|
to philow
Re: VLAN configuration on MI424WR Gen 3 Rev. IThe two screenshots dennismurphy posted above for "Port 3 settings" and "Port 4 Settings" is where you need to be looking. For Port 4, Ingress should be Untagged and you need to remove VLAN 1. Add VLAN 10 and leave it Untagged as well. When you're done, it should look like Dennis's Port 3 settings but say "10" instead of "1" under VLAN. No other changes should be made. This will remove Port 4 from VLAN 1 and assign it to VLAN 10. Assuming you setup the VLAN correctly, everything should "just work". To double check, the "Ethernet/Coax properties" screen where it lists Ports 1-5 should have only "10" in the VLAN column next to Port 4. All other ports should be on VLAN 1. |
|
|
philow
Member
2014-Apr-8 10:27 pm
With everything set to untagged it will only give me a 192.168.2.x address. |
|
|
Did you verify that port 4 is assigned to VLAN 10 both in the port settings and also on the properties page that you posted earlier?
Edit: And that VLAN 1 is not assigned to Port 4? |
|
|
philow
Member
2014-Apr-8 10:32 pm
When in Ethernet/Coax I edit port 4 and add VLAN 10 egress untagged and when it is applied it shows up with a 10 under VLAN column for port 4 in the Properties for Ethernet/Coax. I am not sure where else to see it. |
|
|
In your post earlier, it showed "1,10" on Port 4, which is why I was asking. Sounds like you have it set correctly now, though.
In an earlier screenshot, you showed on the "VLAN Properties" screen that it was "tagged". Did you change that to untagged?
Edit (again): I think i'm understanding Actiontec's poor wording better. When you click on Port 4 settings and then go to the menu for "Ingress" What are the options? Is it just Tagged and Untagged? Or does it give you an option of which VLAN for tagging? |
|
|
philow
Member
2014-Apr-8 10:41 pm
I recreated the VLAN as untagged. That was part of the wizard for creating the VLAN that @dennismurphy and I were talking about! |
|
|
|
Sorry, missed that part! See my updated post. I'm thinking you might need to have Ingress Tagged and Egress untagged (similar to what you mentioned earlier when you said you got the 10.0.0.2 address). Maybe it is easier to just setup a VLAN interface on Ubuntu |
|
|
philow
Member
2014-Apr-8 10:45 pm
I just think it is crazy that this Rev I router is so much harder to configure then the Rev D I have!!! It just worked with Tagged Ingress and all was good! I still think there is a firmware bug!!! LOL
I will try the VLAN interface on Ubuntu. |
|
|
Last question before trying the VLAN interface...
When you go to "Port 4 Settings", is there an option to add or change the PVID? If there is, set it to 10. And set Ingress/Egress both to untagged.
Edit (again x2): I'm still not 100% clear on the Ingress setting, so after changing the PVID, you may need to test both Tagged/Untagged. The PVID is usually the key on other routers to making it all work. |
|
|
philow
Member
2014-Apr-8 10:49 pm
No option. If I set Ingress Tagged it makes it a PVID (Show up on Ethernet/Coax propeties under PVID) otherwise I can set Egress to untagged or tagged and it shows up in the Ethernet/Coax under VLAN
In other words I have to tag Ingress for it to be PVID |
|
|
Ok, in that case, the only option that makes sense to me is: Ingress: Tagged Default VLAN ID or PVID, whichever it says : 10 Egress: VLAN ID 10 - Untagged
If that doesn't work, you'll want to have both set to Untagged and then use VLAN interfaces on linux, but that will limit what kind of devices you can connect to the VLAN. |
|
|
philow
Member
2014-Apr-8 10:55 pm
Interesting when I set ingress tagged I cannot set egress it is just auto untagged and I cannot assign a VLAN ID. And that is how it worked on the Rev D Router (The way your last post says it makes sense) Will work on it more tomorrow. Thanks |
|
philow |
philow
Member
2014-Apr-8 10:59 pm
Sorry wrong. When I set Ingress to tagged it assigns VLAN 10 Egress to untagged and I cannot change it. |
|
|
That should be what you want, though. Here's what I'm looking at. Just replace "4000" with "10" Notice that "4000" shows up under PVID on the switch properties list. (This is from the manual for the OpenRG firmware, which Verizon modifies for their routers. Should be close to the same) |
|
|
philow
Member
2014-Apr-8 11:06 pm
That is exactly how it is setup and again I say it worked perfectly on my Rev D router but this router is giving me grief. If it had worked like that I would not have made this thread cause that is how I started |
|
|
I jumped in half way and skipped a few important ports early in the thread - my mistake. Does that mean you are now getting a 10.0.0.x address on your box connected to port 4 with these settings? And that device cannot ping/connect to anything, is that right? If that's the case, then the VLAN port settings are at least correct. DHCP would not be working if it wasn't setup properly. Could you post the information that Dennis posted here: » Re: VLAN configuration on MI424WR Gen 3 Rev. IBoth the ifconfig list and routing table (if it's any different than the one you posted earlier). It's possible something is broken on these newer routers and VLANs only work correctly when another device is doing the untagging/tagging (like how dennismurphy set it up), but the fact that DHCP works seems to disprove that theory. |
|
|
philow
Member
2014-Apr-8 11:28 pm
I will post the info in the morning when I am back infront of my computers. Thanks! |
|
philow |
to Thinkdiff
Wireless Broadband Router> net ifconfig
Device br0 (0x40f630) -
type=40(Bridge)state=running
changed=0 is_sync=1 has_ip=1 metric=4 MTU=1500 max_mss=1460 MAC=f8:e4:
depend_on_list=ath0(0x40fd58), eth0(0x40f818)
next=eth0(0x40f818)
ip=192.168.2.1,netmask=255.255.255.0
Device eth0 (0x40f818) -
type=111(Hardware Ethernet Switch)state=running
changed=0 is_sync=1 has_ip=0 metric=4 MTU=1500 max_mss=1460 MAC=f8:e4:
depend_on_list=None
next=eth1(0x40f9d8)
Device eth1 (0x40f9d8) -
type=110(Ethernet/Coax)state=running
changed=0 is_sync=0 has_ip=1 metric=3 MTU=1500 max_mss=1460 MAC=f8:e4:
depend_on_list=None
next=wifi0(0x40fb98)
ip=96.xxx.xxx.xxx,netmask=255.255.255.0
Device wifi0 (0x40fb98) -
type=85(Wireless 802.11)state=running
changed=0 is_sync=1 has_ip=0 max_mss=1460
depend_on_list=None
next=ath0(0x40fd58)
Device ath0 (0x40fd58) -
type=99(Wireless 802.11n Access Point)state=running
changed=0 is_sync=1 has_ip=0 metric=4 MTU=1500 max_mss=1460 MAC=f8:e4:
depend_on_list=wifi0(0x40fb98)
next=ath1(0x40ff18)
Device ath1 (0x40ff18) -
type=99(Wireless 802.11n Access Point)state=disabled
changed=0 is_sync=1 has_ip=1 metric=4 MTU=1500 max_mss=1460 MAC=00:03:
depend_on_list=wifi0(0x40fb98)
next=clink1(0x4100d8)
ip=0.0.0.0,netmask=0.0.0.0
Device clink1 (0x4100d8) -
type=103(Coax)state=running
changed=0 is_sync=1 has_ip=0
depend_on_list=None
next=clink0(0x410298)
Device clink0 (0x410298) -
type=103(Coax)state=running
changed=0 is_sync=1 has_ip=0
depend_on_list=None
next=ppp0(0x410458)
Device ppp0 (0x410458) -
type=29(PPPoE)state=disabled
changed=0 is_sync=0 has_ip=1 metric=1 MTU=1492
depend_on_list=eth1(0x40f9d8)
next=br0.10(0x5b29b0)
ip=0.0.0.0,netmask=0.0.0.0
Device br0.10 (0x5b29b0) -
type=48(Ethernet)state=running
changed=0 is_sync=1 has_ip=1 metric=4 MTU=1500 max_mss=1456 MAC=f8:e4:
depend_on_list=br0(0x40f630)
next=None
ip=10.0.0.1,netmask=255.255.255.0
Returned 0
Wireless Broadband Router>
Wireless Broadband Router> net route
Source Destination Gateway Flags DSCP Metric Interface
0.0.0.0/0 10.0.0.0/24 * U 0 4 br0.10
0.0.0.0/0 96.xxx.xxx.0/24 * U 0 3 eth1
0.0.0.0/0 192.168.2.0/24 * U 0 4 br0
0.0.0.0/0 0.0.0.0/0 96.xxx.xxx.1 UG 0 3 eth1
Returned 0
Wireless Broadband Router>
Ok sooner then tomorrow |
|
dennismurphyPut me on hold? I'll put YOU on hold Premium Member join:2002-11-19 Parsippany, NJ |
Well, your routes look right ... Wireless Broadband Router> net route
Source Destination Gateway Flags DSCP Metric Interface
0.0.0.0/0 10.0.0.0/24 * U 0 4 br0.10
0.0.0.0/0 172.16.0.0/24 * U 0 4 br0
0.0.0.0/0 74.xxx.yyy.0/24 * U 0 3 eth1
0.0.0.0/0 0.0.0.0/0 74.xxx.yyy.1 UG 0 3 eth1
Now, when you get it to pull a DHCP 10.0.0.0/24 address, are you *sure* the gateway and such are correct on the Ubuntu side? When it has the 10.0.0.0/24 address, can it reach the Internet? Let's get that working before we look into cross-VLAN routing (which may be another issue.) Because once it gets an address, and your routing table isn't fscked up (like mine was), that SHOULD be it ... If it's pulling the right address from DHCP, it's in the right VLAN and clearly getting the right packets. This is MUCH harder than it needs to be, because of the wacky way the Actiontec works.... the functionality's in there, it's just finding it. This would be SO much easier if the AT had a workable command line! |
|
|
That was my next question (about the gateway/routes on ubuntu).
Everything on the router is setup correctly. To me, there are 3 possibilities: 1. Ubuntu is not setup properly (try to post the routing table for ubuntu) 2. The firewall on the Actiontec is blocking the traffic from 10.0.0.x 3. The Actiontec is not masquerading/NATing the 10.0.0.x network (but if this was true, you should still be able to access the router on the 10.0.0.x network). |
|
|
philow
Member
2014-Apr-9 7:09 am
Route from Ubuntu $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 1 0 0 eth0
Connection Info: IPv4
IP Address:10.0.0.2
Broadcast Address:10.0.0.255
Default Route:10.0.0.1
Primary DNS:10.0.0.1
Secondary DNS:8.8.8.8
Ternary DNS:8.8.4.4
I cannot ping 10.0.0.1 or get anywhere. I cannot ping 10.0.0.2 from the router either. One other non Ubuntu piece of info. For Giggles I a LAN Port plugged into my Mac Mini (Port 2) the same way as LAN port 4 (Tagged Ingress) and my Mac gives me an APIPA address it does not get a 10.0.0.x address from the DHCP. |
|
|
Reading back your previous posts, it looks like you can ping from 192.168.2.x to 10.0.0.2, but not the other way around. Is that correct? To me, that says the firewall is only allowing established connections from 10.0.0.x and dropping all request originating from 10.0.0.x. Instead of turning the firewall off, can you try adding a specific rule to allow 10.0.0.0/24 to 192.168.2.0/24, similar to this (obviously not Drop though): » /speak ··· SZXYuLUkI know this is the opposite of what you want, but it should at least tell us if the firewall is the issue. If that works, I imagine you'll need these two rules in the proper order: 10.0.0.0/24 -> 192.168.2.0/24 -> Drop (segregate VLAN) 10.0.0.0/24 -> any -> Accept (allow WAN access) |
|
|
philow
Member
2014-Apr-9 7:35 am
Actually I am unable to ping in any direction. I cannot ping 10.0.0.2 from the router or any machines on 192.168.2.x.
Also back to the Mac: Even though it is getting an APIPA address 169. The router thinks it have given it 10.0.0.3 (WEIRD) |
|
dennismurphyPut me on hold? I'll put YOU on hold Premium Member join:2002-11-19 Parsippany, NJ |
said by philow:Actually I am unable to ping in any direction. I cannot ping 10.0.0.2 from the router or any machines on 192.168.2.x.
Also back to the Mac: Even though it is getting an APIPA address 169. The router thinks it have given it 10.0.0.3 (WEIRD) That tells me your firewall is borked. The router is receiving the dhcp requests but the host isn't getting them. Can you screenshot firewall -> advanced filtering? |
|
|
philow
Member
2014-Apr-9 9:13 am
There are no rules in Advance Filtering in the Firewall. |
|
|
Can you try creating two inbound rules: 10.0.0.0/24 -> 192.168.2.0/24 -> accept 192.168.2.0/24 -> 10.0.0.0/24 -> accept And then ping from the 10 to the 192 network again. I wouldn't focus on the Mac for now - Port 4 seems to be further along, so try to get that working first You may have to play around with what interface you assign these rules to. I'd try the first one as a Input VLAN 10 rule and the second one as a Input Home Network rule. If that's not working, assign both to Network Home/Office. |
|
|
philow
Member
2014-Apr-9 4:58 pm
I am at work and only have access to the Mac remotely so I created a Virtual VLAN adapter on it and I am typing this message on the Mac with a 10.0.0.3 address so it has access to the Internet. I turned off its WiFi Connection and the VLAN is the only working connection. I can try this on Ubuntu as well.
I did create your rules as well so they are in place but I am not sure if they are needed with the VLAN adapter. BTW the Ethernet adapter still has an APIPA address. |
|
|
If the VLAN adapter fixed the problem, then your egress/ingress rules are not correct for Port 2. Port 4 is working (as evidenced by Ubuntu getting an IP address).
Strange.. |
|
|
philow
Member
2014-Apr-9 8:30 pm
I think I am fading trying to figure this stuff out. The egress/ingress is the same for both LAN port 2 (Mac) and 4 (Ubuntu).
While Ubuntu gets an IP it is totally unusable and the Mac sets an APIPA address.
I have setup a a virtual VLAN on the Mac and it is working. I have setup and VLAN adapter on Ubuntu and removed the Wired Network default adapter and it is now working with a 10.0.0.x address.
With that said I can now work on the rules in the firewall to see if I can make them work like I want them to. All networks can connect to VLAN 10.0.0.x and 10.0.0.x cannot connect to 192.168.2.x.
Is there any drawbacks to operating my Ubuntu machine with just the VLAN adapter that I should know about? |
|
|
No. The only limitation is that you must use devices that are VLAN aware (devices that have the ability to setup a VLAN adapter). If you wanted to use any generic device with an ethernet port, it apparently would not work.
Also, if you decide to connect the Ubuntu machine back to the normal LAN, you'll have to remove the VLAN adapter first. |
|