The above scheme illustrate what is requested in the project where RUT950 are implied, where XX has to be adapted based on deployment sites…
As we will have several routers to configure, it would be very appreciated if this kind of configuration could be done with the UCI tools
I’m not a network expert, but I could understand well if we explain well to me
I have already prepared my script to make basic configurations from an out of the box RUT950:
Changing basic information as HOSTAME, SSID, admin password
Give/Remove access to WebUI, SSH, … from LAN or/and WAN
Configuring LAN IPv4 and WAN IPv4, but I’m not sure that I have to keep the WAN part with VLAN issues
And future updates when we have an already ‘partial’ configured router accessed from LAN or WAN…
Playing with “uci show” and “uci set/delete [KEY]” is helpful to understand how configuration has to be and is VERY helpful about firewall rules updates depending on some configuration aspects…
Is anyone could help me on being able to make the above configuration on a RUT950 ?
(even if I need to do it with the WebUI :))
For such a configuration, I’d first suggest to configure everything from the WebUI side to make sure everything is working as expected, and then explore the options added to UCI.
To configure 802.1Q VLAN, navigate to Network → VLAN → Interface based, and create 3 new VLANs with the tags necessary. Make sure that the parent interface is set as eth1. Q-in-Q configuration does not seem to be necessary in your case.
Once the interface-based VLANs are configured, navigate to Network → WAN, and create a new interface for each VLAN. Specify the protocol that should be used, the head over to the Physical settings tab and in the Interface field select the created VLANs.
Once the configuration is saved, the VLANs should be up and running. It is important to know, that by default, all of the created VLANs will be in the same firewall zone. For the WAN zone in particular, communication between these VLANs will be prohibited (at least by default), and masquaranding will be enabled. If you need to setup individual firewall rules for each VLAN, navigate to Network → Firewall → General settings, create a new zone for each VLAN, and define how the incoming/outgoing packets should be handled. Make sure to remove the created VLANs from the WAN zone!
Once all of this is configured, in the CLI run the command uci show network and uci show firewall. Your applied configuration should be present there.
However, if the setups will be very similar, I’d suggest using the backup functionality of the router, and upload the backup onto the other devices. It should be noted, that backups can only be uploaded onto devices with identical order codes.
Let me know if you encounter any difficulties along the way!
Thank you for answer but I get into trouble as I don’t have Network -> VLAN -> Interface based option or menu.
Here some information to be able to understand what is wrong:
Hardware: RUT950 HG12G0 - HW Rev: 0505
Firmware Version : RUT9XX_R_00.06.09.5
- Fresh install (Reset factory)
- Connect to WebUI:
- Change Password
- Skip Wizard
- Go to Network -> VLAN
But I don't have Interface based
It seems like your RUT950 version does not support the newer RutOS builds due to hardware limitations and the latest version available for your device is the one you currently have installed.
In that case, if you will be deploying the project with new RUT9 series of devices, I’d suggest performing the configuration on a newer device that can run the latest RutOS versions (product code should not contain the G1: RUT950 xG1xxx).
As I’m not that familiar with the older firmware versions, I’m afraid I cannot provide the exact how-to guide, however, you might find the following resources useful: https://wiki.teltonika-networks.com/view/RUT950_VLAN_(legacy_WebUI)#Tag_Based
Again, apologies for not being of much help here, perhaps someone from the community forum has had a solution similar to this on the legacy firmware.
