I'm using RMerlin's 220.127.116.11.246.20 Merlin build software on my new RT-AC66U, and playing around with trying to get VLANs working.
What I want to do is:
WAN - Internet access, untagged
LAN 1, 2, 3, wifi - VLAN A, bridged together (ala fairly normal)
LAN 4 - VLAN B
I'm wanting separate address pools on VLAN A and VLAN B, plus needing some specialized NAT configuration. I'm very familiar with Linux in general (so have no problems building the route rules, iptables configs, etc.)
My problem is getting the Broadcom switch onboard to actually do the VLAN setup.
I've been poking at the robocfg utility, however it seems to be just slightly incompatible with the newer BCM53125 chipset that's onboard the RT-AC66U - it doesn't quite do VLAN configuration correctly (it looks like the tagging method is getting changed from 802.1Q to something else) and can't even reset the stock settings correctly (comparing robocfg dump before and after - there's a few registers different in page 0x05 - and afterwards no traffic is flowing correctly across the LAN ports).
I've looked through the init-broadcom.c source code as part of the firmware, and it is doing VLAN configuration with 'et robowr' calls and not using robocfg.
I don't doubt I'll figure this out eventually with a combination of the source code to the driver and init-broadcom.c, but before I burn a lot of time to do so, I figured I'd ask if anyone here has gotten this to successfully work (either a newer version of robocfg, or some example scripts using 'et robowr' to do it)?
Alright, so after reading some source code and a little poking, here's a little info on how to do this. I'm fairly sure this is the ugly, brutish way, but it worked for what I needed.
Keep in mind internally you apparently can only use up to VLAN ID 16 (I see warnings about that in the source) - I didn't care for my purpose, so didn't see if there was a way around this.
To set up the switching portion takes four commands:
Set the VLAN ID you want to modify in page 0x05, register 0x81, in hex. So for VLAN 3:
et robowr 0x05 0x81 0x03
Set a bit flag specifying what ports to have in this VLAN in page 0x05, register 0x083, and if they are untagged. There are 18 bits in this - one for each of the 8 ports on the chip (remember port 0 is your WAN port, ports 1-4 are your LAN ports, and port 8 is the CPU aka eth0). The most significant 9 bits get a 1 if that port is untagged (going from 8 at MSB to 0 at LSB), then the least significant 9 bits get a 1 if that port is joined to the VLAN. For my example, I want port 4 untagged and port 8 tagged:
et robowr 0x05 0x83 0x02110
(02110 = ..00 0010 0001 0001 0000, or (..87 6543 210) (8 7654 3210) with first grouping marking untagged and second marking membership
Trigger the write. This takes two calls:
et robowr 0x05 0x80 0x0000
et robowr 0x05 0x80 0x0080
Set the VLAN untagged frames coming in on a port are assigned to by default in page 0x34, register 0x10+(2*portNumber). You need to set this for every untagged port you change.. For my port 4 to go into VLAN 3:
et robowr 0x34 0x18 0x03
After doing this and resetting all VLANs, I was able to add VLAN 3 to eth0 and set it up:
vconfig add eth0 3
ifconfig vlan3 192.168.20.1 netmask 255.255.255.0 up
As a note, "robocfg show" *does* show the correct information, but its VLAN set capability doesn't work (I'm guessing it's using the old set of registers for doing VLAN sets - they changed them in 53115 it looks like).
Hopefully a bit of info to help folks out. I've been experimenting a fair bit and haven't blown anything up (had to reboot a couple times though), but of course I'm not liable if you turn your router into a steaming pile of slag somehow
So, putting a few more pieces together, and using Merlins scripting abilities, here's what I have in /jffs/scripts/services-start (obviously I need to do some fine tuning and such, but this at least gets everything I care about working):
Very interested in VLAN capability, as well. I don't have an AC66U yet, but if VLANs can be accommodated (both port-based and trunking), either in stock firmware or an upgrade such as Merlin's version or DD-WRT, I'll be a happy camper.
In my case, I'll need to bridge together tagged VLANs 1 & 2 coming in through one LAN port for common internet access.
Last edited by JVWilliams; 12-06-2012 at 10:33 AM.
Thanks for posting your discoveries here. With this information I was able to make my router do nearly everything I needed - I've got 4 VLANs being routed through the switch in this router, and everything switch-wise is working perfectly.
I tried to get a separate guest network with robocfg. Didn't work for me. Perhaps I did something wrong, but using Your et commands made my ac66u run like I wanted it to. I connected my pfSense to VLAN3 and VLAN1 to a switch with the rest of my home network. By doing so I could control the access to my home network by dropping unwanted frame with ebtables:
ebtables -D FORWARD 1
ebtables -D FORWARD 1
ebtables -I FORWARD -o wl0.1 -i eth2 -j DROP
ebtables -I FORWARD -o wl0.1 -i eth1 -j DROP
ebtables -I FORWARD -o eth1 -i wl0.1 -j DROP
ebtables -I FORWARD -o eth2 -i wl0.1 -j DROP
ebtables -I FORWARD -o vlan1 -i wl0.1 -j DROP
ebtables -I FORWARD -o wl0.1 -i vlan1 -j DROP
I am using the GUI to setup one guest WLAN. I put this code into the services-start script.
My configuration: ac66u in wireless router mode but using as AP, pfsense connected to lan3, switch connected to lan 1, firmware 18.104.22.168.374.35_2, changed resolv.conf for nameserver pfsense and added a default route to the pfsense