An Accepted Solution is available for this post.
Actiontec MI424WR-GEN3I VLAN egress not removing tagging
Bonte
Newbie
‎10-13-2014 08:00 PM

Greetings,

First, let me point out that this question relates to an UNSUPPORTED configuration of the Verizon FiOS Actiontec router. No need to remind me that this is unsupported, I am very well aware of that.  I am by making this post to see if anyone else has validated this issue OR can offer a work-around to this configuration. If anything is unclear, please let me know!

I had the idea a while back after reviewing the extensive capabilities of the Actiontec router to configure a single GigE port on the router to bridge TWO separate VLANs utilizing VLAN tagging (802.1Q). This would allow me to use a single port to bridge the Broadband Coax connection to one VLAN while simultaneously using a second VLAN which would be tagged on this same port but configured as the PVID on the other ethernet ports.

Basically, this allows me to use a single port connected to a pfSense router to accomplish WAN & LAN functionality, saving from having to power on a managed switch OR by using non-VLANs and going with a traditional "dual interface" approach. This is a novelty at best, I am currently bridging using dual interfaces, but I wanted to give this a shot to see if I could get this interesting configuration a go!

The configuration would look something like this:

Switch ports

  1 - 3 Untagged VLAN 1 (Tag on ingress, untag on egress) (PVID 1)

  4     Tagged VLAN 1 & 2 (Do not tag on ingress, to not untag on egress)

Bridge (WAN)

  Ethernet VLAN 2 (Port 4 above)

  Broadband Coax (WAN)

In this configuration, VLAN 2 would be tagged exiting port 4 on the switch and go into a router (pfSense etc) that would be set up with its WAN configuration on VLAN 2. This router would also be set up with its LAN connection on VLAN 1 where it would serve out IPs etc and handle NAT/firewall etc.

What I had determined from extensive testing is that no configuration I could come up with would properly UNTAG the tagged traffic when leaving the other ports 1 - 3. When running wireshark and looking at the packets, the traffic tagged as VLAN 1 on port 4 REMAINS tagged when exiting ports 1-3, this is unintentional and causes this configuration to not work.

Any thoughts, ideas?

Thanks!

Bonte

0 Likes
Reply