VLAN on WRT1900AC ver 2 with OpenWRT firmware

[simwb90]

Hi all,

I plan to flash my Linksys WRT1900AC ver 2 with OpenWRT Chaos Calmer as I am getting abit fed-up with the stock firmware dropping the 5GHz Wifi (it stops broadcasting after some time) and having random devices (albeit legit devices) showing up on the Network Map. With no way to remove these devices other than a reboot, it is quite irritating.

Two questions

WRT1900AC comes preconfigured with the major ISPs VLAN tags. I am using Singtel Fibre. I do not have MioTV or VoIP so I only need the Internet tag.

1. How do I go about configuring the required VLAN?

2. I read that Singtel does a MAC check but if that is the case, why is it that my WRT1900AC is working even though it is a third party router?

Thank you

 

[Ah-Pin-Kor]

klseet already showed how to configure:
https://www.klseet.com/index.php/singtel-fibre/219-singtel-tl-wr1043v18-openwrt

You can use his info as an example and adapt your requirements to it. For your case, you only need vid 1 and 10. Don't need vid 20 since no miotv. Also ignore his port 4 settings, just copy the port 1-3 settings to your port 4 since you don't have vid 20. Then all your lan ports can be used for internet.

For the mac address, since you are already using the same router, the mac address should be the same so no need to clone it. Singtel does allow 3rd party routers.

 

[simwb90]

kamsia very much
appreciate it
guess i was on the right track when i saved his site

 

[simwb90]

klseet already showed how to configure:
https://www.klseet.com/index.php/singtel-fibre/219-singtel-tl-wr1043v18-openwrt

You can use his info as an example and adapt your requirements to it. For your case, you only need vid 1 and 10. Don't need vid 20 since no miotv. Also ignore his port 4 settings, just copy the port 1-3 settings to your port 4 since you don't have vid 20. Then all your lan ports can be used for internet.

For the mac address, since you are already using the same router, the mac address should be the same so no need to clone it. Singtel does allow 3rd party routers.

question about the vlan settings. for understanding purposes

i read that
off = not part of the VLAN stated in vid
untagged = part of 1 VLAN
tagged = part of multiple VLANs

assuming port 0 = WAN port
am i right to interpret as such (following the site's example)....

vid 1, port 0 is removed from the vlan while port 1 to 3 and CPU are part of vlan

vid 10, traffic exiting port 0 is tagged with vid 10 and traffic exiting CPU is also tagged with vid 10. effectively this means only WAN and CPU can talk to each other. what is the purpose of this?

vid 20, traffic exiting port 0 is also tagged with vid 20 and traffic exiting CPU is also tagged with vid 20. port 4 traffic is tagged with vid 20. this means any traffic tagged as vid 20 from the WAN will go to the CPU and designated only for port 4

 

[Ah-Pin-Kor]

question about the vlan settings. for understanding purposes

i read that
off = not part of the VLAN stated in vid
untagged = part of 1 VLAN
tagged = part of multiple VLANs

tagged can also be single vlan. The miotv set top box expects it's incoming packets to be tagged even though there are no other vlans on port 4.

assuming port 0 = WAN port
am i right to interpret as such (following the site's example)....

vid 1, port 0 is removed from the vlan while port 1 to 3 and CPU are part of vlan

vid 10, traffic exiting port 0 is tagged with vid 10 and traffic exiting CPU is also tagged with vid 10. effectively this means only WAN and CPU can talk to each other. what is the purpose of this?

The cpu is a member of all vlans.
The wan traffic is kept isolated from the lan traffic so they are kept on different vlans. Based on the routing and nat rules the cpu will move packets between them.
I don't know about the internal hardware organisation of the switch chip. Different chips may have different internal way of doing things, e.g. whether the packets remain tagged internally. As users, we are only able to observe the outgoing packets.

vid 20, traffic exiting port 0 is also tagged with vid 20 and traffic exiting CPU is also tagged with vid 20. port 4 traffic is tagged with vid 20. this means any traffic tagged as vid 20 from the WAN will go to the CPU and designated only for port 4

 

[simwb90]

tagged can also be single vlan. The miotv set top box expects it's incoming packets to be tagged even though there are no other vlans on port 4.


The cpu is a member of all vlans.
The wan traffic is kept isolated from the lan traffic so they are kept on different vlans. Based on the routing and nat rules the cpu will move packets between them.
I don't know about the internal hardware organisation of the switch chip. Different chips may have different internal way of doing things, e.g. whether the packets remain tagged internally. As users, we are only able to observe the outgoing packets.

i see. i couldn't find any details on the internal hardware layout of this model....otherwise i think i probably can understand the assignment....but based on what u r saying i think i understand the assignment better now....

essentially....any incoming traffic will come in from WAN -> CPU -> goes to endpoint on either of the LAN while outgoing traffic will go from LAN -> CPU -> WAN

the only thing i need to take note when setting up VLANs is that there must be a middleman who can bridge different VLANs together if i want traffic to route properly between VLANs....

if i removed the CPU from VLAN 10 and VLAN 20, then technically any host in VLAN 10 cannot talk to any host in VLAN 20 cux there is no middleman. but in the current setup, since CPU is part of both VLAN 10 and 20, these two hosts can actually talk to each other....
is my understanding correct?

thanks for all the help...sorry if the topic got off track but i've rarely played around with VLANs and this is opening up new possibilities for me =)

 

[Ah-Pin-Kor]

if i removed the CPU from VLAN 10 and VLAN 20, then technically any host in VLAN 10 cannot talk to any host in VLAN 20 cux there is no middleman. but in the current setup, since CPU is part of both VLAN 10 and 20, these two hosts can actually talk to each other....
is my understanding correct?

You can try to remove the cpu from one or both of those vlans and see what happens but you must be prepared to reset your config back to defaults if you can't get in again.
I'm too lazy to drag out my old router with openwrt to verify this.

 

[simwb90]

You can try to remove the cpu from one or both of those vlans and see what happens but you must be prepared to reset your config back to defaults if you can't get in again.
I'm too lazy to drag out my old router with openwrt to verify this.

hahahaha no need for that trouble....i'll keep this question in the back of my mind and try it out on a non-essential equipment in the future =)
my family will likely kill me if i down the network for too long >.>