Hello,
since the recent attack I am not having access to my account any longer, password is not recognised (checked multiple times). So here is oscar2 then....
I feel quite stupid with my question, since it seems so trivial. I could not find an answer after several hours of search, though.
My OpenWRT router is extended by a managed switch, which includes 2 Ports belonging to vlan4, the others to vlan1. The vlan4 ports are for the VoIP phones.
The Setting on the switch is as follows:
The Gateway setting seems strange to me. The
Options are
leave it as is, as it appears to work
change it to point to the Openwrt router IP (192.168.1.1)
leave it blank
Besides a directive I would appreciate a few words of explanation, since after years with OpenWRT I still haven't fully understood what the difference of 'gateway' vs. 'interface'
If you leave it without gateway, only intra-subnet communication is possible.
If you add a gateway, then inter-subnet communication is possible. However a valid subnet must be entered. For IP 192.168.2.5/24 a valid gateway is in the range 192.168.2.1-254
Interface can be an ethernet card, wireless card or anything else that can connect you to a network.
Gateway is the IP of the upstream router, when the address you are trying to reach is not known, e.g not in the routing table.
Thank you for explanation. With the current '0.0.0.0' setting, inter-subnet communication is possible through the corresponding firewall setting:
config forwarding
option dest 'Fon'
option src 'lan
where 'Fon' is 192.168.2.0/24, 'lan' corresponds to 192.168.1.0/24. Seems that 0.0.0.0. has either zero effect or corresponds to any IP address, which includes the one of the router.
192.168.1.1 would then be the correct entry? Isn't this in conflict with 'For IP 192.168.2.5/24 a valid gateway is in the range 192.168.2.1-254 you mentioned?
0.0.0.0 is a reserved IP, I find it really hard that some vendor allowed it to be used as gateway in that way. Even so, the gateway has to be a specific IP, not an abstract to let the device try all possible addresses.
It is not a correct address when you have IP 192.168.2.5 with mask /24. The gateway must belong to the same network as the address of the device.
its physical ports of the switch belong through vlan tagging to either 192.168.1.0/24 and 192.168.2.0/24
the gateway setting applies for the whole device, i.e. must belong to it's subnet, even though there is additional subnet assigned to the device.
The correct gateway according your advice is clearly 192.168.1.1, since this is within the subnet of the switch device. How do the ports that are assigned to 192.168.2.X know about the gateway, i.e. get access to DNS and internet?
What is the gateway setting for at all*? Am I mixing forwarding and gateway?
Is it or not, I am lost
....
128 prelocal
255 local
254 main
253 default
0 unspec
....
This setting concerns the switch and not the devices connected to the switch.
For IP 192.168.1.4/24, the gateway 192.168.1.1 is a valid choice.
Devices in vlan2 with IP 1982.168.2.X/24 must use as gateway the IP of the interface of the router on that vlan.
It is not the switch's job to route the packets from one vlan to another, it's the router's. The switches job is to separate the vlans and connect to a router, so the latter can route them.
Got it, it is the IP address of the interface of the subnet, right? As defined in /etc/config/network.
You relieved a major headache, thanks a million.
Oscar
I did read the instructions which propose to change the account password. However, this is not possible since I cannot log into it. Password does not match. Unfortunately, I used an email address alias that I discarded recently. Password reset is no option therefore.
I cannot legitimise myself to the admins as 'oscar'. All I could do theoretically is to ask to block that account.
There has not been any intend to have two accounts.
It is a Zyxel GS1200-5. It is attached to my OpenWRT router and because of different vlans settings I use across the two, I assumed that the solution for my request is located in the settings of the openWRT router. Which turned out to be true.
I'm going to expand on this further to clarify for new learners. In this case, the switch is a "managed" swich, so it has a tiny embedded computer inside it that serves configuration web pages. The configurations show are the settings for this tiny embedded computer serving the web pages. Suppose the switch has some feature where it needs to talk to a "cloud" resource, how would it do it? It needs to send packets to "the internet" so it needs to know the address of a gateway. The gateway being entered here is for the embedded computer inside the switch to talk to the internet. In this case the 0.0.0.0 setting means "no gateway / no internet access"
The most trivial (not really cloud-) examples of this would be (S)NTP requests, to set the internal clock of the managed switch or being able to pull a firmware upgrade directly from the internet - this is obviously more important for the increasingly popular cloud managed switches.
I should have made this clear, the image shown with the setting is indeed from the switch and not from the openWRT router.
The devices attached to the vlan-tagged-port in a subnet on the switch had internet access despite the gateway setting '0.0.0.0'. I believed this is because of port forwarding in the firewall, i.e. wan --> vlan-subnet called 'Fon' (in addition to lan-->Fon above).
The other ports on the extended switch belong to the lan. I have not checked it but it might well be they had no internet access, I did not check it and can't do so at the moment. But will do it this evening.
Oscar
PS: as you may have noticed I am back as Oscar which was made possible with the help of the administrator.
This setting in the switch is just for use by the embedded computer in the switch. Everyone else is getting their network info via dhcp from your router.