Announcement

Collapse
No announcement yet.

DD-WRT router suggestion

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Two for now. Make VLAN3 regular AP access and VLAN4 guest AP access.

    1 - Give the two VLANs interfaces static IP addresses and assign the two VLANs to ethernet port #1
    2 - define a subnet, mask, gateway for each VLAN subnet
    3 - set up the firewall for each of the two vlans or subnets.

    Next steps are to create a port trunk on the TP-Link with two VLANs and then assign one VLAN to two ports. Note this is to test the two vlan connections one by one. IE: you can plug in a laptop to port 5 or port 6 and it should get a DHCP address from either of the subnets.

    Baby steps here as you want to validate your stuff. After validation we will create a second port trunk on the Main TP-Link switch...but not yet....don't think of the VLANs as guest and regular for now...just make them two subnets; recall that each vlan is a separately defined network. It is straight forward using the TP-Link managed switch. Later on too you can utilize the TP-Link managment software for multiple switches (only runs on Windows).

    IE:

    1 - Tomato router ethernet port #1 is a trunked port with two VLANs #3 and #4. (less wiring) - one cable from ethernet port #1 to TP-Link ethernet port #4
    2 - TP-Link Port #4 is a trunked port with two VLANs #3 and #4
    3 - TP-Link Port #5 is VLAN3 - temporary for testing
    4 - TP-Link Port #6 is VLAN4 - temporary for testing

    Do we need two vlan or we can do it with vlan3?

    Two VLANs for Wireless APs for time bean as an exercise relating to VLANs.

    Recall that you only have one ethernet cable between the AP and the managed switch that it plugs in to (so you are trunking that port with two vlans or two networks).

    AP ==> ONE wire (2 networks) ==> managed switch with trunking on one port (2 networks) ==> ONE Wire ==> main managed switch ==> ONE wire ==> Tomato router.

    Call the second one main VLAN if you want and that one can be your main subnet in the future.

    Unifi has the ability to set a vlan for ssid_guest so it would be one network cable using vlan 3 if I understand it.

    We are going to make the configuration such that you will have a regular connection VLAN - SSID and a guest connection VLAN - SSID - two subnets - one guest and one regular.
    Last edited by Pete; January 17, 2017, 01:20 PM.
    - Pete

    Auto mator
    Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
    Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
    HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

    HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
    HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

    X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

    Comment


      This thread is really becoming well developed.


      Sent from my iPhone using Tapatalk

      Comment


        @Aldo

        In reference to post #102 and configuration of you TP-Link switch read a bit about tagging or untagging packets and what we should do with the TP-Link switch configuration. From googling a bit relating to the Tomato OS the trunked port #1 is tagged by default.

        Device ports are typically untagged (where the vlan information has been removed) this is done because most devices don't understand the tagged data packets and will just ignore the packet.

        Both ends of the link should be either tagged or untagged for the switch and device to communicate (you already know the exception to this with the voip phone). Once the data packet enters a switch vlan tagging is automatically applied to all data even if you have an unconfirmed L2 switch. The default vlan ( 1 ) is applied to all data entering the switch (unless the ports PVID has been changed) and if the port is set to access stripped from the data as it leaves the switch. If the port is setup as a VLAN trunk the vlan information (tagging) is left on the data as it leaves the switch. Remember the other end of the link must understand the data as either tagged or untagged for the data to pass.

        While the terminology is different between the switch manufactures there are 3 basic types of port configuraiton

        1) Access. This port configuration will strip all vlan tagging as the data leaves the port. This port will ignore any data the arrives at the port that is tagged.
        2) Trunk: This port configuration allowed vlan traffic to enter and leave the port. Any untagged traffic will be dropped.
        3) General: This is a combination of Access and Trunk. Data leaving the port will be tagged unless the vlan matches the PVID. If the data matches the PVID the vlan traffic will be stripped from the data as it leaves the port. VLAN traffic entering the port will be honored and passed into the switch. Untagged data arriving at the port will be tagged with the ports PVID and then passed into the switch.
        Last edited by Pete; January 17, 2017, 09:31 PM.
        - Pete

        Auto mator
        Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
        Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
        HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

        HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
        HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

        X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

        Comment


          Hi Pete,
          I think we are on the same page, I have not been idle myself. I found this great article from the manufacture, although in theory it looks simple I still have few questions myself that I would need to answer. Please pay attention to this diagram and the way I need my network to work, they are different in concept. http://www.tp-link.com/us/faq-788.html This time, I'm confident we are really close. Looking at the diagram, it seems that we would need to tag the two ports that they are connected and untag the ports on VLAN? The difficulty I have is, I assumed you need to tag the part that you like to have tag, here it shows the opposite. In addition to this, as you said, since other switches they can tell if they are tag or not tag, in my case would I need to "Tag these ports 1? Am I clear or more confusing :-)

          Comment


            Am I clear or more confusing :-)

            You are clear.

            I am a bit confused with the terminology used on the Easy TP-Link switch. Might be some stuff lost in translation. IE: the PVID and PVID 802.1Q stuff.

            I configured the switch as described above and will test it. Next will test using the methodology in the TP-Link link you provided. (default VLAN 1 and VLANs 3 and 4)

            This switch is not in production right now so I can tinker with it. I also configured an OpenWRT microrouter with two SSID's last night (well it is a wireless TOR proxy).

            I cannot break anything here testing the two methodologies.
            - Pete

            Auto mator
            Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
            Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
            HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

            HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
            HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

            X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

            Comment


              Testing

              Test 1 - PFSense==> VLAN3 and VLAN4 ==> TP-Link Port 4 (trunked/tagged VLAN3 and VLAN4) ==> TP-Link Port 5 - VLAN3 - not tagged & TP-Link Port 6 - VLAN4 - not tagged

              Using laptop on ports 5 and 6.

              [ATTACH]58958[/ATTACH]

              It did not work. Both ports 5 and 6 went to main subnet.

              Changed the PVID for port 5 to 3 and for port 6 to 4. Before change they were at PVID 1.

              [ATTACH]58959[/ATTACH]

              Worked. I was able to get a DHCP address from each of the VLANs.

              Odd too that port #4 (trunked works with PVID 3 or 4).

              Test 2 - well looked over the link again and it doesn't show trunking of VLANs to one port. It is more of a switch to switch VLAN connection where as Switch vlan1 is tagged at port #1 and untagged at port #9 going to switch #2 tagged on port #1 and passing information for VLANs 101 and 102 via the single cable with VLAN1. Well like VLAN1 by default knows the rest of the VLANs on the switch.

              Will give it a try with two TP-Link 1024 managed switches.

              @Aldo...

              Relating to the UniFi AP then you have one defined VLAN #3 which is the guest SSD and regular ethernet connection with is the private SSD going to the main LAN on one cable to the first managed switch. So switch to switch you pass your VLAN 3 which you have done and it works. So per drawing above you would tag the port on the main switch with vlan 1 for the switch to switch connection. Does a second cable from the main managed switch to another port on the tomato router (with DHCP Main LAN) work? IE: such that port #1 on the Tomato router is main LAN with DHCP (no VLAN) and then port $3 is VLAN3 for guest AP access LAN. Here it is then defined as one VLAN passing rather than using a trunk port of multiple VLANs such that:

              1 - Main LAN (default VLAN 1)
              2 - Guest VLAN (defined VLAN3)
              Last edited by Pete; January 18, 2017, 01:11 PM.
              - Pete

              Auto mator
              Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
              Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
              HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

              HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
              HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

              X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

              Comment


                Unifi should handle both the "private" SSID and the Guest SSID on one cable. In Unifi you would define the guest ID as Vlan3 and leave the other alone. Pete, thanks for testing it, very much appreciated. I'm looking forward to this weekend to finish phase2 VLAN. The one thing that is not clear is, I think only one switch, the one that is connected to the Unifi should have VLAn setup, the vlan should travel tru the switches withour setting out any vlan ports on the others. I think the example in the link below was demonstrating two networks. I also understood that CISCO as every other company that have monopoly, like to change terminology up a little. What you call Trunk is actually Cisco wording, although there is a feature called trunk in TP-Link but is to connect two network together. I think 802.1q VLAN and PVID is the way to go. Still confused on why they call untag when they actually tag but maybe you will clarify it for me.

                Originally posted by Pete View Post
                Testing

                Test 1 - PFSense==> VLAN3 and VLAN4 ==> TP-Link Port 4 (trunked/tagged VLAN3 and VLAN4) ==> TP-Link Port 5 - VLAN3 - not tagged & TP-Link Port 6 - VLAN4 - not tagged

                Using laptop on ports 5 and 6.

                [ATTACH]58958[/ATTACH]

                It did not work. Both ports 5 and 6 went to main subnet.

                Changed the PVID for port 5 to 3 and for port 6 to 4. Before change they were at PVID 1.

                [ATTACH]58959[/ATTACH]

                Worked. I was able to get a DHCP address from each of the VLANs.

                Odd too that port #4 (trunked works with PVID 3 or 4).

                Test 2 - well looked over the link again and it doesn't show trunking of VLANs to one port. It is more of a switch to switch VLAN connection where as Switch vlan1 is tagged at port #1 and untagged at port #9 going to switch #2 tagged on port #1 and passing information for VLANs 101 and 102 via the single cable with VLAN1. Well like VLAN1 by default knows the rest of the VLANs on the switch.

                Will give it a try with two TP-Link 1024 managed switches.

                @Aldo...

                Relating to the UniFi AP then you have one defined VLAN #3 which is the guest SSD and regular ethernet connection with is the private SSD going to the main LAN on one cable to the first managed switch. So switch to switch you pass your VLAN 3 which you have done and it works. So per drawing above you would tag the port on the main switch with vlan 1 for the switch to switch connection. Does a second cable from the main managed switch to another port on the tomato router (with DHCP Main LAN) work? IE: such that port #1 on the Tomato router is main LAN with DHCP (no VLAN) and then port $3 is VLAN3 for guest AP access LAN. Here it is then defined as one VLAN passing rather than using a trunk port of multiple VLANs such that:

                1 - Main LAN (default VLAN 1)
                2 - Guest VLAN (defined VLAN3)

                Comment


                  I think only one switch, the one that is connected to the Unifi should have VLAN setup, the vlan should travel tru the switches without setting out any vlan ports on the others.

                  Nope. Both the switch by the AP and the main switch need to know the VLAN. That is why this will work managed switch to managed switch. Try it putting an unmanaged switch next to the AP and plugging that switch to the main managed switch.

                  Recall verbiage above relating to why you have to tag or untag.

                  In the the early days of managed switches it was just that a switch could do more similar to when routers where the sizes of small refrigerators.

                  Cisco like other companies figured out ways to do things with switches and then named their mechanisms. Many companies followed suit. IE: Cisco's first version of POE was not standard and never was adopted by the industry. They just used it for the VOIP and POE powered AP's and made POE switches to that standard of POE before there was an agreed upon standard.

                  I am totally amazed what you can do with the TP-Link managed switches for the price. Personally purchased the first TP-Link managed switch due to it's footprint and no fans inside and price.

                  BTW just test it out. Your AP was using main lan/network two switches over to your Tomato router (or originally Verizon router) and I am supposing you didn't have the AP configured a guest VLAN. See if the main SSID talks to the internet or sees all of your network devices . Are you currently using your AP today?
                  Last edited by Pete; January 18, 2017, 07:14 PM.
                  - Pete

                  Auto mator
                  Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                  Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                  HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                  HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                  HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                  X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                  Comment


                    BTW just test it out. Your AP was using main lan/network two switches over to your Tomato router (or originally Verizon router) and I am supposing you didn't have the AP configured a guest VLAN. See if the main SSID talks to the internet or sees all of your network devices . Are you currently using your AP today?
                    Pete.
                    I have both guest and non guest SSD working great on Tomato router using the internal WIFI from Tomato router.

                    With Unifi, no issues with the non guest SSID while I can not connect to the internet or get the DHCP with the guest wifi. In Unifi, there is a setting that you can use to define the vlan for the guest.

                    Originally posted by Pete View Post
                    I think only one switch, the one that is connected to the Unifi should have VLAN setup, the vlan should travel tru the switches without setting out any vlan ports on the others.

                    Nope. Both the switch by the AP and the main switch need to know the VLAN. That is why this will work managed switch to managed switch. Try it putting an unmanaged switch next to the AP and plugging that switch to the main managed switch.

                    Recall verbiage above relating to why you have to tag or untag.

                    In the the early days of managed switches it was just that a switch could do more similar to when routers where the sizes of small refrigerators.

                    Cisco like other companies figured out ways to do things with switches and then named their mechanisms. Many companies followed suit. IE: Cisco's first version of POE was not standard and never was adopted by the industry. They just used it for the VOIP and POE powered AP's and made POE switches to that standard of POE before there was an agreed upon standard.

                    I am totally amazed what you can do with the TP-Link managed switches for the price. Personally purchased the first TP-Link managed switch due to it's footprint and no fans inside and price.

                    BTW just test it out. Your AP was using main lan/network two switches over to your Tomato router (or originally Verizon router) and I am supposing you didn't have the AP configured a guest VLAN. See if the main SSID talks to the internet or sees all of your network devices . Are you currently using your AP today?

                    Comment


                      Yes so relating to the UniFi AP curious why the regular SSID doesn't work with the internet?

                      If it is not using a VLAN or configured for a VLAN it should work fine plugged in to a port on the Tomato router. Did the UniFi AP work fine with the verizon router LAN connection?

                      You can define one of the four ports to connect to the internet with no VLAN if you want. Well it should be working fine connected to the first managed TP-Link switch.
                      Last edited by Pete; January 19, 2017, 11:24 AM.
                      - Pete

                      Auto mator
                      Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                      Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                      HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                      HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                      HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                      X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                      Comment


                        Originally posted by Pete View Post
                        Yes so relating to the UniFi AP curious why the regular SSID doesn't work with the internet?

                        If it is not using a VLAN or configured for a VLAN it should work fine plugged in to a port on the Tomato router. Did the UniFi AP work fine with the verizon router LAN connection?

                        You can define one of the four ports to connect to the internet with no VLAN if you want. Well it should be working fine connected to the first managed TP-Link switch.
                        Sorry Pete, mia colpa I did not explained rigjt, it works well with the regular ssid, while if I try to create a guest ssid with vlan3 will not work. Regular ssid is working fine. FYI, Unifi is the best access point I owned so far.

                        Sent from my SM-G935V using Tapatalk

                        Comment


                          So lets get back to getting the UniFi AP to work with both the guest and regular SSD.

                          Guest SSD will be using VLAN3 and the regular SSD is not using a VLAN for time bean.

                          Transport will be through two managed switches.
                          - Pete

                          Auto mator
                          Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                          Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                          HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                          HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                          HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                          X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                          Comment


                            Originally posted by Pete View Post
                            So lets get back to getting the UniFi AP to work with both the guest and regular SSD.

                            Guest SSD will be using VLAN3 and the regular SSD is not using a VLAN for time bean.

                            Transport will be through two managed switches.
                            We are on the same page, thanks Pete

                            Sent from my SM-G935V using Tapatalk

                            Comment


                              It comes down to how important is it to have a guest SSID and footprint in your home. You have the Unifi and Tomato and Verizon AP's today.

                              You could just continue to utilize the tomato router as a guest SSID and QOS the pipe if you wanted to. I do that today with a separate AP. Not sure what you could do with the Verizon built in AP but guessing the OS is not as flexible as the tomato OS (mentioning that out of experience with my FIOS Verizon combo router). Here disabled most of the Verizon combo router functionality, removed the antennas and put the Verizon combo in a Leviton can many years ago.

                              Cell phones and tablets are mostly off here unless I am using them; but that is me.

                              Many years ago here built a wireless bridge to the neighbors home (which was across the court in our little subdivision) for Internet and I maxed out the pipe to around 1Mb or so and it did work just fine for them at the time.

                              Today tinkering with a few different AP's and your tinkering got me to configure one new AP with a custom OpenWRT OS for use as a guest Tor SSID proxy and a regular guest SSID. This device will be on the second floor of the house and will connect to a managed switch and have it's own interface on the PFSense firewall. Today the Amazon Alexa is on it's own wireless network / AP with a separate interface as other tinker toys have been over the last few years (automated hubs which speak to the cloud).

                              BTW here to extend my network to the two bedside nightstands (each with a POE touchscreen) used the old very small 3Com Intellijack. Today these are managed POE Gb switches and very small.

                              Did a new picture showing two APs, switch and tomato router connectivity. For testing AP footprints I would do a quickie radio survey. There are plenty of free applications out there that do that today. Tuning the Tomato AP radio with the Unifi radio for roaming shouldn't be a big deal. That said two Unifi radios might work better if the current Unifi AP doesn't cover the whole house. The built in tools for the UniFi AP are very good for this sort of stuff.

                              [ATTACH]58989[/ATTACH]
                              Last edited by Pete; January 19, 2017, 07:37 PM.
                              - Pete

                              Auto mator
                              Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                              Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                              HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                              HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                              HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                              X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                              Comment


                                As you will say, never stop learning. I'm doing it more to learn than anything else, I agree with you I could use tomato for guest but what is the fun of it if I will never learn how to do vlan, after that the possibilities are endless.
                                You have been very kind, thanks for all your help Pete.

                                Sent from my SM-G935V using Tapatalk

                                Comment

                                Working...
                                X