dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
14918

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

dennismurphy to philow

Premium Member

to philow

Re: VLAN configuration on MI424WR Gen 3 Rev. I

OK, so here's where I'm at. I'm SO close.

I've got 2 VLAN's configured (default VLAN 1, and a separate VLAN 10.)

VLAN 1 has a DHCP scope of 172.16.0.0/24, and VLAN 10 has 10.0.0.0/24.

Both work to some degree.

VLAN 1 operates as normal - hands out a 172.16.0.x address, connects to WAN, life is good.

VLAN 10 hands out a 10.0.0.x address, but that's it... can't get anywhere from there. Clients in VLAN 10 can't even talk to the 10.0.0.2 I have plumbed up

How in the frack do I add actual routes to this thing from the command line? The GUI is a pain in the ass!

Wireless Broadband Router> net ifconfig
Device br0 (0x415760) -
type=40(Bridge)state=running
changed=0 is_sync=1 has_ip=1 metric=4 MTU=1500 max_mss=1460 MAC=00:7f:28:xx:xx:aa
depend_on_list=ath0(0x415e88), eth0(0x415948)
next=eth0(0x415948)
ip=172.16.0.1,netmask=255.255.255.0
 
Device eth0 (0x415948) -
type=111(Hardware Ethernet Switch)state=running
changed=0 is_sync=1 has_ip=0 metric=4 MTU=1500 max_mss=1460 MAC=00:7f:28:xx:xx:bb
depend_on_list=None
next=eth1(0x415b08)
 
Device eth1 (0x415b08) -
type=110(Ethernet/Coax)state=running
changed=0 is_sync=0 has_ip=1 metric=3 MTU=1500 max_mss=1460 MAC=00:7f:28:xx:xx:cc
depend_on_list=None
next=wifi0(0x415cc8)
ip=74.yyy.yyy.yyy,netmask=255.255.255.0
 
Device wifi0 (0x415cc8) -
type=85(Wireless 802.11)state=running
changed=0 is_sync=1 has_ip=0 max_mss=1460
depend_on_list=None
next=ath0(0x415e88)
 
Device ath0 (0x415e88) -
type=99(Wireless 802.11n Access Point)state=running
changed=0 is_sync=1 has_ip=0 metric=4 MTU=1500 max_mss=1460 MAC=00:7f:28:xx:xx:dd
depend_on_list=wifi0(0x415cc8)
next=ath1(0x416048)
 
Device ath1 (0x416048) -
type=99(Wireless 802.11n Access Point)state=disabled
changed=0 is_sync=1 has_ip=1 metric=4 MTU=1500 max_mss=1460 MAC=00:03:7f:xx:xx:ee
depend_on_list=wifi0(0x415cc8)
next=clink1(0x416208)
ip=0.0.0.0,netmask=0.0.0.0
 
Device clink1 (0x416208) -
type=103(Coax)state=down
changed=0 is_sync=1 has_ip=0
depend_on_list=None
next=clink0(0x4163c8)
 
Device clink0 (0x4163c8) -
type=103(Coax)state=running
changed=0 is_sync=1 has_ip=0
depend_on_list=None
next=ppp0(0x416588)
 
Device ppp0 (0x416588) -
type=29(PPPoE)state=disabled
changed=0 is_sync=0 has_ip=1 metric=1 MTU=1492
depend_on_list=eth1(0x415b08)
next=br0.10(0x416748)
ip=0.0.0.0,netmask=0.0.0.0
 
Device br0.10 (0x416748) -
type=48(Ethernet)state=running
changed=0 is_sync=1 has_ip=1 metric=4 MTU=1500 max_mss=1456 MAC=00:7f:28:xx:xx:ff
depend_on_list=br0(0x415760)
next=None
ip=10.0.0.2,netmask=255.255.255.0
 

Wireless Broadband Router> net route
Source             Destination        Gateway            Flags DSCP Metric Interface       
0.0.0.0/0          0.0.0.0/24         172.16.0.1         UG    0    0      br0             
0.0.0.0/0          10.0.0.0/24        172.16.0.1         UG    0    0      br0             
0.0.0.0/0          10.0.0.0/24        *                  U     0    4      br0.10          
0.0.0.0/0          172.16.0.0/24      *                  U     0    4      br0             
0.0.0.0/0          74.xxx.xxx.0/24    *                  U     0    3      eth1            
0.0.0.0/0          0.0.0.0/0          74.xxx.xxx.1       UG    0    3      eth1            
 
Springbok
join:2002-09-13
Leander, TX

Springbok

Member

I did not use the CLI but the GUI: Advanced--> Routing--> Then click the Icon under Action and fill in the details. Destination and Gateway probably the same and something like 10.0.0.1 with a netmask of 255.255.255.0 and a metric of 5
philow
join:2014-03-25

philow to dennismurphy

Member

to dennismurphy
This is great and I am woking with the data provided but I still cannot get DHCP to hand out an IP on the 10. network. Thanks for the work so far.

Thinkdiff
MVM,
join:2001-08-07
Bronx, NY

Thinkdiff to dennismurphy

MVM,

to dennismurphy
        
0.0.0.0/0          10.0.0.0/24        172.16.0.1         UG    0    0      br0             
0.0.0.0/0          10.0.0.0/24        *                  U     0    4      br0.10                   
 

Maybe I'm mistaken, but it seems like you want to be removing routes, not adding them. The route from 10.0.0.0/24 to the 172 address is just a loop. Doesn't go anywhere.

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

dennismurphy

Premium Member

said by Thinkdiff:

[code]

0.0.0.0/0 10.0.0.0/24 172.16.0.1 UG 0 0 br0
0.0.0.0/0 10.0.0.0/24 * U 0 4 br0.10
[/code]

Maybe I'm mistaken, but it seems like you want to be removing routes, not adding them. The route from 10.0.0.0/24 to the 172 address is just a loop. Doesn't go anywhere.

Actually, that looks like a default route from anywhere to 10.0.0.0/24, use the default 172.16.0.1 gateway. Probably broken and why I was asking how the fsck I can access the routing table from the command line!

Back to GUI hell .....

Thinkdiff
MVM,
join:2001-08-07
Bronx, NY

Thinkdiff

MVM,

said by dennismurphy:

Actually, that looks like a default route from anywhere to 10.0.0.0/24, use the default 172.16.0.1 gateway.

That's my point. A packet for 10.0.0.2 will hit that route and then get sent to 172.16.0.1 (which is the router again), so it'll hit that same route again. Over and over. The 10.0.0.0/24 on br0.10 never does it job because it's metric is 4, and the packet goes nowhere. Isn't that why your 172 network can't talk to your 10 network, and vice versa?

Is the 10.0.0.0/24 -> 172.16.0.1 a route that you added via the GUI or one that the router creates on its own?

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

dennismurphy

Premium Member

said by Thinkdiff:

Is the 10.0.0.0/24 -> 172.16.0.1 a route that you added via the GUI or one that the router creates on its own?

Damn fine question.... been through so many $@*%(*%@ iterations I'm not sure what I or the AT have done anymore. I just pulled the rules - let's see if it works.
dennismurphy

1 recommendation

dennismurphy to philow

Premium Member

to philow
Click for full size
Click for full size
Click for full size
Click for full size
IT WORKS!

Sweet. Absolutely, totally, 100% sweet.

So my config is as such:

Actiontec:
LAN Port 3: to HP 1810-24g v2 switch. All my "internal" LAN traffic is here.
LAN Port 4: Ubiquiti UniFi AP, with 2 SSID's configured - one to my "internal" wireless LAN, and the other for a Guest LAN. The "internal" SSID is on VLAN 1, Guest SSID is VLAN 10.

On the Actiontec:
Step 1) My Network -> Network Connections -> Add a VLAN connection, set it up as in the screenshot.
Step 2) My Network -> Network Connections -> Network (Home/Office), add the right VLANs to the Ethernet network.
Step 3) My Network -> Network Connections -> Network (Home/Office), click on Ethernet, then Settings, then add the right VLANs to the right ports in the switch.
Step 4) Add rules to the firewall to prevent traffic from 10.0.0.0/8 to 172.16.0.0/16.

It all works exactly as I want... if I connect to the Ubiquiti on the 'internal' SSID, I get a 172.16.x.x IP address. If I connect on the Guest VLAN, I get prompted by my guest portal, accept the terms, and get issued a 10.x.x.x address.

SWEET!
philow
join:2014-03-25

philow

Member

AWESOME!!!

You are using 2 VLANs (1,10). Is one of the VLANs set as default for any of the bridges?
Did you do any configuration for VLAN 1?
Is VLAN 10 set as ingress or egress tagged?

I cannot get my 10. VLAN to serve up a 10. address when plugged into the LAN Port assigned with the VLAN 10

So close I can feel it. Thanks for all your work on this!

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

dennismurphy

Premium Member

Click for full size
Click for full size
Click for full size
Screenshot of Bridge section of Network (Home/Office)
Click for full size
Edit VLANs for
said by philow:

AWESOME!!!

You are using 2 VLANs (1,10). Is one of the VLANs set as default for any of the bridges?
Did you do any configuration for VLAN 1?
Is VLAN 10 set as ingress or egress tagged?

I cannot get my 10. VLAN to serve up a 10. address when plugged into the LAN Port assigned with the VLAN 10

So close I can feel it. Thanks for all your work on this!

I have it set for tagged on egress, untagged for ingress. Works perfectly and it's serving up the addresses I expect.

I did NOT set a VLAN as a default for any of the bridges in Network (Home/Office) but I DID set VLAN 1 for each of the other ports on the Actiontec (see Port 3 screenshot for the example.) Port 4 screenshot is where I have the Ubiquiti plugged in. No config whatsoever for VLAN 1.

On the Network (Home/Office) config, under the Bridge section, I did set Network (Home/Office) to have VLAN 1 & 10, and Ethernet/Coax to only have VLAN 10. (Which is weird b/c I have VLAN 1 devices on other ethernet ports.) (See 3rd screenshot)

Screenshot 4 is of the VLANs "Edit" button for "Ethernet/Coax" in screenshot 3.
philow
join:2014-03-25

1 edit

philow

Member

Thanks! I will do some playing and see if I can get it working. BTW is this on your Rev G or a Rev I router?

Also what is LAN Port 5?

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

dennismurphy

Premium Member

said by philow:

Thanks! I will do some playing and see if I can get it working. BTW is this on your Rev G or a Rev I router?

This is on a Rev I (my "production" router, if you will.)

The Rev G is my backup router, and I used it to build a lab network to test this all out before monkeying with my "production" LAN.

The net-net is that I just installed an 18U wall rack in my basement, so I have to do a full network shutdown to migrate into it. If I'm bringing down the network anyway, I'd like to have this all working 100% when I bring it back up.... so we're good to go now. This is going to be a busy weekend punching down all the cabling and moving everything.
philow
join:2014-03-25

philow

Member

Sounds fun

My setup is a bit different. All I am trying to do is create the VLAN on one LAN port so I can segment that port to a 10.0.0.x address. Have everything else on my other ports and WiFi in the 192.168.2.x addresses. All I currently have is one (may grow in the future) Linux web server I am trying to connect on the 10.0.0.x address. I have just removed all the settings I was doing so I can try your steps. I will screen cap what I am doing and hope it works

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

dennismurphy to philow

Premium Member

to philow
said by philow:

Also what is LAN Port 5?

LAN Port 5 is the Coax MOCA connection on the Rev I. It appears that the bridge inside the Rev I has a combined MOCA/Ethernet bridge.
philow
join:2014-03-25

philow

Member

Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
Above pics show me creating my VLAN 10 then setting the tagging then setting the settings for the VLAN and then what my Ethernet/Coax properties look like.

This will NOT serve up a 10.0.0.x address with DHCP on LAN Port 4

What am I missing???

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

dennismurphy

Premium Member

How are you getting to the 2nd Screenshot? ("Traffic on this VLAN is: Tagged")? I can't find that screen.
philow
join:2014-03-25

philow

Member

It is part of the VLAN Interface Wizard when I hit next from the first picture.

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

dennismurphy

Premium Member

said by philow:

It is part of the VLAN Interface Wizard when I hit next from the first picture.

Hmm... mine doesn't prompt that way. What firmware revision are you on? I'm on 40.21.10.3, model MI424WR-GEN3I.

How are you getting to the VLAN Interface Wizard? I hit "My Network -> Network Connections -> Add"

Thinkdiff
MVM,
join:2001-08-07
Bronx, NY

Thinkdiff to philow

MVM,

to philow
You have port 4 set to trunk VLANs 10 and 1. If you are plugging in a normal, non-VLAN aware device, it will not be able to receive anything on that port.

If you're using a Mac, you can create VLAN interfaces in System Prefs. There might be a way to do it on Windows, too. But the better solution would be to not trunk 10 and 1 on port 4. Assign it only to VLAN10.
philow
join:2014-03-25

philow to dennismurphy

Member

to dennismurphy
I have 41.21.10.3 and that is exactly how I do it. I noticed that if I leave it set to Broadband (Ethernet/Coax) it does not prompt the next screen but setting it to Network (Home/Office) brings up the next screen as "Untagged" I set it to "Tagged"

Thinkdiff
MVM,
join:2001-08-07
Bronx, NY

Thinkdiff

MVM,

The GUI isn't very descriptive, but I don't think you want to enable tagging on port 4, either.

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

dennismurphy to philow

Premium Member

to philow
Leave it untagged and don't assign any ports to it.. just create it "standalone" if you will.
philow
join:2014-03-25

philow

Member

I think it is because I do not have a VLAN aware device I am plugging into port 4. It is just an Ubuntu box I am trying to create a VLAN interface on it to see if that helps.

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

dennismurphy

Premium Member

said by philow:

I think it is because I do not have a VLAN aware device I am plugging into port 4. It is just an Ubuntu box I am trying to create a VLAN interface on it to see if that helps.

That's why you need to leave it Untagged when you create the VLAN. Try it again and see what happens. Leave it untagged and don't click any ports. Then go through the other steps ...
philow
join:2014-03-25

philow

Member

I will delete all my settings and try again. Do you think I need to do anything with VLAN 1 at all?

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

dennismurphy

Premium Member

said by philow:

I will delete all my settings and try again. Do you think I need to do anything with VLAN 1 at all?

Nope.
philow
join:2014-03-25

philow

Member

I got rid of all references to VLAN 1 and 10 then recreated VLAN 10. I kept it untagged and set it up like the screenshot above for the Properties. Then I assigned it to Ethernet/Coax (It was already on Network (Home/Office)) I went into Ethernet/Coax and assigned it Egress untagged.

Still does not serve up a 10.0.0.x address to my Ubuntu connected to port 4

On my Rev D router I needed to tag the ingress for it to work.
philow

philow

Member

FYI it is serving up a 192.168.2.x address

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

dennismurphy

Premium Member

said by philow:

FYI it is serving up a 192.168.2.x address

Well, the difference in my case is that my device is sending tagged packets (the Ubiquiti AP).

Why not try enabling VLAN tagging on the Ubuntu server? VLAN tag it for VLAN 10 ...

»www.bauer-power.net/2012 ··· nux.html
philow
join:2014-03-25

philow

Member

It is getting late for me and I appreciate all the help. I will read that page and try it tomorrow.

FYI...For giggles I set my Ingress to tag VLAN 10 on port 4 and my Ubuntu box got a 10.0.0.2 address But no connectivity