1. pedro Avatar pedro
  2. FreshTomato
  3. freshtomato-arm
  4. Issues

new vlan config: bummer/blocker with WAN-vlan config (tagged/untagged)

Issue #115 resolved
TheHiman created an issue

After the changes to the NEW VLAN-Setup there is now a blocker at the vlan config-menu:
Only ONE (tagged/untagged) vlan is now allowed for WANx-Bridge!

This brings now an issue in combination with a userscript where a.) a 2nd (tagged/untagged) VLAN is needed at the WAN-Port
on the SAME WANx-Bridge - this was working before all the years.
b.) for most DSL-Modems there is an untagged “management” vlan present on the modem which mostly can be configured
with a user script. The same problem here:

To make it work, it must be again possible to make a basic bridge-setup with MORE then one tagged/untagged vlan
on any WAN-Port.

Having more then 1 vlan on the vlan-setup was never an issue in the past - now it is via web configure options.

In my case i need an untagged vlan (internaly configured as “VLAN2”) with an own ip-range in 192.x.x.x for manage the modem THROUGH the wan-Port - ip-setup and routing is made by a user-script - but it needs before are a working basic bridge-config.
The 2nd vlan is the tagged VLAN7 for having PPPoE Access to the DSL-line itself.
In some business-configurations can be MORE then 1 tagged vlan existing, like typicly in Austria another tagged VLAN
for VoIP ISP-Internal traffic is in use at the DSL-side - so this needs to be configurable, too on vlan setup.

Please remove the limit for set a maximum of just 1 vlan at the WAN port for any type of configuration, like it was in the past to habe have again full bridge access to all existing VLANs to the device hanging on the WAN-Port.

The actual option to give a WAN-Modem an ip by changing the default “0.0.0.0”-Management with an ip is mostly useless, because the Modem itself basicly like access to dns, a natted default route and mostly snmp and ntp services. This was never provided on the basic page. For that reason i have a 2nd untagged vlan on the wan port and a usefull MASQUERADE-Setup and give the modem some basic access to the outsideworld, So the modem have support for sending monitoring emails, have valid systemtime, can use syslogservers and anyway can resolve dns by just using the Tomato Router internaly when pppoe-seession is up.

Actualy to overcome this issue, a manual NVRAM config is nessessary to have the old behavior still working - which render the new based setup and make it unusable further…

Comments (7)

  2. TheHiman reporter

    I make a note on his repo. Tx for Info…

    But you really should revert all this new forcements of any type of port/vlan config-options. Many old working configurations are now broken.
    Anyway “saving config”, because of the javascript-error, is no longer possible. There was so much graphic change/replace work in the tri-state, which makes it very hard to revert just smaller commits to bring all enforcement-changes back to the state before.

    So now it´s time to only can change/configure bridge setups by nvram-tool with telnet/ssh 😞 - no new limits here 😉

  5. TheHiman reporter

    It actualy a little different, because i have two setups, but basicly i use
    for vlan1 3 LAN-ports untagged (default) and have LAN4 as tagged port and the entire VLAN1 as default vlan setted.
    vlan2 i add to the bridge untagged with only the WAN-Port added UNTAGGED - the interface config i make with firewall custom-script to have access to the management of the WAN-Port Modem and give them NATTed/DNSMasq access to some outside services (dns, ntp, smtp, snmp, etc.)
    vlan7 is mapped TAGGED only to WAN-Port and added to WAN0-bridge only for the VDSL.
    some more vlans, like 10,11 and 12 are only used for br1 and br2 and used for WLAN but include LAN4 tagged.

    So basicly LAN4 have the vlans 1,10,11 and 12 TAGGED, LAN1-3 have only VLAN1 untagged.

    In another setup i have vlan3 + custom script added and map this only to the LAN3-Port untagged+VLAN4 tagged - for have a modem-mgmt connection via a 2nd cable-setup in use. Problem here is that the bridge-Port from the modem itself have no mgmt active and acts only as pure VDSL-Bridge. The mgmt is accessable via the other LAN-Ports on the modem itself - but here without the bridge-option. So this solution works with 2 cables to one modem, which is a cleaner setup, because the VDSL-Bridge speaks only PPPoE and the MGMT-Ports only have access to the modem itself.

    This configuration works since many years without any problems with Cisco, Extreme Networks, D-Link, Netgear and TP-Link Switches added to the LAN4 Port.

  7. TheHiman reporter

    Here is just one of these samples. As you can see, there are a lot of combinations possible tagged/untagged with all ports.
    Just the new LAN0 - LAN3 internal named - instead LAN1 to LAN4 renaming is curious for me 🙂

  8. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!