I am comfortable creating Dumb Access Points using THIS article.
I am comfortable creating WLANs for Guest Devices and IOT Devices using THIS article.
My goal is to introduce a Mikrotik RB750Gr3 flashed to OpenWRT, to my current home network. This new Mikrotik Router would be connected to the internet, and all Access Points and un-managed switches in my house would connect to the Mikrotik. I'm sure I could setup my Guest Devices and IOT Devices WLANs again on the new Mikrotik router, just without the Wireless portion of things. I intentionally don't want the Mikrotik router to have WiFi.
My question is: Let's say I connect Ethernet port 5 on the new Mikrotik router to my old Linksys Wifi-router's Ethernet port 4 while the Linksys is setup as a Dumb AP. What do I need to do to get those WLANs on the Mikrotik extended out to the Linksys Access Point and broadcasting? I know this involves creating VLANS and Tagging, but for the life of me I can't grasp tagging no matter how much I read about it.
Thank you very much for anyone willing to entertain this question and educate me.
Now, all ports in your router are connected together to the LAN network, and traffic is untagged.
You need to tag traffic on port 4, using one VLAN for the LAN network, and another VLAN for the guest network.
Go to the switch configuration on your router, mark port 4 as tagged (now it is untagged) on the LAN that corresponds to your LAN (most probably VLAN 1).
Now add another VLAN (let's say 3), mark is as tagged on the CPU and tagged on port 4. This is your guest VLAN, you need to add it as an interface to the guest WLAN.
Now, port 4 carries traffic for both your LAN (on VLAN 1) and guest network (VALN 3). On the AP you should do something similar, so you create two virtual connections using the same wire.
Firstly, thank you! Okay, I ordered the Mikrotik but if you are willing to help me we can practice on my current configuration, and then I should be able to apply what I learn to my new configuration once I receive the new hardware. Current configuration:
ISP -> Linksys Router with WLANS -> Netgear as Dumb AP
ISP connected to Linksys Router's WAN port.
Linksys Router's port LAN1 is connected to Netgear AP's port LAN1.
(See images below)
First question, do I need to create all of the WLANs on the Netgear AP exactly as I created them on the Linksys Router?
Second question, could you please guide me through the VLAN creation and tagging?
Not at all, you can create whatever WLANs you want on each device, then use VLANs to connect them as you wish.
Sure!
On the Linksys:
Change LAN 1 to tagged on VLAN 1, then add VLAN 4 (tagged on CPU and LAN 1, off on the other ports) and VLAN 5 (tagged on CPU and LAN 1, off on the other ports).
Do not touch the LAN (eth0.1) or WAN (eth0.2) networks.
On the IOT network, add the "eth0.4" device; on the GUEST network, add the "eth0.5" device.
Apply all changes, and everything should work exactly as before, except for LAN 1 (take this into account, if you need that port to reach the Netgear device). On that port, the traffic that comes out is tagged, with a different tag (1, 4, or 5) for each network; and the same for the traffic that enters the device. On the other LAN x ports, there is only (untagged) traffic for the LAN network.
Now, to the Netgear device (this is a bit more risky, as you might lose access to the device by LAN, wait until the end, and applying all the changes together):
On the VLAN 1, mark the CPU and LAN 1 ports as tagged, leave as untagged on the other ports.
Create VLAN 4 (tagged on CPU and LAN 1, off on the other ports), and VLAN 5 (tagged on CPU and LAN 1, off on the other ports).
Move your LAN network from "eth0" to "eth0.1", create the IOT network on "eth0.4", and GUEST on "eth0.5" (follow the recommendations about a dumb AP on those interfaces: no DNS, no DHCP, no firewall, ...).
Apply all changes, and enjoy your new not-so-dumb AP.
Perhaps you want to make the GUEST or IOT network accessible on the LAN x ports from the Netgear device? Change the LAN 4 port from untagged to off on VLAN 1, then from off to untagged on VLAN 5: now that port carries traffic for the GUEST network instead of LAN.
Change LAN 1 to tagged on VLAN 1, then add VLAN 4 (tagged on CPU and LAN 1, off on the other ports) and VLAN 5 (tagged on CPU and LAN 1, off on the other ports).
Gotcha!
On the IOT network, add the "eth0.4" device; on the GUEST network, add the "eth0.5" device.
For IOT, would I do this under: Network -> Interfaces -> IOT (click EDIT) ->Physical Settings -> Interface (select "Switch VLAN: "eth0.4")
This deselects the Wireless Network Master for Iot, which why I assume I'm attempting to add eth0.4 in the wrong place.
When I'm in the IOT Interface menu, under Physical Settings I can only make one selection under the Interface drop down menu (see image below). Currently, the Interface that is selected is "Wireless Network: Master "126iot" (Iot)". If I select "Switch VLAN: "eth0.4"" it automatically un-selects the previous interface.
Keep in mind that when I did this step:
I only SAVED and did not SAVE AND APPLY. I'm not sure if that would make a difference when trying to apply this Interface change.
Sorry for the delay, I have to tinker with my network at times when no one in my family is using it which is pretty prohibitive. So first off... WOW, THANK YOU ! Everything is up and running. The regular LAN is functioning, and both VLANs seem to be working. All APs are transmitting just fine. I can't wait for the new router to do it all again haha!
You are incredibly helpful and kind for taking the time to work through this with me. I will definitely pay this forward, and I hopefully can help someone on the forums with this information.
Would you mind answering some followup questions? I want to understand everything I just did. Are the following points correct?
I'm tagging in the LINKSYS switch so that now it will embed a tagged frame in the header of every packet that comes into and out of the port LAN1 identifying that packet as if it is for my local area network, VLAN4, or VLAN5.
I'm not tagging traffic on VLAN2 on the LINKSYS because that is the WAN, and the internet doesn’t care about my internal virtual networks.
When I'm tagging the CPU on the LINKSYS in this setup that is because the CPU needs to know to "look" for these VLAN tags on those ports that are also tagged.
I'm Bridging Interfaces because I want "share" traffic/Tagging across them. For example, I want traffic into my Guest WiFi on the LINKSYS to be directed to VLAN5, and bridging accomplishes this.
When I bridged Iot Interface to eth0.4 on the LINKSYS, that eth0.4 is really just another name for VLAN 4. Is that correct?
BONUS question lol:
On the Netgear AP, when I’m creating the Iot and Guest Interfaces, I connect them to eth0.4 and eth0.5 respectively as you said. Why don’t I Bridge those interfaces with their respective wireless networks on the AP? That is what I did on the Linksys, and I don’t understand the difference. Images below for comparison.
You are tagging each frame that leaves the router, and you are discriminating each frame that arrives based on the tag.
Not exactly...
You are not tagging your WAN because the device at the other end of the wire does not expect tagged frames. VLAN tags are specific to ethernet, and thus do not travel across the internet.
Exactly! And the way to tell the CPU to look for those tags, is to use "eth0.5" instead of "eth0".
The tags do travel to the wireless interfaces, or your wireless clients would need to use them too.
Exactly!
Wait! What? That does not look right, you should be seeing bridges, just like on the main router... Perhaps I was not clear on the instructions, but your wireless interfaces must be bridged to the wired interfaces.
When I Bridge eth0.5 to Guest Wifi for my Guest Interface, I could connect to the AP on that Guest WIFi but I didn’t have an internet connection. I think my mistake was in the Guest WiFi configuration. I had the Guest WiFi on ONLY my LAN Network. When I put Guest Wifi on ONLY Guest network it was also broken.
NOW, I have placed Guest WiFi on BOTH LAN and GUEST Networks to be able to get it to work with the Guest Interface setup as Bridged. See the photo below of my Guest WiFi on the Netgear AP, and please tell me if you think my Guest Wifi is still mis-configured.
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
I'm good, thanks; I actually enjoy these threads. They're kind of entertaining, like a crossword.
I noticed you are using the same IP address for the IOT and GUEST interfaces on both devices; that is a mistake, you should do the same as the LAN interface: 192.168.x.1 on the router, and 192.168.x.2 on the AP.
In any network segment, the gateway must be inside the network; the gateway is, by definition, the node that makes it possible to reach other networks. If your IOT and GUEST networks are configured as 192.168.x.y/255.255.255.255 (where x is 4 or 5), then the gateway has to be at 192.168.x.1, it cannot be at 192.168.1.1.
In your configuration, you do not need to specify any gateway at all, because the router is the gateway on each interface, using the router's IP address on that interface, and that woks out of the box by default. You can remove all "option gateway 192.168.1.1" lines.
Just as it ignores the LAN, the DHCP server on the AP must also ignore the IOT and GUEST networks; you should edit the DHCP configuration accordingly. Or you could stop the DNSMASQ from running at all (have a look to the dumb AP guide).
The firewall on the AP can also be heavily simplified, as it does not have to deal with external traffic, forwards, or any masquerading; or you can even disable it completely (again, have a look to the dumb AP guide).
Everything else looks fine, try those changes I suggested, and let's check the situation again.
you are using the same IP address for the IOT and GUEST interfaces on both devices; that is a mistake
Okay, I changed the Iot IP Address on the AP to 192.168.40.2 and the Guest is now 192.168.50.2 (which literally fixed EVERYTHING, so thank you again ).
For Iot and Guest Interfaces on the router, their DHCP "Start" is set to 10. For OpenWRT that means the "Lowest leased address [is] offset from the network address [by 10]" so 192.168.40.2 has no ability to be assigned to a client because the interface on the router is at 192.168.40.1 and it will only start assigning IP addresses at 192.168.40.11. (Hopefully that much is correct). Is that why I don't need to assign a Static Lease to the AP's Interface in the router's DHCP similar to how I assigned a static address of 192.168.1.2 to the DumbAP overall? Or is it because I can only really assign static leases to physical clients?
In your configuration, you do not need to specify any gateway at all, because the router is the gateway
So if OpenWRT didn't automatically set the Gateway for each Interface to 192.168.1.1 I would need to manually do this correct? I just want to make sure that the only reason I don't do this is because it is done for me.
To clarify something, I have to keep the AP's LAN Interface having a Gateway address of the router at 192.168.1.1 right? That Gateway is needed even if the other Interfaces don't need one.
You can remove all "option gateway 192.168.1.1" lines.
Done!
Concerning Odhcpd, Dnsmasq, and Firewall I just have those all Disabled in the Startup menu. I clicked STOP on each just to be sure as well when reviewing all my settings.
Thanks for answering all of these (endless ) questions, I'm learning a ton!
! Everything is up and running. The regular LAN is functioning, and both VLANs seem to be working. All APs are transmitting just fine. I can't wait for the new router to do it all again haha!
).
) questions, I'm learning a ton!