I was trying to set up asymmetric vlan on my router ,but it seems impossible.
Is there any way to create asymmetric vlan on openwrt ?
I don’t even know what asymmetric vlan is?
3 Likes
There is a picture that shows that there is 2 groups in different vlan and they can not see each other and there is a server that they both can see
LOL, same here. I am slowly starting to regret having a managed switch. It's just an extra component to deal with, configure, maintain, update and monitor.
I for one am going to try and put all network responsibilities in a single OpenWrt VM. Wish me luck please
Can’t you just run both vlan tagged to the server and let the server handle the information flow?
Alternatively maybe some kind of firewall zone rules if you put them in three different zones can help.
3 Likes
does anything in that picture run OpenWRT? if not, then this has little to do with OpenWRT, unless you will be using some OpenWRT device to do the layer 3 routing required to achieve your goal
1 Like
1 Like
Ideally this should be configured on a separate manged switch.
As that will give you the maximum simultaneous bandwidth.
But i have tested this with openwrt on a 5 port wifi router device.
And it does work. Split each vlan on a port to a regular switch type config.
Simpler and more manageable solution is using zones and permissions
of who they can talk to , (but that goes trough the firewall so bandwidth will be limited)
1 Like
That is not about zones or routing , I am talking about layer 2 only , I did this on microtik and d-link switchs
I would not call this an 'asymmetric VLAN' -- this is actually just regular VLAN configuration. As previously stated, typically this type of situation is handled by the router at L3... you'd setup the firewall on the router to prohibit traffic between VLANs, but to allow specific traffic such as from the client hosts to the servers. If this is to be done on your router, your router must support VLANs. But you haven't included the router in your diagram so we don't know anything about it.
Now, all of that said, it is possible to perform some of these things via managed switches and L2+/L3 switching, although I have not yet used a switch with OpenWrt.
On some switches, there is a port-isolation capability that allows you to specify what ports can communicate with each other. I have no idea if this is a feature available in OpenWrt on switches. However, this doesn't require VLANs, just simply port isolation capability. In fact, VLANs are an entirely different concept and method of managing traffic than port isolation.
3 Likes
again , it is possible
but makes little sense to do with openwrt if you have access to proper
managed layer 2 switch with the option to do so ( cisco catalysts, and private vlans etc..)
As with openwrt on majority of devices you will be limited with number of ports ,
and then you would need to daisy chain many devices trough other switches
to a single port on openwrt thus limiting the bandwidth to a single ports speed.
On proper switches you will not have that limitation . you could have
many devices talking to a single server with a bonded(cisco-etherchannel-loadballanced)
interface - or multiple servers at the same time each pushing max port speed.
1 Like
Thanks , I will try that .
The thing is I have like 6 old routers so I thought maybe I can use them but yeah maybe it is not a good idea for a big office but also I have 4-5 simple switches , so it is like how to make a network from junk )
Define "simple switches" please.... are you talking about unmanaged switches? If so, those will not have the ability to work with VLANs nor will they have any capability to perform port isolation or any kind of L2+/L3 functions. You should never use unmanaged switches with VLANs as the behavior can be unpredictable.
psherman , he can have each unmanaged switch connected to a single port
on openwrt device which has a vlan assigned . then inside openwrt
he can have layer 2 routing to manage the async vlans .
1 Like
Sure, provided that each port on the OpenWrt device has exactly one network (untagged only).
You mean L3 routing. L2 is switching.
please look at my link earlier in thread for async(privatevlan) setup on openwrt .
works like it would with
(port isolation)(private vlan)(pvid settup vlan)(async vlan)
different names for different switches
1 Like
Looking at that, I am not able to figure out a situation where this would be specifically useful or really a good idea. I see that it is physically possible to do, but can you explain why you'd want multiple networks egressing as untagged on any single port while ingress untagged traffic gets mapped to a specific network. Maybe you could provide an example with specifics.
1 Like
Its about this whole topic of async vlan , port isolation , private vlan.
Segregation of layer 2 traffic , without intervlan(layer3) routing !
All do the same thing and my example replicates that functionality on openwrt.
Do not know if it can be any clearer.
1 Like
So what you're saying is that all devices are actually part of the same L2 network from a routing perspective, and this simply limits the inter-port switching using VLANs as a proxy for normal port isolation techniques?