I'm pretty new here, and new to network configuration and OpenWRT, as such I'm not quite sure if what I'm asking for is correct, or feasible.
I wanted to set up my home network as following:
Network 1 - LAN ports 1 and 2; One 2.5GHz and one 5GHz SSID - Home PC, Laptop, Smartphone, Server
Network 2 - LAN port 3; One 5GHz SSID - Work thin client, Work phone
I want both networks to be under two different subnets (192.168.1.* and 192.168.2.*), and I don't want them to be able to talk with each other in any way.
Reasoning? I would prefer not to have my personal traffic be intercepted, or mix home with work stuff.
Would this be possible, and if yes, would anyone be able to let me know how to achieve this?
see if this document is enough for you to get started:
ps: since you didn't specify which router you have if it is "DSA" or not,
if it will be connected to your network with "managed switches" or not,
if you have other routers that you want to configure as "dump-AP" to extend the network,
in general the answer to your question is "yes" it can be done.
Thank you for the reply. I found that tutorial myself, and I attempted creating a separate bridge, but in the end I soft bricked the router, so I assume I didn't know what I was doing.
I had the br-lan on which I left in with the LAN ports 1 and 2 + eth0
I made another device, br-lan-work which I left in with LAN ports 3 + eth0
This however left my router unreachable, until I reverted the settings. So in that case how should this be configured without the risk of me bricking the router?
I was thinking of leaving br-lan (with all ports and eth0 ticked) as it is, then adding lan-home (instead of br-lan) and lan-work, with the above configuration, minus eth0?
EDIT: Router is a BananaPI Wifi6
Seems to be using this OpenWRT image: https://docs.banana-pi.org/en/BPI-WiFi6_Router/BananaPi_BPI-WiFi6_Router#_openwrt
I can use another router, however it doesn't have OpenWRT installed (I don't want to risk installing it since it's a ISP provided router) and I would prefer to keep power consumtion at a minimum.
the settings could vary a lot because even if the manufacturer uses an Openwrt base it is not certain that the configuration is the same, the advice is to ask their technical support.
maybe it would be better if you edited the post title adding the router model and it is not a standard Openwrt for people who might search for this router here.
Me again.
I went to the BananaPi forum, and tried to ask there, however they've been pretty unhelpful.
They mentioned that they don't test the functionality of the firmware, as such I could try editing /etc/config/network and /etc/config/firewall or to implement the feature myself.
By what they said I'm assuming to do the same thing I would do in LuCI according to the DSA tutorial that was linked.
So I did it again, this time I managed to configure it correctly as the two devices on Network 2 connected correctly with 192.168.2.* IP, so DHCP works, however I don’t seem to be able to get any internet access on any of the devices.
The work thin client gave me this error message when connecting: “Connection refused by the server, it may be due to protocol, port or firewall issues”. And the work phone (Android) mentions “Internet might not be available” / “Connected without internet”.
Your device isn't supported by the official OpenWrt project. It is very likely that the version of OpenWrt that your device currently runs is heavily modified by the vendor.
When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.
You may find that the best options are to ask for help from the maintainer(s) or user community of the specific firmware that you are using.
Alternatively, you can provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).
Thank you @psherman for taking the time to explain to me the issue, I really appreciate it! I understand that the guidance I receive on this forum might not be helpful, or useful. I just wanted to make sure that the configuration I've done is correct.
Assuming I was using an OpenWRT sanctioned firmware, and the router was made specifically to work with the said firmware, is the configuration I made above sufficient, or was there something extra that needed to be done?
Based on some of your screenshots, I would expect that your device is using DSA. This means that the DSA tutorial that @ncompact provided (first reply) is the correct reference. Follow those directions using bridge-VLANs.
If it doesn't work, that likely means that the firmware fork used on that device is modified to the point that things don't work as they should for OpenWrt, and you'll need to ask the vendor or their community for help.
Thank you again for the reply!
Do the VLANs need to be used in conjunction with the bridge setup I've done above, or should this be tried independently?
That VLAN section was a bit confusing to me, but I managed to set it up with this useful video tutorial, it also explained the firewall part of the setup, which I was clueless about: https://youtube.com/watch?v=reMrbOl-anM
It seems though that setting up VLANs on the br-lan device caused the Wifi to longer work (the phones wouldn't authenticate to the SSID.
So in that case I followed the same guide, but made two bridge devices instead.
With this I managed to get internet access through LAN on Network 2, but on Wifi, I still don't have any internet access. Here's how this looks:
(Device and SSID configuration is the same as above screenshots)
Not sure if I'm still missing something, but it seems quite strange how come the SSID on Network 2 is not able to have internet access.
Any idea what else I can look into?
Because what you’re working with is a fork, and not a product of the official project, if the DSA method doesn’t appear to be working as expected, you need to ask the people who made the fork. We cannot know what they changed, why, and how it is supposed to work given their changes.
@psherman: Thank you, I got that, I understood you perfectly well, I was hoping more for a suggestion as to where my setup went wrong (if there was something wrong)
In the end, I managed to fix the wifi issue as well. I just had to forget the SSID on the phone, and try to connect again.
Now the router works as expected.
Thank you to everyone for your support.
