VLAN on ISP connection

Hello,

I want to use my Hap AC as router.
ISP VLAN’s:

• 100 = management
• 300 = internet
• 640 = iptv

IPTV is working, created vlan 640 on the wan-port and put ether3 in the same bridge.
Internet is on vlan300. how do i get this working on the wan-port?

greetz
Colin

The most straightnforward way, but with some limitations which might bite you in the future, would be this:

• keep ether1 (ISP) off any bridge at all costs
• create needed vlan interfaces off the ether1 - you probably already created one for VLAN 640 so you need to add one for VLAN 300 and possibly one for VLAN 100.
• you probably already have a bridge for IPTV with member interfaces VLAN640 and ether3. Remove interface ether3 from interface list LAN
• add (or move it from plain ether1 if it’s still there) WAN configuration (either DHCP client or static IP or PPPoE or whatever appropriate) to VLAN300 interface. Add VLAN300 interface to the interface list WAN (it is heavily used by default firewall rules)
• configure LAN … probably a separate bridge with member interfaces ether2,4,5 …

You might find out that performance gets capped in which case you’ll have to go the way mentioned below.

The more versatile way would be to use single bridge with VLAN filtering enabled - read about it in this tutorial. If you go this way, you might find out that performance gets capped, in that case you’ll want to convert this setup to one which utilizes switch chip for VLAN operations (but it’s messy and you have to understand VLANs to do it properly; it is si,ilar to the bridge concept though).

Hello mkx,

I made a test setup and you method is working
Next week when i am back home i will test it there.

Manny thanks!

Grtz
Colin

Hello @Colin

Can I ask you a favor if possible?
Can you share your configuration, to see if I can adjust to my case?

Thank you.
Regards.
Nogueira

@mkx am trying to think how we could avoid the creation of 2 Bridges but i can’t find something…

I don’t see where’s the problem?

Just a more tidy configuration… I never said there is a problem, relax @mkx

Well, to make my own statement more clear: I’m all for single bridge. So I wonder where’s the problem requiring second bridge?

After 5 weeks of working from home I’m as relaxed as could be

@mkx,The eth1 port as you said can be configured with VLAN VIDs 100,300 and 640 under /interface VLAN…
Then we can create 1 Bridge with ports 2,3,4,5 and vlan640 (VID 640)
Next we create an Interface VLAN e.g. 10 on the Bridge for the home network
Set PVID 10 on ports 2,4 and 5
Configure IP address for VLAN10, DHCP for VLAN10, Bridge VLAN and enable filtering…

@Zacharias, my suggestion was strictly for shown configuration which implies use of 3 ether ports (one for WAN, one for IPTV and one for LAN). Sure, if one wants to use 4 ports switched/bridged, then the config I proposed is not the best … in that case I’d use single bridge which would include ether1 port as well … and work with VLANs exclusively.

I have a question, if I may, please?

How will the suggested solution change, if:

1. Internet line from ISP is untagged, but only IPTV VLAN is tagged.
2. IPTV VLAN should pass through the router (or router and switches) up to STB.
3. There should be a switch connected to router’s eth4 and the IPTV and LAN broke up in that switch (I assume eth4 on the router being trunk port)?

Something similar to this:

                                           <HEX>                                               <HAP>

  internet: untagged             +-- DHCP Server + NAT --+           LAN: untagged               +---[eth2-4]-- LAN devices + WLANs
=========================[eth1] -+                       +- [eth2]=======================[eth1]--+
  iptv: tagged VLAN 949          +-- VLAN passthorugh ---+         iptv: tagged VLAN 949         +---[eth5]-- STB, IP from ISP, untagged

Thanks very much for an advice.