I have setup main TP-Link router (stock firmware) and another TP-Link router (OpenWRT firmware) as IoT router. There is separate VLAN for IoT devices on IoT router. Firewall rules are defined and everything works great.
Problem statement - I have new IoT devices that cannot “reach” IoT router Wifi coverage. I could connect them to main network (router) but I want all my IoT devices going through one dedicated IoT router.
What are my options to extend IoT network so new devices could connect to IoT network/router ? I was thinking of setting up another OpenWrt router in Wifi repeater/extender mode (using relayd) or Mesh network mode. Any suggestions how to proceed ?
You have to be more elaborate about your devices. If not obvious you need both tplink or both openwrt to have roaming across 2 access points with same SSID.
One router TP link (stock), second router TP link (openWRT). I understand that I need to setup another (third) router (openWRT) as mentioned in my post to extend IoT network coverage to to IoT Wifi device 3 & 4.
It is possible to replace the main router with one running OpenWrt (depending on the model, the device currently in place might be supported).
What is the physical proximity of the main router (that is currently not running OpenWrt) to the IoT devices that need the extended coverage? If you were to put the new router at/near the main router's location, would that be likely to provide adequate wifi signal strength to the new IoT devices?
Can you run a wire between the OpenWrt router and the new one you will setup? (this could be a re-use of the existing wire between the main router and the OpenWrt unit if the proximity question above establishes that the new IoT wifi can be setup near the main router; alternatively it might be an entirely different cable or maybe you'll say that it's not a viable option to run the wire)
No, not this time. In future I might change main router to another that supports openwrt
New IoT devices can pickup signal from main router. Yes, if new openWRT router would be next to main router, then IoT devices would get adequate wifi signal strength
No, I cannot run wire from existing OpenWrt router to new one. (my main router is in middle of house. ETH cable runs to OpenWRT that is in garage. New IoT devices are in other side of house in relation to garage. Therefore I need to extend IoT network coverage to cover far point from garage.
My suggestion would be to add a new router (running OpenWrt) that is situated near/next to the existing main router. With that physical placement, you can take the connection that goes between the main router and the C6v3 and instead plug that into your new OpenWrt router -- this directly connects the two OpenWrt routers (this will be a lan-lan connection). Then, the new OpenWrt router can connect directly to the main router (also a lan-lan connection).
With that topology, you can then easily setup the IoT network on a VLAN such that the two OpenWrt routers have access to both the main and the IoT network over a trunk (i.e. a cable/port that carries multiple networks using VLANs). One of the OpenWrt devices will act as a router (as is being done now by the C6v3) and the other will simply be a bridged-AP with VLANs. You might opt to have the new router act as the IoT router, but that's up to you (it's probably not critical).
AXE75 is broadcom, not supported by open drivers at all.... You can use OpenWrt as "dumb AP" or "relayd" connecting to it. Kind of google shows the right pages in wiki.
Thanks. For topology clear: Main router => ETH cable => New OpenWRT => ETH cable => C6v3
VLANs not clear. Currently C6v3 “pass-through” 2 ETH ports for main network and 2 ETH ports + Wifi act as IoT VLAN.
Because I have only one ETH cable running from main router to garage (IoT Router) - if I connect new OpenWRT next to existing main router and create IoT VLAN on new OpenWRT and plug ETH cable running to C6v3, will I still be able to get “pass-through” 2 ETH ports for main network and 2 ETH ports + Wifi as IoT VLAN (in garage) ?
VLANs are pretty straight forward for your needs here, and we can help you with the implementation -- it's not hard, but can be a bit tricky to wrap your head around when you're new to VLANs.
Yes. With VLANs, both networks (IoT and main lan) run over the same physical cable between the OpenWrt routers. The other ports on each OpenWrt router can be set however you like to achieve the same "pass through" effect (on a port-by-port basis, you can choose which ports map to which network).
My guess is that you'll get a bit stuck if it's your first time messing with VLANs. Don't give up, though... post your configs here and we can help you through t the process.
Be sure to select a good device for your needs and that is well supported with OpenWrt. If you have questions about what to choose, ask for advice in the hardware section of this forum.
This is my current C6v3 network configuration. Should I create similar for newOpenWRT ? Assuming newOpenWRT will be “master” for IoT network, then DHCP should be disabled on C6v3 on “IoT” interface, right ?
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd11:3388:aa9f::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
option ipv6 '0'
list ports 'lan1'
list ports 'wan'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.0.2'
option netmask '255.255.255.0'
option gateway '192.168.0.1'
list dns '1.1.1.1'
list dns '8.8.8.8'
config device
option type 'bridge'
option name 'br-iot'
option ipv6 '0'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'IoT'
option proto 'static'
option device 'br-iot'
option ipaddr '192.168.100.1'
option netmask '255.255.255.0'
option delegate '0'
list dns '1.1.1.1'
list dns '8.8.8.8'
To use VLANs, you'll be using the bridge-vlan syntax. So there will be some edits required.
first, put all ports in the same bridge:
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'wan'
And delete the br-iot bridge:
Now, create the bridge VLANs. The wan will connect to the upstream (as I assume it does currently) and we'll add the iot VLAN to it:
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
list ports 'wan:u*'
config bridge-vlan
option device 'br-lan'
option vlan '100'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
list ports 'wan:t'
Finally, edit the lan and IoT networks to use br-lan.1 and br-lan.100 respectively:
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.0.2'
option netmask '255.255.255.0'
option gateway '192.168.0.1'
list dns '1.1.1.1'
list dns '8.8.8.8'
...
config interface 'IoT'
option proto 'static'
option device 'br-lan.100'
option ipaddr '192.168.100.1'
option netmask '255.255.255.0'
option delegate '0'
list dns '1.1.1.1'
list dns '8.8.8.8'
Now, once you have the other (new) OpenWrt device, this will be ready to go.
Under device “br-lan” I see list ports ‘eth0.1’. I don’t see separate ports as in my current IoT openwrt router. I assume this is because ports 2-5 are already assigned to “switch_vlan 1” and port 1 (wan) assigned to “switch_vlan 2”.
Question1 - Should I remove config switch_vlan 1 and switch_vlan 2 ?
Question2 - Should i add ‘eth0.2’ to device “br-lan” lists ports (currently eth0.2 is assigned to device “br-lan_0.2”) ?
Question3 - Should i delete interfaces “wan” and “wan6” ?
No. Since the C6v2 is an ath79 target, it has not yet been migrated to DSA. Instead, it uses swconfig.
No, but I would suggest that br-lan_0.2 should be renamed to something like br-iot or similar.
That can be done if you're not using the wan interface -- I think that is true here.
Importantly, though... we need to understand how this device will be used.
The C6v3 (your existing device) was previously configured as the router for the IoT Network. Moving forward, will the C6v3 continue to be the router responsible for that network, or will this task migrate to the C6v2 (new) device?
Main router for IoT network will be (new) C6v2 device (at least for now - later I might switch them and do the vice-versa config, but first I want to get them up and running to see the overall performance/coverage). That being said, I think I need to disable DHCP on (old) C6v3 device, right ?
Still need to figure out on firewall zones when networking part is done. will post firewall config later.
Ok... so there are a few things you'll want to do...
To start:
on the C6v2 (new device)
setup the lan and IoT networks as you had previously done with the C6v3
The lan address will be 192.168.0.2
The IoT address will be 192.168.100.1
Disable the DHCP server on the lan interface
Enable a DHCP server for the IoT network.
You can copy the same IoT firewall zone and rules from the C6v3.
Enable masqurading on the lan firewall zone.
On the C6v3 (old device)
change the IoT Network to unmanaged (proto 'none')
remove the IoT DHCP server
remove the IoT related firewall rules
change the lan address to something else on the main lan subnet -- maybe 192.168.0.3.
Once those changes are all in place, the last thing will be to ensure that you have a properly defined trunk and bridges on the new C6v2 config. We can review the complete configs from both devices to ensure that everything is as it should be.
