VLAN tag un-NATed WAN connection on DD-WRT

This is a followup to my Netgear WNR3500L, DD-WRT and TELUS IPTV post.

I am using 802.1q VLAN on my Netgear switch and NAT device running DD-WRT, my whole network is behind a NAT with a separate VLAN for my IPTV. I wanted to have the ability to give unfiltered (un-NATed) network access to certain devices in my household, without having to change any wires.

The solution? 802.1q VLAN tag the WAN VLAN on DD-WRT. It was really very simple, on the Netgear WNR3500L DD-WRT uses VLAN2 as the WAN VLAN (because of the way the internals of this particular Broadcom device work.)

I simply logged into the DD-WRT interface of the device, selected VLANS tab (from the Setup tab) and checked Port 4 (which is really Port 1 on my device, which I have plugged into my 24 port switch) as Tagged, then I restarted the device. Now when I want unfettered internet access to a virtual machine, or desktop I simply add the port (either on my Netgear NAT device or my switch as tagged) to VLAN 2 and it works!

Netgear WNR3500L, DD-WRT and TELUS IPTV

Why?

TELUS is shipping an Actiontec V1000H VDSL modem, wireless and NAT combination with HPNA support to customers now. I am with TELUS and have the Optik TV and Turbo 25 internet bundle. I found that the device has a number of issues such as broken UPnP support, wireless coverage is weak, and no USB support. I set out to replace the TELUS supplied solution with my own more flexible solution.

Remember, none of this is supported by TELUS so you are on your own if things break and you need support!

How?

I found a standalone Alcatel Cellpipe 7130 VDSL2 modem that works with TELUS VDSL2 service, and combined it with a Netgear WNR3500L running DD-WRT (svn15943-snow build.) This guide assumes that you generally know the inner workings of DD-WRT, and have already installed DD-WRT on your device.

Problems & Solutions

I ran into a number of issues, all which had easy fixes. The issues were both caused by how TELUS IPTV operates and flaws in the Netgear hardware:

  • DD-WRT would lock up when too many TVs were on in the household
  • If multicast traffic is disabled, TV will play for 30 seconds and then display the connection error on your STB (set top box)
  • Multicast traffic would be broadcasted over wireless, causing wireless to be unusable when TV was being watched
  • Netgear WNR3500L ports are backwards on the switch (Eg, Port 1 is Port 4 in DD-WRT)
  • The VLAN configuration screen in DD-WRT doesn't actually setup the device correctly

I will attempt to describe how I resolved the issues in this article.

Disable SPI Firewall on the Device

The Netgear WNR3500L (herein refered to as device), at 453Mhz in DD-WRT is simply not fast enough to handle the amount of IPTV (multicast, and otherwise) traffic that TELUS TV requires. To fix this issue, simply navigate to the Firewall tab (located under the Security tab) and select Disable for SPI Firewall.

Enable VLANs to limit multicast traffic to IPTV devices

First, you need to enable SSH or Telnet on your device. This can be accomplished under Services tab. Once you have enabled SSH, you may need to Reboot Router to have SSH access enabled. You can simply SSH to the device and setup the VLAN.

This guide assumes that you will use Ports 2 – 4 on the device for IPTV and no other purpose, and Port 1 for your computer (or switch.) We will setup IPTV on VLAN3 on the device. Keep in mind that the ports on the router are device backwards (eg. Port 1 on the back of the device is Port 4 in DD-WRT) as illustrated below.

Physical 1 2 3 4
Virtual 4 3 2 1

In SSH on the device, enter the following commands

nvram set vlan3ports="1 2 3 8*"
nvram set vlan1ports="4 8*"
nvram commit

Once you have completed these steps, you can navigate to the VLANs tab (located under the Setup tab) and setup your VLAN as follows:

Check the Tagged marks for 1-3 at the bottom of the selection and uncheck ports 1-3 on VLAN1 and check them on VLAN3. Your VLAN configuration screen should look somewhat similar to the one shown below after completion.

Ports are listed backwards; Port 4 on VLAN1 is really Port 1 on your device.

Once you have completed the VLANs configuration as listed above (or similar) select the Save button and navigate to the Networking tab (located under Setup tab.) You are now ready to assign an IP address for the device to this new VLAN you have configured.

On the Network Configuration vlan3 select the Unbridged radio button, enable Multicast Forwarding and Masquerade / NAT options for the VLAN. Enter IP address 192.168.3.1 and Subnet mask 255.255.255.0, once you have completed these steps select the Save button.

Now it is time to setup your DHCP server for the new VLAN you have created. This enables devices to get an IP address on the VLAN, and to communicate with the rest of the network. Simply select the Add button under the DHCPD subheading. Select VLAN3 from the newly created DHCP 0 instance. Then select the Save button to complete the DHCP creation.

Now you are ready to restart your device, navigate over to the Administration tab and select Reboot Router at the bottom of the screen. Once your device has rebooted, if you have followed all the steps listed you should have a separate VLAN on Port 2-4 for your IPTV devices and Port 1 for your computer.

At this point, it would probably be advisable to restart all your IPTV devices in your household by unplugging them from the power and plugging them back in. You may want to test the IPTV ports on your device by plugging a computer into them, and making sure that they are allocated an IP address from 192.168.3.0/24.

Differences between various HTC Vision (Desire Z/G2) builds

There are a number of different builds for HTC Vision (aka HTC Desire Z, T-Mobile G2) which are distributed by various carriers and HTC itself, they are as follows:

  • WWE (World Wide Edition)
  • TMOUS (T-Mobile USA)
  • Asia (HK, India, TW)
  • Hutch AUS (Australia Vodafone)
  • BellMobility WWE

Each build has different features, and different /system/build.prop which varies from setting the GPRS Class of the device to power saving features and ability to use no SIM card on the device.

I've been working on discovering the differences between various builds to find out why one build or another uses less power. One of the key factors in controlling a build of HTC Sense/ASOP is /system/build.prop on Android.

Currently I have written a script to compare the different versions and spit out a CSV which I can then export to a Google Spreadsheet. It's certainly interesting to see the differences between the various carriers and regions, especially in terms of wireless restrictions (like Bell Mobility disabling Fast Dormancy in their build.)