I have two routers A & B with OpenWRT 22 between which I'm trying to create a tagged connection with two vLANs on a single ethernet cable. I want B to be smart (DHCP, routing, firewall, dns), and A to be dumb, meaning I want A to behave like a switch supporting vLANs. I can't quite get it to work, as described below. If anybody knows what I'm doing wrong, help would be appreciated.
Both routers run OpenWRT 22.03.5, but present slightly different LuCI webinterfaces for the configuration of vLANs, I presume because of different hardware:
A has a "Network -> Switch" menu item, but B doesn't.
A = Asus RT-N16
B = Asus RT-AC56U
Both mention firmware version "OpenWrt 22.03.5 r20134-5f15225c1e / LuCI openwrt-22.03 branch git-23.093.57104-ce20b4a" on the overview page.
B (the intended smart router) is configured as follows:
FWZone IoT <- Interface IoT{Static address 192.168.22.1/24+DHCP} <- Device br-lan.3
FWZone lan <- Interface lan{Static address 192.168.23.1/24+DHCP} <- Device br-lan.99
Device br.lan{Bridge device} -> "Bridge VLAN filtering" tab has:
(port 1, vlan3) : T
(port 1, vlan99) : T*
(port 2, vlan99) : U
(port 3, vlan99) : U
(port 4, vlan3) : U
The firewall will forward zone lan to IoT, but not vice versa.
Router B works as I want it to: If I connect a device dIoT on port 4 = vlan3 = Zone IoT,
and device dlan on port 3 = vlan99 = Zone lan, then both devices get an IP address, dlan can ping dIoT, and dIoT cannot ping dlan, so far so good.
Now I want router B to be in another room, but devices dIoT and dlan to stay where they are. There is one cable going to the other room. I want that one cable to be a trunk for vlans 3 & 99, and have a dumb vlan-aware switch close to the devices, which will be router A with OpenWRT. I have configured it as follows:
As opposed to router B, router A has a "Networks -> Switch" menu entry, which looks as follows:
(port 1, vlan 3,99): tagged
(port 2, vlan 99): untagged
(port 3, vlan 99): untagged
(port 4, vlan 3) : untagged
I have an ethernet cable between router A port 1 and router B port 1.
I was hoping to be able to connect device dIoT to router A port 4, device dlan to router A port port 3 and get the same behaviour as before, however I don't. With the above configuration, I get that the lan (=99) connection works, but device dIoT doesn't get an IP address served. If I change router B's configuration to
(port 1, vlan3) : T*
(port 1, vlan99) : T,
then it's the other way around, i.e. the dlan device doesn't get DHCP-served, and the dIoT device does.
It looks like as if router A doesn't actually put tags on packets going over the trunk cable between A & B, and then router B dumps all packets to the port's primay vlan determined by the * in the configuration table. Even though I expected router A to publish tags because its switch table says
(port 1, vlan 3,99): tagged
Does anybody have an idea what could be the problem?
Thanks in advance!