THis is my very first experience with OWRT and I'm really ready to learn but it's difficult.
I flashed OWRT onto my FB4040-Router some days ago but I can't seem to get VLANs configured correctly. One reason of getting with OWRT was that I wanted to put devices into different zones and restrict their connections.
I've read several posts on VLANs here and elsewhere but I didn't succeed. Either my computer became really slow with no internet connection or I locked myself out completely and had to do a soft reset (several times).
So before I go crazy and drop it all I thought I'd ask for a little assistance here.
hardware/cable connections:
main router (not OWRT) that handles the internet connection and VOIP (192.168.1.1/24).
OWRT-router behind it has the static IP 192.168.1.5 in the outter network.
Port 4 of OWRT router connected via cable to port 1 of TP network switch (OWRT static IP: 192.168.200.3). All of my cabled devices are connected to the TP switch.
So it's:
main router (192.168.1.1) <-> OWRT router (192.168.1.5 or 192.168.200.1) <-port4--> TP switch (192.168.200.3)<--> many devices (with different IP subnets - if it worked)
OWRT interfaces (all = protocol static address)
LAN (eth0) - 192.168.200.1/24
WAN (eth1) - 192.168.1.5/24
WIFI (br-WIFI) - 192.168.150.1/24
SERVER (eth0.101) - 192.168.101.1/24
MEDIA_CLIENTS (eth0.102) - 192.168.102.1/24
GUEST (eth0.103) - 192.168.103.1/24
Here are a composite of screenshots of my present OWRT config (without VLAN enabled) and my network switch config options:
port 1: where the cable from the OWRT router is plugged in
port 2: here I'd like to plug in a Multi SSID wireless access point at a later point that serves all wireless, among others:
WIFI (= br-Wifi)
all the wireless MEDIA_CLIENTS (eth0.102) (I hope I can use 102 for cabled and wireless media clients at the same time, see port 5.)
GUEST (eth0.103)
port 3: my PC
port 4: my server(s) (VLAN 101 - eth0.101)
port 5: non-wireless media client / TV (VLAN 102 - eth0.102)
I feel really stupid for not getting this to work myself. I hope you can give me some hints and advice. Please be patient because I've only just started with OWRT and I usually use web interface GUI not config txt files.
But any help would be much appreciated. Thank you so much.
Michael
P.S. When I set eth0 to tagged in the OWRT switch settings I think I remember a message saying that it "auto-migrated" LAN to eth0.1 and then I was locked out for good.
Sorry, I should have made that clearer: I did try that but somehow got locked out and was left without any connection on my PC (no internet, no connection to the OWRT router). The screenshot of the OWRT switch you see here is the default one (without VLAN configured). I included it to show the available ports and how they are represented in the switch.
When I add VLAN 101 to 103 in the OWRT switch config, I need to set CPU (eth0) tagged in all settings, right? But I think then it gave me this message I mentioned in the P.S. that it auto-migrated LAN to eth0.1 and I was locked out...
I only have this one cable that goes from the OWRT router to my TP network switch. The router is located in the basement and there's really nothing else to connect to it yet except this one cable to my TP switch.
BTW am I correct to assume that on the TP switch the port1 where the cable from the OWRT router comes in needs to be tagged and the destination port (e.g. 4 or 5) is untagged?
And on the OWRT router all instances of eth0/CPU are always tagged? And port 4 is untagged?
I still find this confusing...
Should I set it like this or will this lead to "auto-migration" of eth0 to eth0.1, lock out or blocking of internet traffic?
My PC is on eth0 with the static IP 192.168.200.10.
VLANs work on the IPQ4019, at least. I run trunked VLANs to the WAN port of my EA8300s sucessfully.
One mainly needs to be aware of two or three things:
VLAN 1 and VLAN 2 are "reserved" by the driver
GMAC0 is "hard tied" to the "LAN" ports
GMAC1 is "hard tied" to the "WAN" port
Switch configuration details that likely fail include:
Anything involving VLAN 1 or VLAN 2
Anything that involves both the "LAN" ports and the "WAN" ports on the same VLAN
Bridging the interfaces involved with GMAC0 and GMAC1 at the kernel level seems to lead to some "challenges" with ARP. I haven't resolved the root cause of this, but my "working theory" is that the bridge responds to the ARP request with its Ethernet MAC, which may be the "wrong" one for one or the other port groups.
