How set up two separate networks using OpenWrt 23.05.0?

Hi, I'm very new and I don't understand a lot about networking further than port forwarding. I apologize for any mistakes. This is my learning experience.

I've looked and found a previous discussion that basically does what I want it to do. From my understanding, it creates two separate LANs, one with 192.168.11.0/24 and one with 192.168.22.0/24. The problem is that the solution uses an older version of OpenWRT and I don't understand how to follow it, especially given the VLAN section which doesn't exist in newer OpenWRT versions.

My requirements are slightly different and I want my topology to look something like this:

Untitled Diagram.drawio(3)693×1134 34.8 KB

The 192.168.1.1/24 network is the default OpenWRT network with the default firewall.

The 10.0.0.1/24 network is a new network that I'd like to create.

It should have access to the internet and I'd like for the networks to not be able to talk to one another.

Thank you for your time.

Let's start out with the basics: What device do you have? The image suggests x86? If the latter, what network card(s) do you have?

Basically, you need to remove one port from the br-lan bridge and create a new interface for it with your desired configuration.

Yes, sorry. I got the numbers the wrong way around. I'm using an old computer:

I have this network card. It's a Realtek RTL8125 I believe.

I also have a gigabit port built into my motherboard.

The Realtek RTL8125 has eth0, eth1, eth2, eth3
The built in motherboard port has eth4.

This is even easier than in the post you linked, since you have five independent ethernet ports, and you do not need to care about internal switches or VLANs. You can just define one to five network interfaces, each one with their parameters, then bridge the ethernet ports to the network interfaces.

I would personally do this with vlans.

Go to network devices and click configure on your bridge device.

Click enable VLAN filtering.

Click add twice and you'll get vlan id 1 and vlan id 2.

For LAN ports 1,2,3 select egress untagged and primary vlan id on vlan id 1

For LAN port 4 select same for vlan id 2.

Screenshot from 2023-11-07 10-02-091309×443 34.8 KB

Screenshot from 2023-11-07 10-03-491148×277 30.7 KB

Change the default lan interface under "interfaces" to use br-lan.1 (vlan 1)

Add another interface for the br-lan.2 with an ip address (or not) in your other subnet. (probably with since you probably what the openwrt to route between the two.

Screenshot from 2023-11-07 10-02-561128×692 78 KB

Make sure your pc doing the configration is in port 1,2,3 or the save and apply will timeout and fail.

Ignore the fact that I duplicated the subnet on those images. Fat finger there. Make sure your new interface is 192.168.0.1/24

As @eduperez said, there is no need for VLANs here since the x86 ports are independently connected to the CPU and you are running only one network on each physical port.
What @clutch2sft said would also work. It is unnecessarily complicated at this stage but it does easily migrate to an advanced scenario with tagged VLANs on "trunk" Ethernet cables.

I ended up doing it that way somewhat. I vaguely followed this video tutorial and followed these steps:

1. I created a new Firewall Zone called ServerZone:
   

   

   image900×775 61.8 KB

2. I created a Static Address interface:
   

   

   image900×759 43.6 KB

3. I enabled DHCP within "DHCP Server" and left it with default settings.

4. I set the Firewall Zone to be ServerZone within the "Firewall Settings".

5. I created a new bridge device called ServerBridge and set eth3 to be the bridge port:
   

   

   image900×690 39.6 KB

6. I went back interface and edited the ServerInterface and selected the newly made ServerBridge device:
   

   

   image900×759 43.9 KB

I applied the settings and it worked.

Thank you so much for all your help everyone.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.