I am trying to setup a network with 2 vlans but getting halfway there. Any help on what im missing would be much appreciated.
I have a router from my ISP which is connected to the internet.
I have a second Linksys3200ACM (4 ETH ports an 1 WAN) with OpenWRT 22.03 installed.
Im trying to setup the Linksys router as follows
WAN port on linksys is connected to lan port on ISP router
Separata the 4 ETH ports on the linksys router into 2 VLANs
VLAN 1 has 1 port and has a cable tv box connected to it. This cable tv box seems to need to have a direct connect to the ISP box to work. I dont know why but if it is behind NAT on the Linksys router the TV Streaming freezes so it seems its doing some network comms below TCP/IP layer to get tv streaming to work
Vlan 2 has the remaining 3 ports and a number of devices connected to it
Both VLANs should be able to access internet and thus the ISP router.
For visualising what I need I have created the following image
The important thing to note as mentioend above, the L1 port with the tv box connected to it needs to go through the WAN port and communicate directly with the ISP TV Box. VLAN 1 devices also need to still be able to connect to the internet.
Now the way I did this was have one bridge device on the Linksys router with all the lan ports and wan port bridged. I then create two spearate VLANs. VLAN 2 has L1 port and WAN port untagged and VLAN 1 has L2/3/4 ports untagged with WAN not participating.
I then create a interface for VLAN 1 and assign it the LAN firewall zone.
This gets the tv box to work as it seems to be able communicate with the ISP box directly bypassing NAT.
I dont even have to setup a device for this VLAN (2), it just works.
However devices in VLAN 1 now cannot communicate with the internet. It seems this setup messes with the WAN IP and routing in some way and while I can access LUCI from ports L2/3/4 any request to the internet fails. I also cannot ping the isp router box from these ports.
You can find images of my router config from Luci here
Im not sure what Im doing wrong. Ive tried so many alternatives. From setting up the L1 port on its own interface to bridging the L1 port with eth device. Nothing seems to be able to get both things to work. I either have no internet connection, or have no tv box working.
Id also be open to know if I can get this done another way. I dont need vlans but it seemed it was the only way to get the tv box to connect to the isp router directly without NAT when connected to the linksys router.
Does the STB work on any port of the main router or only on the first?
It might as well be a security measure from your provider to block multiple STBs from using the service.
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
I don't know the brand of your STB or IPS, but if DLNA on internal network is supported on your STB you might need 2 VLAN connections to your STB:
One for your direct ISP connection (so no internal actions, DHCP,...)
One for your internal connection (NAS, PC,...)
Currently I'm working on the same config as You are but not there yet.
For your information: my ISP is Telenet (Belgium)
OpenWRT is new to me as well but loving the challenge.
WAN and LAN1 need to be in the same VLAN and they will hardware switch between each other at layer 2. There is no routing needed; the OpenWrt kernel won't even see TV packets.
Since this is a DSA system, a bridge-vlan will be used to achieve this.
Set up a way to log into the router by wifi. This can be an AP on the lan network, or a separate admin network with an AP and a DHCP server.
Log into the router by wifi.
Move the wan port into br-lan. Have all the physical ports in the same single bridge. This is the master bridge to spawn bridge-vlans.
Create two bridge-vlans. They can have any VLAN numbers (must be unique though). Traditionally 1 is used for lan and 2 for wan.
Put the wan and lan1 ports untagged in bridge-vlan 2. Put the other 3 lan ports untagged in bridge-vlan 1.
Change the wan network's Device to br-lan.2. Change the lan network's Device to br-lan.1.
Mk24's way of config does the trick for the first part: bypassing my private router and sending all traffic for 1 port to the ISP modem. So far so good and many thanks for your answer mk24!!!
In addition, some screenshots of this config:
INTERFACES
The STB is now operational on the ISP modem network. So time to go one step beyond
With this STB it is possible to connect to network hardware (NAS, PS,...) to play movies through the STB on television. Therefor of course, the STB needs access to the local network on my router and not on the ISP modem router.
There are 2 IP addresses in the STB to be provided:
IP ADDRESS: IP from the ISP modemrouter (range 10.x.x.x)
INHOME IP ADDRESS: IP from network router (range 192.168.1.x)
At this moment, the second IP is in the range of the ISP modem router, 192.168.10.x.
It might be impossible as well to take over the private IP part away from the ISP modem router towards my router, though looking at the options and possibilities of OpenWRT ... loving the challenge
PS: because I'm not the topic starter (nobunaga), I'd like to add that my STB connection is made on port 4 of the router, and on the first port as nobunaga indicated. Sorry for this!
but not there yet.
