Deploying Archer C7 AC1750 As A VLAN-aware Managed Switch

Home » Archer C7 Vlan Support » Deploying Archer C7 AC1750 As A VLAN-aware Managed Switch

Maybe your like

  • Professional
  • Support
  • Community
  • Contact
  • Imprint
  • Privacy Policy
  • Forum
  • Wiki
  • Donations
  • Bugtracker
  • Imprint
  • Privacy Policy
  • DD-WRT
  • Community
  • Contact
  • Donations
  • Forum
  • Wiki
  • Bugtracker
  • Imprint
  • Privacy Policy
Quick Links Log in Profile View unanswered posts

Log in

Username: Password: Log me on automatically each visit

Deploying Archer C7 AC1750 as a VLAN-aware managed switch

Post new topic Reply to topic DD-WRT Forum Index -> Qualcomm Atheros based Hardware
View previous topic :: View next topic
Author Message
ndejayDD-WRT NoviceJoined: 10 Jan 2021Posts: 3
PostPosted: Sun Jan 10, 2021 20:01 Post subject: Deploying Archer C7 AC1750 as a VLAN-aware managed switch Reply with quote
Hi everyone, I'm completely new to networking and this is my first time dabbling with DD-WRT, pfSense and it's been a ton of fun! I have a home network setup as follows: Modem -> pfSense -> Ubiquiti UniFi Switch -> Ubiquiti UniFi Access Point. I have the following VLANs set up: - default VLAN: management purposes (192.168.1.0/24) - VLAN 20: me (192.168.20.0/24) - VLAN 30: girlfriend - VLAN 40: neighbours - VLAN 50: guest + IoT The switch has all ports set as tagged trunks, since all my physical machines are running Proxmox VE which spin up virtual machines that are assigned to one or more VLANs. The access point broadcasts three SSIDs per band (2.4 Ghz and 5 Ghz), each of which corresponds to one of VLANs 30, 40, 50. I verified that this all works as desired. Goal: My goal is to repurpose an old TP-Link Archer C7 AC1750 to serve as a managed switch, that I would connect to the UniFi switch. I am struggling to set up the Archer C7 1750 as a switch. Eventually, I'd like for the Archer C7 to serve as an access point (serving the same three SSIDs), which to my understanding involves creating VAPs and bridging them with the VLANs. The device is a TP-Link Archer C7 AC1750 hardware v2, with the following hardware details according to the OpenWRT Wiki (https://openwrt.org/toh/tp-link/archer-c7-1750): - Network switch: Atheros AR8327N (which is aparently VLAN-aware) - WLAN hardware: Qualcomm Atheros QCA9558, Qualcomm Atheros QCA9880-BR4A I flashed the DD-WRT build 45385 (K3.10+) according to the DD-WRT Wiki (https://wiki.dd-wrt.com/wiki/index.php/TP_Link_Archer_C7) and configured it using a (VLAN-unaware) laptop connected to LAN port 1: - Setup > Basic Setup > Disable WAN connection, assign WAN port to switch, disable the DHCP server, set local IP address to 192.168.1.13/24 (default VLAN management subnet). - Setup > Advanced Routing > Operating Mode to "Routing" - Services > Services > Disable DNSMasq - Security > Disable SPI Firewall Based on the output of nvram show, as explained on DD-WRT Wiki (https://wiki.dd-wrt.com/wiki/index.php/Switched_Ports), I have understood that: - port 0 is for WAN - ports 1-4 for LAN - port 5 for CPU - vlan 0 is the LAN network - vlan 1 is the WAN network
Code:
root@archer-c7:~# nvram show | grep vlan.*ports | sort size: 30401 bytes (35135 left) vlan0ports=1 2 3 4 5* vlan1ports=0 5 root@archer-c7:~# nvram show | grep port.*vlans | sort size: 30401 bytes (35135 left) port0vlans=2 port1vlans=1 port2vlans=1 port3vlans=1 port4vlans=1 port5vlans=1 2 16 root@archer-c7:~# nvram show | grep vlan.*hwname | sort size: 30401 bytes (35135 left) vlan0hwname=et0 vlan1hwname=et0 root@archer-c7:~#
Question #1. Based on this output, do VLANs use 0-based indexing in vlan.*ports keys but 1-based indexing in port*vlans values? I would like to achieve this configuration: - Port 0 (WAN): unused - Port 1: I would like be able to access the management (default) VLAN using a VLAN-unaware device. - Port 2: trunk port for all VLANs - I will connect my UniFi switch to this port. - Port 3: trunk port for all VLANs - I will connect a VLAN-aware Proxmox VE here. - Port 4: trunk port for all VLANs So I put together these commands, where eth0 is presumably the interface the CPU sees as the switch:
Code:
nvram set vlan20hwname=et0 nvram set vlan30hwname=et0 nvram set vlan40hwname=et0 nvram set vlan50hwname=et0 # t=trunk u=untagged nvram set vlan0ports="1u 2t 3t 4t 5*" nvram set vlan20ports="2t 3t 4t 5" nvram set vlan30ports="2t 3t 4t 5" nvram set vlan40ports="2t 3t 4t 5" nvram set vlan50ports="2t 3t 4t 5" # 16=tagged nvram set port0vlans="2 16" nvram set port1vlans="1" nvram set port2vlans="1 20 30 40 50" nvram set port3vlans="1 20 30 40 50" nvram set port4vlans="1 20 30 40 50" nvram set port5vlans="1 2 20 30 40 50 16" nvram commit /sbin/vconfig add eth0 20 /sbin/vconfig add eth0 30 /sbin/vconfig add eth0 40 /sbin/vconfig add eth0 50 /sbin/ifconfig vlan20 up /sbin/ifconfig vlan30 up /sbin/ifconfig vlan40 up /sbin/ifconfig vlan50 up /sbin/ifconfig vlan20 txqueuelen 1000 /sbin/ifconfig vlan30 txqueuelen 1000 /sbin/ifconfig vlan40 txqueuelen 1000 /sbin/ifconfig vlan50 txqueuelen 1000 reboot
Unfortunately after rebooting the device, the laptop connected to LAN port 1 is unable to contact the device at its IP 192.168.1.13 (ssh, ping, telnet). Fortunately, I have a backup from just before monkeying around with the nvram so I easily rollback by resetting to factory default and restoring the backup. Question #2: However, I clearly did something wrong with the VLAN configuration. Does anybody where/how I messed up and how to achieve the desired configuration? Sorry for the lengthy post, I am really new to all of this. Any help is greatly appreciated!
Back to top View user's profile Send private message
Sponsor
Per Yngve BergDD-WRT GuruJoined: 13 Aug 2013Posts: 7121Location: Romerike, Norway
PostPosted: Sun Jan 10, 2021 21:23 Post subject: Reply with quote
You don't use nvram variables. That's Broadcom. Start with the output of swconfig dev switch0 show
Back to top View user's profile Send private message
ndejayDD-WRT NoviceJoined: 10 Jan 2021Posts: 3
PostPosted: Mon Jan 11, 2021 15:38 Post subject: Reply with quote
Oh! I totally missed that in the introduction of the Wiki (https://wiki.dd-wrt.com/wiki/index.php/Switched_Ports).
Code:
root@archer-c7:~# swconfig dev switch0 show Global attributes: enable_vlan: 0 enable_mirror_rx: 0 enable_mirror_tx: 0 mirror_monitor_port: 0 mirror_source_port: 0 disable_all_leds: ??? arl_age_time: 300 arl_table: address resolution table Port 0: MAC 30:b5:c2:84:7d:2b Port 2: MAC 00:1f:f3:4e:d3:6c Port 6: MAC 30:b5:c2:84:7d:2b Port 6: MAC 00:1f:f3:4e:d3:6c igmp_snooping: 0 igmp_v3: 1 Port 0: mib: ??? enable_eee: ??? igmp_snooping: 0 vlan_prio: 0 pvid: 1 link: port:0 link:up speed:1000baseT full-duplex txflow rxflow Port 1: mib: ??? enable_eee: 0 igmp_snooping: 0 vlan_prio: 0 pvid: 2 link: port:1 link:down Port 2: mib: ??? enable_eee: 0 igmp_snooping: 0 vlan_prio: 0 pvid: 1 link: port:2 link:up speed:1000baseT full-duplex txflow rxflow auto Port 3: mib: ??? enable_eee: 0 igmp_snooping: 0 vlan_prio: 0 pvid: 1 link: port:3 link:down Port 4: mib: ??? enable_eee: 0 igmp_snooping: 0 vlan_prio: 0 pvid: 1 link: port:4 link:down Port 5: mib: ??? enable_eee: 0 igmp_snooping: 0 vlan_prio: 0 pvid: 1 link: port:5 link:down Port 6: mib: ??? enable_eee: ??? igmp_snooping: 0 vlan_prio: 0 pvid: 2 link: port:6 link:up speed:1000baseT full-duplex txflow rxflow VLAN 1: vid: 1 ports: 0 2 3 4 5 VLAN 2: vid: 2 ports: 1 6
By testing connecting a computer to each of the ports, I resolved the port mapping: - port 1: WAN - port 2-5: LAN
Back to top View user's profile Send private message
ndejayDD-WRT NoviceJoined: 10 Jan 2021Posts: 3
PostPosted: Mon Jan 11, 2021 18:52 Post subject: Reply with quote
I want to achieve: - All ports are trunk ports, with native VLAN set to the default VLAN (pvid 1). I am assuming that: - Port 6 is the CPU port. - Primary VLAN in these instructions (https://openwrt.org/docs/techref/swconfig) means native VLAN. Basing myself on these resources for swconfig usage: - https://github.com/openwrt/packages/issues/5431 - https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1087291 - https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=883398 - https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=309654&postdays=0&postorder=asc&start=15 - resources - https://github.com/openwrt/packages/issues/5431 - https://openwrt.org/docs/techref/swconfig - https://wiki.dd-wrt.com/wiki/index.php/Startup_Scripts I came up with the following:
Code:
nvram set rc_startup=" # |0| |1| |2|3|4|5| |6| # ^ ^ ^ # WAN LAN CPU? # Reset config swconfig dev switch0 set reset 1 swconfig dev switch0 set enable_vlan 1 # Configure vlan members swconfig dev switch0 vlan 1 set vid 1 swconfig dev switch0 vlan 1 set ports '1t 2t 3t 4t 5t 6t' swconfig dev switch0 vlan 20 set vid 20 swconfig dev switch0 vlan 20 set ports '1t 2t 3t 4t 5t 6t' swconfig dev switch0 vlan 30 set vid 30 swconfig dev switch0 vlan 30 set ports '1t 2t 3t 4t 5t 6t' swconfig dev switch0 vlan 40 set vid 40 swconfig dev switch0 vlan 40 set ports '1t 2t 3t 4t 5t 6t' swconfig dev switch0 vlan 50 set vid 50 swconfig dev switch0 vlan 50 set ports '1t 2t 3t 4t 5t 6t' # Configure native VLANs (primary VLAN?) on each port swconfig dev switch0 port 1 set pvid 1 swconfig dev switch0 port 2 set pvid 1 swconfig dev switch0 port 3 set pvid 1 swconfig dev switch0 port 4 set pvid 1 swconfig dev switch0 port 5 set pvid 1 swconfig dev switch0 set apply 1 # Put VLANs up ifconfig eth0 up ifconfig eth1 up vconfig set_name_type VLAN_PLUS_VID_NO_PAD vconfig add eth0 1 vconfig add eth0 20 vconfig add eth0 30 vconfig add eth0 40 vconfig add eth0 50 ifconfig vlan 1 up ifconfig vlan 20 up ifconfig vlan 30 up ifconfig vlan 40 up ifconfig vlan 50 up # Create bridges brctl addbr br1 brctl addif br1 vlan1 brctl addbr br20 brctl addif br20 vlan20 brctl addbr br30 brctl addif br30 vlan30 brctl addbr br40 brctl addif br40 vlan40 brctl addbr br50 brctl addif br50 vlan50 # Configure IPs to each bridge on its respective subnet ifconfig br1 192.168.1.1 netmask 255.255.255.0 ifconfig br20 10.0.20.13 netmask 255.255.255.0 ifconfig br30 10.0.30.13 netmask 255.255.255.0 ifconfig br40 172.31.40.13 netmask 255.255.255.0 ifconfig br50 172.31.50.13 netmask 255.255.255.0 # Put bridges up ifconfig br1 up ifconfig br20 up ifconfig br30 up ifconfig br40 up ifconfig br50 up " nvram commit
However, I locked myself out of the Archer C7 again. Does anybody know what I'm doing wrong by any chance? Thanks!
Back to top View user's profile Send private message
userroxDD-WRT NoviceJoined: 11 May 2019Posts: 15
PostPosted: Thu Jan 28, 2021 4:31 Post subject: Archer C7 V2 VLANs Reply with quote
I recently setup one of the LAN ports as a trunk port on my Archer C7 V2 running r44627. I also would get locked out, but found some workarounds in this post:- https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1219973 I was sometimes able to login using mactelnet. I now have the WAN port in vlan 5 and the other three LAN ports in vlan 1. Having the additions to the firewall script prevents me from being locked out each time I apply settings. Startup script: Code: swconfig dev switch0 set enable_vlan 1 swconfig dev switch0 vlan 1 set ports "0t 2 3 4 5t" swconfig dev switch0 vlan 2 set ports "" swconfig dev switch0 vlan 5 set ports "0t 1 5t 6t" swconfig dev switch0 vlan 7 set ports "0t 5t" swconfig dev switch0 vlan 9 set ports "0t 5t" swconfig dev switch0 set apply sleep 1 vconfig add eth0 5 vconfig add eth0 7 vconfig add eth0 9 ifconfig vlan5 up ifconfig vlan7 up ifconfig vlan9 up ifconfig vlan5 txqueuelen 1000 ifconfig vlan7 txqueuelen 1000 ifconfig vlan9 txqueuelen 1000 ifconfig vlan5 192.168.5.10 netmask 255.255.255.0 ifconfig vlan7 192.168.7.10 netmask 255.255.255.0 ifconfig vlan9 192.168.9.10 netmask 255.255.255.0 vconfig add eth1 1 vconfig add eth1 5 vconfig add eth1 7 vconfig add eth1 9 brctl addif br0 eth1.1 brctl delif br0 eth1 brctl delif br0 eth0 brctl addif br1 eth0.5 brctl addif br1 eth1.5 brctl addif br2 eth1.7 brctl addif br3 eth1.9 ifconfig eth1.1 up ifconfig eth0.5 up ifconfig eth1.5 up ifconfig eth1.7 up ifconfig eth1.9 up ifconfig eth0.2 down ifconfig eth0.7 down ifconfig eth0.9 down ifconfig eth0.5 down Firewall script: Code: brctl addif br0 eth1.1 brctl delif br0 eth1 brctl delif br0 eth0 brctl addif br1 eth0.5 brctl addif br1 eth1.5 brctl addif br2 eth1.7 brctl addif br3 eth1.9 ifconfig eth1.1 up ifconfig eth0.5 up ifconfig eth1.5 up ifconfig eth1.7 up ifconfig eth1.9 up ifconfig eth0.2 down ifconfig eth0.7 down ifconfig eth0.9 down ifconfig eth0.5 down
Back to top View user's profile Send private message
AlozarosDD-WRT GuruJoined: 16 Nov 2015Posts: 7085Location: UK, London, just across the river..
PostPosted: Thu Jan 28, 2021 7:39 Post subject: Reply with quote
userrox it seems as a messy set up, that's why you get locked out... you dont need those in firewall script at all.. as well those commands in start script need to be revised...but ill leave that to you...many useful threads for Vlans on Atheros routers in the forum... have a look around... setting VLANs, it takes time patience and understanding once you made it, its easy..._________________Atheros TP-Link WR1043NDv2 -DD-WRT 62606 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas Qualcomm-Atheros Netgear XR500 -DD-WRT 63600 GTW/SmDNS/DoT,AD-Blk,Forced DNS,AP&Net Isolation,x2VLAN,Vanilla Netgear R7800 --DD-WRT 62606 Gateway/DNSCryptv2,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla,VPN cli Netgear R9000 --DD-WRT 62606 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla Dynalink DL-WRX36-DDWRT 62606 Broadcom Netgear R7000 --DD-WRT 63600 GTW/DNScrypt-proxy2/AD-Block,IPset Firewall,Forced DNS,x4VLAN,VPN cli NOT USING 5Ghz ANYWHERE ------------------------------------------------------ Stubby DNS over TLS I DNSCrypt v2 by mac913
Back to top View user's profile Send private message
Per Yngve BergDD-WRT GuruJoined: 13 Aug 2013Posts: 7121Location: Romerike, Norway
PostPosted: Thu Jan 28, 2021 8:22 Post subject: Reply with quote
vlan 5 have two CPU ports (0 and 6)
Back to top View user's profile Send private message
userroxDD-WRT NoviceJoined: 11 May 2019Posts: 15
PostPosted: Fri Jan 29, 2021 2:44 Post subject: Reply with quote
Thank you for the feedback, I agree it looks messy. I updated the vlan 5 ports in the startup. code: swconfig dev switch0 set enable_vlan 1 swconfig dev switch0 vlan 1 set ports "0t 2 3 4 5t" swconfig dev switch0 vlan 2 set ports "" swconfig dev switch0 vlan 5 set ports "1 5t 6t" swconfig dev switch0 vlan 7 set ports "0t 5t" swconfig dev switch0 vlan 9 set ports "0t 5t" swconfig dev switch0 set apply sleep 1 vconfig add eth0 5 vconfig add eth0 7 vconfig add eth0 9 ifconfig vlan5 up ifconfig vlan7 up ifconfig vlan9 up ifconfig vlan5 txqueuelen 1000 ifconfig vlan7 txqueuelen 1000 ifconfig vlan9 txqueuelen 1000 ifconfig vlan5 192.168.5.10 netmask 255.255.255.0 ifconfig vlan7 192.168.7.10 netmask 255.255.255.0 ifconfig vlan9 192.168.9.10 netmask 255.255.255.0 vconfig add eth1 1 vconfig add eth1 5 vconfig add eth1 7 vconfig add eth1 9 brctl addif br0 eth1.1 brctl delif br0 eth1 brctl delif br0 eth0 brctl addif br1 eth0.5 brctl addif br1 eth1.5 brctl addif br2 eth1.7 brctl addif br3 eth1.9 ifconfig eth1.1 up ifconfig eth0.5 up ifconfig eth1.5 up ifconfig eth1.7 up ifconfig eth1.9 up ifconfig eth0.2 down ifconfig eth0.7 down ifconfig eth0.9 down ifconfig eth0.5 down
Back to top View user's profile Send private message
Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First Page 1 of 1
Post new topic Reply to topic DD-WRT Forum Index -> Qualcomm Atheros based Hardware All times are GMT
Navigation
Jump to: Select a forum Forum Rules and Guidelines----------------Forum Rules and Guidelines EnglishForum Regeln and Anleitungen DeutschПравила форума и рекомендации: Russian DD-WRT (English)----------------AnnouncementsQualcomm Atheros based HardwareBroadcom SoC based HardwareGeneral QuestionsARM or PPC based HardwareMarvell MVEBU based Hardware (WRT1900AC etc.)Managed Switches based on Realtek RTL83xx PlatformSenao DevicesUbiquiti DevicesRalink SoC based HardwareX86 based HardwareBroadcom Customer Downloads & UpdatesAdvanced NetworkingSearch & Find, Sales & OffersHardware DIY / Hardware Mods DD-WRT (Deutsch)----------------AnkündigungenQualcomm Atheros basierende HardwareBroadcom SoC basierende HardwareAllgemeine FragenARM oder PPC basierte HardwareX86 basierende HardwareRalink SoC basierte Hardware DD-WRT (Español)----------------AnunciosHardware basado en AtherosHardware basado en Broadcom DD-WRT (Communauté francophone)----------------Annonces OfficiellesQuestions généralesMatériels à base de BroadcomMatériels à base de AtherosMatériels à base de RalinkLe Bistrot DD-WRT (Russian)----------------ОбъявленияИспользование и установка DD-WRT Оборудование на основе Atheros WiSOCОборудование на основе BroadcomОборудование на основе X86 / WRAP / Soekris Личные покупки и продажи Устройства Ubiquiti Оборудование на основе RalinkDD-WRT по-русски Development----------------Generic QuestionsContributions Upload
You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou cannot download files in this forum

Quick Links

Log in Profile View unanswered posts

Log in

Username: Password: Log me on automatically each visit Powered by phpBB © 2001, 2005 phpBB Group © 2022 EmbeDD GmbH

Tag » Archer C7 Vlan Support