SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Wireless Networking > ASUS Wireless > ASUS AC Routers & Adapters

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 11-30-2012, 06:18 PM
Blargh Blargh is offline
New Member
 
Join Date: Nov 2012
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Blargh is just starting out
Default VLAN Configuration

Good afternoon,

I'm using RMerlin's 3.0.0.4.246.20 Merlin build software on my new RT-AC66U, and playing around with trying to get VLANs working.

What I want to do is:
WAN - Internet access, untagged
LAN 1, 2, 3, wifi - VLAN A, bridged together (ala fairly normal)
LAN 4 - VLAN B

I'm wanting separate address pools on VLAN A and VLAN B, plus needing some specialized NAT configuration. I'm very familiar with Linux in general (so have no problems building the route rules, iptables configs, etc.)

My problem is getting the Broadcom switch onboard to actually do the VLAN setup.

I've been poking at the robocfg utility, however it seems to be just slightly incompatible with the newer BCM53125 chipset that's onboard the RT-AC66U - it doesn't quite do VLAN configuration correctly (it looks like the tagging method is getting changed from 802.1Q to something else) and can't even reset the stock settings correctly (comparing robocfg dump before and after - there's a few registers different in page 0x05 - and afterwards no traffic is flowing correctly across the LAN ports).

I've looked through the init-broadcom.c source code as part of the firmware, and it is doing VLAN configuration with 'et robowr' calls and not using robocfg.

I don't doubt I'll figure this out eventually with a combination of the source code to the driver and init-broadcom.c, but before I burn a lot of time to do so, I figured I'd ask if anyone here has gotten this to successfully work (either a newer version of robocfg, or some example scripts using 'et robowr' to do it)?

Last edited by Blargh; 11-30-2012 at 06:29 PM.
Reply With Quote
  #2  
Old 11-30-2012, 10:40 PM
Blargh Blargh is offline
New Member
 
Join Date: Nov 2012
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Blargh is just starting out
Default

Alright, so after reading some source code and a little poking, here's a little info on how to do this. I'm fairly sure this is the ugly, brutish way, but it worked for what I needed.

Keep in mind internally you apparently can only use up to VLAN ID 16 (I see warnings about that in the source) - I didn't care for my purpose, so didn't see if there was a way around this.

To set up the switching portion takes four commands:
  1. Set the VLAN ID you want to modify in page 0x05, register 0x81, in hex. So for VLAN 3:
    et robowr 0x05 0x81 0x03
  2. Set a bit flag specifying what ports to have in this VLAN in page 0x05, register 0x083, and if they are untagged. There are 18 bits in this - one for each of the 8 ports on the chip (remember port 0 is your WAN port, ports 1-4 are your LAN ports, and port 8 is the CPU aka eth0). The most significant 9 bits get a 1 if that port is untagged (going from 8 at MSB to 0 at LSB), then the least significant 9 bits get a 1 if that port is joined to the VLAN. For my example, I want port 4 untagged and port 8 tagged:
    et robowr 0x05 0x83 0x02110
    (02110 = ..00 0010 0001 0001 0000, or (..87 6543 210) (8 7654 3210) with first grouping marking untagged and second marking membership
  3. Trigger the write. This takes two calls:
    et robowr 0x05 0x80 0x0000
    et robowr 0x05 0x80 0x0080
  4. Set the VLAN untagged frames coming in on a port are assigned to by default in page 0x34, register 0x10+(2*portNumber). You need to set this for every untagged port you change.. For my port 4 to go into VLAN 3:
    et robowr 0x34 0x18 0x03

After doing this and resetting all VLANs, I was able to add VLAN 3 to eth0 and set it up:

vconfig add eth0 3
ifconfig vlan3 192.168.20.1 netmask 255.255.255.0 up

As a note, "robocfg show" *does* show the correct information, but its VLAN set capability doesn't work (I'm guessing it's using the old set of registers for doing VLAN sets - they changed them in 53115 it looks like).

Hopefully a bit of info to help folks out. I've been experimenting a fair bit and haven't blown anything up (had to reboot a couple times though), but of course I'm not liable if you turn your router into a steaming pile of slag somehow
Reply With Quote
  #3  
Old 11-30-2012, 11:03 PM
Blargh Blargh is offline
New Member
 
Join Date: Nov 2012
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Blargh is just starting out
Default

One thing I haven't quite figured out - it LOOKS like the et command's robowr option only allows up to 16 bits, so how to mark port 8 (the CPU) untagged is a bit of a mystery through that interface.
Reply With Quote
  #4  
Old 12-01-2012, 12:22 AM
Blargh Blargh is offline
New Member
 
Join Date: Nov 2012
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Blargh is just starting out
Default

So, putting a few more pieces together, and using Merlins scripting abilities, here's what I have in /jffs/scripts/services-start (obviously I need to do some fine tuning and such, but this at least gets everything I care about working):

#!/bin/sh

# 0x83 format:
# Untag? Ports
# (87 6543 2108 7654 3210)

# Remove ports 3 and 4 from VLAN 1
et robowr 0x05 0x81 0x01
et robowr 0x05 0x83 0x0D06
et robowr 0x05 0x80 0x0000
et robowr 0x05 0x80 0x0080
# Create VLAN 3 with port 3 untagged and port 8 tagged
et robowr 0x05 0x81 0x03
et robowr 0x05 0x83 0x1108
et robowr 0x05 0x80 0x0000
et robowr 0x05 0x80 0x0080
# Set port 3's default VLAN to 3
et robowr 0x34 0x16 0x03
# Create VLAN 4 with port 4 untagged and port 8 tagged
et robowr 0x05 0x81 0x04
et robowr 0x05 0x83 0x2110
et robowr 0x05 0x80 0x0000
et robowr 0x05 0x80 0x0080
# Set port 4's default VLAN to 4
et robowr 0x34 0x18 0x04
# Create the interfaces
vconfig add eth0 3
ifconfig vlan3 XXX.XXX.XXX.XXX netmask 255.255.255.248 up
vconfig add eth0 4
ifconfig vlan4 XXX.XXX.XXX.XXX netmask 255.255.255.248 up
# We allow these two VLANs to do whatever they want
iptables -I INPUT 1 -i vlan3 -j ACCEPT
iptables -I INPUT 1 -i vlan4 -j ACCEPT
iptables -I FORWARD 1 -i eth0 -o vlan3 -j ACCEPT
iptables -I FORWARD 1 -i eth0 -o vlan4 -j ACCEPT
iptables -I FORWARD 1 -i vlan3 -o eth0 -j ACCEPT
iptables -I FORWARD 1 -i vlan4 -o eth0 -j ACCEPT
ip6tables -I INPUT 1 -i vlan3 -j ACCEPT
ip6tables -I INPUT 1 -i vlan4 -j ACCEPT
ip6tables -I FORWARD 1 -i v6in4 -o vlan3 -j ACCEPT
ip6tables -I FORWARD 1 -i v6in4 -o vlan4 -j ACCEPT
ip6tables -I FORWARD 1 -i vlan3 -o v6in4 -j ACCEPT
ip6tables -I FORWARD 1 -i vlan4 -o v6in4 -j ACCEPT
ip addr add 2001:470:XXXX:XXXX::1/64 dev vlan3
ip addr add 2001:470:XXXX:XXXX::1/64 dev vlan4


And also, in /jffs/configs/radvd.conf.add:

interface vlan3
{
IgnoreIfMissing on;
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;
AdvManagedFlag off;
AdvOtherConfigFlag on;
AdvLinkMTU 1480;
prefix 2001:470:XXXX:XXXX::/64
{
AdvOnLink on;
AdvAutonomous on;
};
RDNSS 2001:4860:4860::8888 2001:4860:4860::8844 {};
};

interface vlan4
{
IgnoreIfMissing on;
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;
AdvManagedFlag off;
AdvOtherConfigFlag on;
AdvLinkMTU 1480;
prefix 2001:470:XXXX:XXXX::/64
{
AdvOnLink on;
AdvAutonomous on;
};
RDNSS 2001:4860:4860::8888 2001:4860:4860::8844 {};
};
Reply With Quote
  #5  
Old 12-06-2012, 09:29 AM
JVWilliams JVWilliams is offline
New Member
 
Join Date: Dec 2012
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
JVWilliams is just starting out
Default

Very interested in VLAN capability, as well. I don't have an AC66U yet, but if VLANs can be accommodated (both port-based and trunking), either in stock firmware or an upgrade such as Merlin's version or DD-WRT, I'll be a happy camper.

In my case, I'll need to bridge together tagged VLANs 1 & 2 coming in through one LAN port for common internet access.

Last edited by JVWilliams; 12-06-2012 at 09:33 AM.
Reply With Quote
  #6  
Old 08-15-2013, 01:56 AM
benklop benklop is offline
New Member
 
Join Date: Aug 2013
Posts: 3
Thanks: 1
Thanked 1 Time in 1 Post
benklop is just starting out
Default These instuctions helped me a lot

Thanks for posting your discoveries here. With this information I was able to make my router do nearly everything I needed - I've got 4 VLANs being routed through the switch in this router, and everything switch-wise is working perfectly.

I've posted deatils about my setup based on yours here: http://forums.smallnetbuilder.com/sh...ad.php?t=12281

I'm having a few problems with bridging wireless interfaces to VLANs, however.
Reply With Quote
  #7  
Old 12-02-2013, 07:14 AM
compipark compipark is offline
New Member
 
Join Date: Sep 2013
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
compipark is just starting out
Default Thanks for Your post

I tried to get a separate guest network with robocfg. Didn't work for me. Perhaps I did something wrong, but using Your et commands made my ac66u run like I wanted it to. I connected my pfSense to VLAN3 and VLAN1 to a switch with the rest of my home network. By doing so I could control the access to my home network by dropping unwanted frame with ebtables:
ebtables -D FORWARD 1
ebtables -D FORWARD 1
ebtables -I FORWARD -o wl0.1 -i eth2 -j DROP
ebtables -I FORWARD -o wl0.1 -i eth1 -j DROP
ebtables -I FORWARD -o eth1 -i wl0.1 -j DROP
ebtables -I FORWARD -o eth2 -i wl0.1 -j DROP
ebtables -I FORWARD -o vlan1 -i wl0.1 -j DROP
ebtables -I FORWARD -o wl0.1 -i vlan1 -j DROP
I am using the GUI to setup one guest WLAN. I put this code into the services-start script.

My configuration: ac66u in wireless router mode but using as AP, pfsense connected to lan3, switch connected to lan 1, firmware 3.0.0.4.374.35_2, changed resolv.conf for nameserver pfsense and added a default route to the pfsense
CP

Last edited by compipark; 12-02-2013 at 07:47 AM.
Reply With Quote
Reply

Tags
vlan

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 09:42 PM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  457
stevech  194
sm00thpapa  181
azazel1024  180
KGB7  159
philmiami  92
jim769  83
microchip  82
htismaqe  77
AcostaJA  74
RMerlin  5185
stevech  315
ryzhov_al  259
TeHashX  212
RogerSC  187
L&LD  186
joegreat  123
jlake  122
sinshiva  118
sfx2000  112
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  32602
Old Switched...  9144
Old NEW RT-AC68R...  8497
Old ASUS...  7815
Old ASUS...  7544
Old 3.0.0.4.376.1...  7140
Old ASUS RT-AC87...  5159
Old ASUS RTAC68U...  4086
Old ASUS...  3986
Old Netgear...  3867
Old Asuswrt-Merli...  285
Old ASUS...  91
Old Overclock...  75
Old [Q] How to...  73
Old Switched...  66
Old NEW RT-AC68R...  57
Old N66U daily...  47
Old How many of...  45
Old ASUS...  45
Old ASUS...  44


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.