[windyboi]

Hi all,

I'm rather struggling to set up VLANs properly, having had to factory reset DD-WRT three times now I'm asking for some much needed help!

Firstly, my setup and what I am trying to achieve:

pfSense -> Netgear R7000 DD-WRT (access point / switch only)

I have created four VLAN's on the LAN interface of pfSense
VLAN11
VLAN12
VLAN13
VLAN14

I have five ports on my R7000 including the WAN. Three ports are used for network devices and I would like to tag a VLAN to each of those, one port is used to connect to pfSense, and I have 1 port spare for future expansion. I have also created two new SSID's so I have a total of 3 SSIDs which will all be on separate VLANs

I've tried to follow the instructions here to no avail https://forum.pfsense.org/index.php?topic=43147.0

I'm rather confused by what exactly I need to specify in the Setup -> VLANS and the Setup -> Networking to get this to work. Would really appreciate help getting me on track

Thank you

[Per Yngve Berg]

Post the output of "nvram show | grep vlan.*ports"

[windyboi]

[Per Yngve Berg]

There is no traces of VLAN 11-14 here. Did you set it up on the VLAN tab?

nvram set vlan11hwname=`nvram get vlan1hwname`
nvram set vlan12hwname=`nvram get vlan1hwname`
nvram set vlan13hwname=`nvram get vlan1hwname`
nvram set vlan14hwname=`nvram get vlan1hwname`

nvram set vlan1ports="1t 2t 3t 4 5"
nvram set vlan11ports="1t 2t 3t 5"
nvram set vlan12ports="1t 2t 3t 5"
nvram set vlan13ports="1t 2t 3t 5"
nvram set vlan14ports="1t 2t 3t 5"

nvram commit
reboot

[windyboi]

Hi there, thanks for your reply

Actually I had to factory reset dd-wrt twice now as I have tried to apply the settings and got myself locked out.

I don't really understand the exact settings I need to be able to achieve my desired outcome.

Is this right?

https://imgur.com/a/1M3EE

[Per Yngve Berg]

You are locked out of the admin of the router because VLAN1 is no longer present on the port your PC is connected to.

I had the impression that all VLANs should be tagged and present on the port connected to PFSense.

[windyboi]

Sorry I'm not really following. I'm really not sure what settings I need to put, hence this topic for help.

[Per Yngve Berg]

To which port is PFSense connected?

[windyboi]

pfSense connected on port 1, and I'd probably keep WAN port free for doing diagnostic directly with the dd-wrt router (if possible). port 2, 3, 4 have devices on my LAN

Thanks

[Per Yngve Berg]

The ports are labelled backwards, so port labelled 1 is port 4 in the chip. Port 0 is the WAN (not assigned to any VLAN in your screenshot). I have set it to VLAN1.

nvram set vlan11hwname=`nvram get vlan1hwname`
nvram set vlan12hwname=`nvram get vlan1hwname`
nvram set vlan13hwname=`nvram get vlan1hwname`
nvram set vlan14hwname=`nvram get vlan1hwname`

nvram set vlan1ports="0 1 2 3 4t 5"
nvram set vlan11ports="4t 5"
nvram set vlan12ports="4t 5"
nvram set vlan13ports="4t 5"
nvram set vlan14ports="4t 5"
nvram commit
reboot

[windyboi]

Ok, thanks

Is it best to do this on the backend and not in the GUI?

Do I need to set any bridges up or anything like that too in the Setup->Network tab?

I'm going to also want to map wifi SSIDs to some VLANs too
Thanks

[Per Yngve Berg]

Yes, you need a bridge to join a wifi snd VLAN interface.

[windyboi]

Ok, thanks

So if I run these commands, it will overwrite the config in the GUI? And then will I be able to access the DD-WRT through WAN port still incase things go wrong, to save me from doing hard reset with reset button?

[Per Yngve Berg]

Yes, all ports will work except the one PFSense is connected to.

[windyboi]

Thank you, so pfsense in this case is going to be the port that is physically furthest away from the WAN port on the R7000 or closest?