This is a guide to setup 4 virtual lans mapping to the 4 indiviual ports on the wrt350 router using dd-wrt system. the dd-dwt version used is v24RC6
Note that the model described in the wiki page may not be the one used in lab, so the settings on ports may be different. nvram show | grep (vlan1) command can be used to probe the original setting. For wrt350 router, the default vlan is vlan1 (lan) and vlan2(Wan) insead of vlan0 and vlan1 described in the wiki.
In this guide, the four ethernet ports of the router are seperated into four vlans (vlan1, vlan3,vlan4 and vlan5 respectively, vlan2 is for WAN)
Different IP ranges and DHCP services have been set up on the four vlans, the IP ranges are listes as following, this can be changed accordingly in future setup by changing the respective lines in the steps guide:
vlan1:192.168.10.1 netmask 255.255.255.0
vlan3:192.168.11.1 netmask 255.255.255.0
vlan4:10.0.10.1 netmask 255.255.255.0
vlan5:10.0.11.1 netmask 255.255.255.0
Detailed steps:
1. connect to router Wrt350(named ecklie) though ssh
2. in the command prompt type the following command, including the ' sign:
nvram set vlan1ports="1 8*"
nvram set vlan3ports="2 8*"
nvram set vlan4ports="3 8*"
nvram set vlan5ports="4 8*"
nvram set vlan0hwname=et0
nvram set vlan3hwname=et0
nvram set vlan4hwname=et0
nvram set vlan5hwname=et0
nvram set rc_startup='
#!/bin/ash
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"
ifconfig vlan1 192.168.10.1 netmask 255.255.255.0
ifconfig vlan3 192.168.11.1 netmask 255.255.255.0
ifconfig vlan4 10.0.10.1 netmask 255.255.255.0
ifconfig vlan5 10.0.11.1 netmask 255.255.255.0
ifconfig vlan1 up
ifconfig vlan3 up
ifconfig vlan4 up
ifconfig vlan5 up
'
nvram set rc_firewall='
iptables -I INPUT -i vlan1 -j ACCEPT
iptables -I FORWARD -i vlan1 -o vlan2 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan1 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan1 -j logdrop
iptables -I INPUT -i vlan3 -j ACCEPT
iptables -I FORWARD -i vlan3 -o vlan2 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan3 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan3 -j logdrop
iptables -I INPUT -i vlan4 -j ACCEPT
iptables -I FORWARD -i vlan4 -o vlan2 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan4 -o ppp0 -m state --stete NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan4 -j logdrop
iptables -I INPUT -i vlan5 -j ACCEPT
iptables -I FORWARD -i vlan5 -o vlan2 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan5 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan5 -j logdrop
'
nvram commit
If a subset of vlans need to connect with each other, the firewall settings should allow the connection. In the following example, vlan1 and vlan 5 are configured to allow access from each other.
nvram set rc_firewall='
iptables -I INPUT -i vlan1 -j ACCEPT
iptables -I FORWARD -i vlan1 -o vlan2 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan1 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -s 192.168.19.0/24 -d 192.168.10. -j ACCEPT
iptables -I INPUT -i vlan3 -j ACCEPT
iptables -I FORWARD -i vlan3 -o vlan2 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan3 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan3 -j logdrop
iptables -I INPUT -i vlan4 -j ACCEPT
iptables -I FORWARD -i vlan4 -o vlan2 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan4 -o ppp0 -m state --stete NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan4 -j logdrop
iptables -I INPUT -i vlan5 -j ACCEPT
iptables -I FORWARD -i vlan5 -o vlan2 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan5 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -s 10.0.11.0/24 -d 192.168.10.0/24 -j ACCEPT
'
3. Exit ssh and goto the gui console by typing 192.168.1.1(or any other router ip) in an internet browser.
Go to Setup->VLANS, uncheck port2, 3, 4 of vlan0 and check port2 of vlan3, port3 of vlan4 and port 4 of vlan5 and click save. There might be a prompt asking for login, using the root name and password of the router the default is root and password is admin
(Note. may be due to a bug, the vlan0 here is actually vlan1 and vlan1,2,3,4 are vlan2,3,4,5 of the previous setup!)
The settings in this setup is like this:
Next step is to set up dhcp : Go to Services --> Services, copy and paste the following command and click save, make sure DNSMasq and LocalDNS option are both enabled.
The format for dhcp-range command is dhcp-range=<vlan name>,<starting ip>,<ending ip>,<subnet mask>,<leasetime>
interface=vlan3
dhcp-range=vlan3,192.168.11.150,192.168.11.255,255.255.255.0,24h
interface=vlan4
dhcp-range=vlan4,10.0.10.2,10.150.10.255,255.255.255.0,24h
interface=vlan5
dhcp-range=vlan5,10.0.11.2,10.150.11.255,255.255.255.0,24h
dhcp-option=net:vlan3,2,192.168.11.1
dhcp-option=net:vlan4,3,10.0.10.1
dhcp-option=net:vlan5,4,10.0.11.1
The DHCP settings of vlan1 can only be setted by the DHCP service of the web conslole, go to Setup->Basic setup and the settings are under Network setup and Network Address Server Settings (DHCP). In this setup it should like:
4. If all the steps are compeleted, go to Administration column and click reboot. After reboot the router, the network should have 4 seperate vlans for the 4 network ports. it can be checked by login to ssh and use ifconfig command.
