireless capability differences.

    By the way, what does tagging do?

    Thanks for your response.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice