I have now been running all my networks at home through a DIR-600 that has been acting as my edge firewall for a couple of weeks now. Everything has been running very smooth and without any problems at all. I have never had a need to reboot the device for any reason at all, but I had to turn it off for two weeks ago for a short time since my girlfriend and I were changing power cables in the living room. 
And since I preconfigured the device before I replaced my good, old WRT54GL, the affecting downtime was only about 1-2 minutes.
The flash processes of the devices was also very easy since there is a device specific DD-WRT image that you upload through the web GUI just like upgrading the original firmware with a newer version. During the flash process, I was quite surprised by a cool feature that I noticed.
Usually when you change the firmware of a device from the vendors firmware to a homebrew version, like DD-WRT, you really want to erase the previous configuration. Otherwise you can really mess up your device if DD-WRT tries to parse or load the configuration that is created by the previous firmware. This is usually done by doing a factory reset of the device or by clearing out the NVRAM with the command: “erase nvram & reboot” in a console through Telnet/SSH/Serial. But with the device specific image for DIR-600, the NVRAM is cleared during the flash process and I already have a “clean” device the first time it boots.
The first thing I noticed was the absence of VLAN support. 
Notice that there is no VLAN tab under Setup.
Due to this, I had to redesign my network a little bit. I usually use VLAN’s to separate my networks in different segments. But now since I didn’t have VLAN configuration available in my edge firewall, I had to use iptables between my networks to secure them from each other. The benefit of using VLAN’s instead of a firewall is that there is no firewall between the networks that can be exploited. But since this is on my inside, I guess that it is good enough (for now). 
I was very confused by the absence of the VLAN tab. If I look at my NAS (that i also running DD-WRT) I can clearly see the VLAN tab under Setup.
My WRT-600N is running DD-WRT with VLAN support. (Yes, I am a true master of paint. )
This was very strange to me, but I accepted the sad fact that there was no VLAN support in DIR-600. Time passed, but some days ago I wanted to investigate the thing a little bit more. I started by checking the URL to the VLAN configuration of the my NAS device, which is http://192.168.85.253/Vlan.asp. It was a long shot, but I decided to try what happens if I try to load the Vlan.asp page on my DIR-600 using it’s IP instead of my NAS-device. The result is this:
It was a great surprise to see the “hidden” VLAN configuration in DIR-600. Please note that VLAN tab is still missing!
I haven’t tried the VLAN settings yet (since of my reconfiguration, but I will try it soon), but I think that we can assume that they are working. So what is my final conclusion of my little experiment? Well, I must say that I am happy to confirm to you that with the DD-WRT firmware on the DIR-600, I have a wonderful D-Link router. (And if you are curious enough, you can actually have VLAN support as well. ) And since D-Link now provides home brewers with SDK’s for their products, I think that they understand that other people are apparently better than they are in building firmware’s for their own devices. It has been a really fun trip with the DIR-600, but right now I really miss my dear WRT54GL that is hiding in my closet that will come back into service any day now.
Is anyone interesting in buying a used DIR-600 that is loaded with DD-WRT? It is actually a D-Link router that absolutely rocks! 
// Fredrik “DXter” Jonsson
No related posts.
That was amazing. I’m struggled to find other hardware because of the absence. i will try to do load balancer soon.
hi ….
My firm and I have a problematic with D LINK DIR 600, I was a layman and not very well – very well understood in the radio world I want Nayak werlies What version of firmware update for mine type and how the setting for so as not stolen by the – the computer maniac please guide
However I test the way you taught me..but ..it seems that it’s just a gui that doesn’t work..do you find any good way
I spent a few hours hacking away at adding Vlans to my DIR-600 and couldn’t get it to work.
Via web interface it only adds the nvram lines that manage the vlans but doesn’t activate them. Via console I manually split the LAN ports into 2 vlans and commited but when I rebooted the nvram configuration was back to the standard vlan split.
I then tried configuring the vlans and not rebooting but I didn’t see any difference in the network traffic so the Vlans might have been properly set up but they just didn’t work.
A shame but that’s ok, the router works perfectly for my other uses – wireless bridge and, surprisingly, DSL router.
I just bought this d link (great price) it seems that there’s a problem with dd wrt and iphone losing packets. Been toying with the beacons now I can stream with safair but flycast is dead, wish this problem was posted in the wiki because its a headache trying to get mi iphone to work, been considering putting my old router back heck you just connect that’s it, now i have to read gazzimillions forums and tweak my rx tx i don’t think anyone would like that (or can) especially if you are newbie and thought everything is peachy with dd wrt. Well if you’re an iphone user it’s not .
Hi gentlemans,
Here is my script to make vlans for all ports to independent.
It is for Ralink SoC. Routers are DIR-300 Rev.B1 and Dir-600 Rev.B2.
Set independent vlans
/sbin/switch vlan set 0 1 0001011
/sbin/switch vlan set 1 2 0000101
/sbin/switch vlan set 2 3 0010001
/sbin/switch vlan set 3 4 0100001
/sbin/switch vlan set 4 5 1000001
Set vlans inside network chip
/sbin/switch reg w 40 004005
set vlan number for port 1 (vlan4)and port 0 (vlan5)
/sbin/switch reg w 44 001003
set vlan number for port 3 (vlan1)and port 2 (vlan3)
/sbin/switch reg w 48 001002
set vlan number for port 5 (vlan1)and port 4 (vlan2)
/sbin/vconfig add eth2 3
/sbin/vconfig add eth2 4
/sbin/vconfig add eth2 5
/sbin/ifconfig vlan3 hw ether AA:BB:CC:DD:EE:FF
/sbin/ifconfig vlan4 hw ether AA:BB:CC:DD:EE:FF
/sbin/ifconfig vlan5 hw ether AA:BB:CC:DD:EE:FF
/sbin/ifconfig vlan3 10.1.0.1 netmask `nvram get lan_netmask` up
/sbin/ifconfig vlan4 10.2.0.1 netmask `nvram get lan_netmask` up
/sbin/ifconfig vlan5 10.3.0.1 netmask `nvram get lan_netmask` up
i have 3 routers working on this setting.
Hi,
Here is another procedure:
/* vi: set sw=4 ts=4:
PORT Switch Port VID
==== =========== ===
CPU PORT6 0,2
WAN PORT4 2
LAN1 PORT3 0
LAN2 PORT2 0
LAN3 PORT1 0
LAN4 PORT0 0
*/
$mii_dev = “/proc/rt3052/vlan”;
Standard setting:
/* port 6 tag, port 4,3,2,1,0 untag */
echo “echo 1 > “.$mii_dev.”/untag_port_0\n”;
echo “echo 1 > “.$mii_dev.”/untag_port_1\n”;
echo “echo 1 > “.$mii_dev.”/untag_port_2\n”;
echo “echo 1 > “.$mii_dev.”/untag_port_3\n”;
echo “echo 1 > “.$mii_dev.”/untag_port_4\n”;
echo “echo 0 > “.$mii_dev.”/untag_port_6\n”;
/* We use 2 VLAN, 0 (for LAN) & 2 (for WAN) */
echo “echo 0 > “.$mii_dev.”/vid_vlan_0\n”;
echo “echo 2 > “.$mii_dev.”/vid_vlan_1\n”;
/* VLAN member port setting */
echo “echo 0x4f > “.$mii_dev.”/mem_vlan_0\n”; /* port 6,3,2,1,0 */
echo “echo 0×50 > “.$mii_dev.”/mem_vlan_1\n”; /* port 6,4 */
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_2\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_3\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_4\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_5\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_6\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_7\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_8\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_9\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_10\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_11\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_12\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_13\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_14\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_15\n”;
/* Port VLAN setting */
echo “echo 0 > “.$mii_dev.”/vid_port_0\n”; /* LAN port */
echo “echo 0 > “.$mii_dev.”/vid_port_1\n”; /* LAN port */
echo “echo 0 > “.$mii_dev.”/vid_port_2\n”; /* LAN port */
echo “echo 0 > “.$mii_dev.”/vid_port_3\n”; /* LAN port */
echo “echo 2 > “.$mii_dev.”/vid_port_4\n”; /* WAN port */
echo “echo 0 > “.$mii_dev.”/vid_port_6\n”; /* CPU port */
/* Port VLAN enable */
echo “echo 1 > “.$mii_dev.”/vlan_en_port_0\n”;
echo “echo 1 > “.$mii_dev.”/vlan_en_port_1\n”;
echo “echo 1 > “.$mii_dev.”/vlan_en_port_2\n”;
echo “echo 1 > “.$mii_dev.”/vlan_en_port_3\n”;
echo “echo 1 > “.$mii_dev.”/vlan_en_port_4\n”;
echo “echo 1 > “.$mii_dev.”/vlan_en_port_6\n”;
echo “ifconfig eth2.0 hw ether “.$lanmac.”\n”;
echo “ifconfig eth2.2 hw ether “.$wanmac.”\n”;
echo “ifconfig eth2.0 up\n”;
echo “ifconfig eth2.2 up\n”;
echo “brctl addif br0 eth2.0\n”;
echo “ifconfig br0 up\n”;
All together:
/* port 6 tag, port 4,3,2,1,0 untag */
echo “echo 1 > “.$mii_dev.”/untag_port_0\n”;
echo “echo 1 > “.$mii_dev.”/untag_port_1\n”;
echo “echo 1 > “.$mii_dev.”/untag_port_2\n”;
echo “echo 1 > “.$mii_dev.”/untag_port_3\n”;
echo “echo 1 > “.$mii_dev.”/untag_port_4\n”;
echo “echo 0 > “.$mii_dev.”/untag_port_6\n”;
/* We use 2 VLAN, 0 (for LAN) & 2 (for WAN) */
echo “echo 0 > “.$mii_dev.”/vid_vlan_0\n”;
echo “echo 2 > “.$mii_dev.”/vid_vlan_1\n”;
/* VLAN member port setting */
echo “echo 0x5f > “.$mii_dev.”/mem_vlan_0\n”; /* port 6,4,3,2,1,0 */
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_1\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_2\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_3\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_4\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_5\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_6\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_7\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_8\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_9\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_10\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_11\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_12\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_13\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_14\n”;
echo “echo 0×00 > “.$mii_dev.”/mem_vlan_15\n”;
/* Port VLAN setting */
echo “echo 0 > “.$mii_dev.”/vid_port_0\n”; /* LAN port */
echo “echo 0 > “.$mii_dev.”/vid_port_1\n”; /* LAN port */
echo “echo 0 > “.$mii_dev.”/vid_port_2\n”; /* LAN port */
echo “echo 0 > “.$mii_dev.”/vid_port_3\n”; /* LAN port */
echo “echo 0 > “.$mii_dev.”/vid_port_4\n”; /* WAN port */
echo “echo 0 > “.$mii_dev.”/vid_port_6\n”; /* CPU port */
/* Port VLAN enable */
echo “echo 1 > “.$mii_dev.”/vlan_en_port_0\n”;
echo “echo 1 > “.$mii_dev.”/vlan_en_port_1\n”;
echo “echo 1 > “.$mii_dev.”/vlan_en_port_2\n”;
echo “echo 1 > “.$mii_dev.”/vlan_en_port_3\n”;
echo “echo 1 > “.$mii_dev.”/vlan_en_port_4\n”;
echo “echo 1 > “.$mii_dev.”/vlan_en_port_6\n”;
echo “ifconfig eth2.0 hw ether “.$wanmac.”\n”;
echo “ifconfig eth2.0 up\n”;
echo “brctl addif br0 eth2.0\n”;
echo “ifconfig br0 up\n”;
Javan: I tried your script, it did not work.
I’m just looking to make port 1 be on its own separte vlan (Vlan3) and to bridge that with br1. Since tagging is not working, and Vlan interface does not work.
Could you provide instructions as to how to try it out in a DIR600-B2?
Thanks in advance!
Sadly doesn’t work for me either. I want to be able to separate just one lan port from the rest of the private network. I’ve tried couple of scripts already but no success.
I use DIR-600 b2 with wrt image inside and I’m beginning to believe this Ralink hardware has some limitations…