I run the latest stable version, 19.07.7 on a GL.iNet GL-B1300. I have an ISP modem, my router is connected to it. I do not have a switch.
I have a wired IoT device connected directly into the router that I would like to separate from the trusted devices, but I would like to be able to control it with my smartphone.
Based on this topic, I think the elegant solution would be to set up a VLAN.
I tried setting up a separate VLAN for the device. I used the LAN port next to the WAN port for connecting to the device. I tried this setup:
As far as I remember, the default setting contained one VLAN, all 3 columns contained "untagged".
But I could not save my changes (I think it was this way). If I tried it the other way, I lost connection to WAN on my PC.
I have also had a look at this guide. I do not know how to link the new vlan to an existing interface and set up a firewall zone for it.
After hours of trying, I kindly ask you, if you could share a relatively simple guideline to my problem, as this is my first time with OpenWRT. Thank you really much in advance.
This is an IPQ40xx chip, it does strange things with VLANs. One of them is that VLANs 1 and 2 are set aside for internal use. Use a VLAN number higher than 2 for your new VLAN. VLAN 2 is actually running the WAN port though in an invisible manner.
Also when you change the CPU port from untagged to tagged you need to also go to the LAN physical settings and change it from eth0 to eth0.1 to have continued use of the LAN. Logging in by wifi is advised so if the Ethernet is misconfigured you still have access.
Once you have the switch working you will have eth0.3 going to your IoT. Set up a standard guest network for it. This means a new network bridge and a new firewall zone which are independent from your LAN.
Nearly all IoTs link to the manufacturer's server as does your smartphone, and they communicate through the API of that server. The phone is not expected to have access directly to the IoT's network.
Thank you for you help. When applied the following switch configuration, on the Interfaces page I saw that the router could not connect to the WAN (I am using PPPoE).
I did it like this because I wanted to separate LAN2 as a VLAN. The LAN interface's physical settings was updated to contain eth0.1 automatically.
I saw these in the Interfaces tab:
Unknown error (PEER_DEAD)
Connection attempt failed
In the physical settings, the WAN is connected to eth1.
I have found this thread. This seems to be related. However, I cannot do what kmarty did, because I cannot see port 0, port 5, vid 0 and vid 1 in LuCI's switch settings page. The only columns I see are the ones that my csv-style table contains.
Do you have a suggestion for me, please? I know GNU/Linux and I can use the command line for some degree, but I do not know much about networking.
Edit: I also tried this with a VLAN ID of 5, but I got the same result.
I have succeeded to create a separate VLAN for my wired IoT device. Now it communicates with my smartphone app via the internet.
If anybody else who faces a similar problem, they can search "ipq40xx vlan" on this forum. There are documented ways to set the VLAN configuration via ssh.
One needs to change the settings using ssh, and must not use the web interface. VLAN identifiers 1 and 2 should be avoided, this is why I used 10 and 20.
For the remaining settings, one can use the web interface, but the switch configuration should not be edited that way.
Thank you, @mk24, and everybody else who helped me in some way!
When applied the following switch configuration, on the Interfaces page I saw that the router could not connect to the WAN (I am using PPPoE).