Internet & VOIP under separate VLANs

My Fiber ISP provides internet access on VLAN 835 (using PPPoE) and VOIP on VLAN 837 using DHCP with Option 60 and 61 (values are provided by the ISP), and I want to use my own OpenWRT router. I have ordered an ASUS RT-AX1800U and until it arrives I am trying to figure out how to configure it using DSA.

The idea is:

       +-----------+
       |    ISP    |
       +-----------+
             |
             |
       +-----------+
       |    ONT    |
       +-----------+
             |
             | WAN
       +----------------------+
       |  OpenWRT Router      |
       |----------------------|
       | WAN Port             |
       |----------------------|
       | VLAN 835 (Internet)  |
       | VLAN 837 (Telephony) |
       +----------------------+
          |        |       |
          |        |       |
          |        |       |
     +--------+  +--------+  +--------+
     |  LAN 1 |  |  LAN 2 |  |  LAN 3 |
     |Internet|  |Internet|  |  VoIP  |
     +--------+  +--------+  +--------+

I have found some guides online but most of the ones using DSA just configure a single VLAN. I am wondering wether you can give me some starting point for figuring this out. Thank you in advance.

You will probably have to configure two interfaces (let's say WAN and VOIP) over the same WAN ethernet port, using VLANs.

Now, you can create several internal networks, each with their own permissions, or have one single LAN that can reach both internet and the VoIP servers, that is up to you.

Hi, thanks for your time to respond on this. Is there a guide on how to set up these two interfaces using DSA? All I’ve found use the previous switch method.

Perhaps my current config might help:

config device
        option type '8021q'
        option ifname 'wan'
        option vid '6'
        option name 'wan_data'

config device
        option type '8021q'
        option ifname 'wan'
        option vid '3'
        option name 'wan_voip'

config device
        option type '8021q'
        option ifname 'wan'
        option vid '2'
        option name 'wan_iptv'

config interface 'wan'
        option proto 'pppoe'
        option device 'wan_data'
        option username '[REDACTED]'
        option password '[REDACTED]'
        option keepalive '5 5'
        option peerdns '0'
        option ipv6 '0'
1 Like

Thank you very much @eduperez for the example.

So, If I am not mistaken, since in my case wan_voip will be a dhcp client with options 60 and 61, the config should look something like this:

config device
  option type '8021q'
  option ifname 'wan'
  option vid '835'
  option name 'wan_data'

config device
  option type '8021q'
  option ifname 'wan'
  option vid '837'
  option name 'wan_voip'

config interface 'wan_data'
  option proto 'pppoe'
  option device 'wan_data'
  option username '[REDACTED]'
  option password '[REDACTED]'
  option ipv6 '0'

config interface 'wan_voip'
  option type 'dhcp'
  option device 'wan_voip'
  option vendorclass '[VENDOR_CLASS_IDENTIFIER]'
  option clientid '[CLIENT_IDENTIFIER]'

Quite interesting what kind of wild designs ISPs come up with for VoIP (and occasionally IPTV as well). My ISP for example clearly is in the beginners class here and only plays stupid DNS games (will resolve the SIP server name only from with its own name servers and only to addresses inside the ISP's network).
Personally, I decided the next SIP-hurdle my ISP throws my way will result in me switching telephony to an external SIP provider instead.

Regarding your problem, I would try to create a bridge between LAN3 and wan.837 and see whether the VoIP gear might not do the DHCP stuff itself...

Well the part about DNS is the same on my ISP too from what I 've read on local forums. The sip server name will resolve only from its own name servers. Have you set up VOIP on your openwrt router? I am curious about how it has worked for you.

No, I opted a decade ago to get a stand alone SIP/VoIP base station exactly so I do not need to care much about VoIP on my router. I think in theory it is possible to run asterisk on OpenWrt but I lack the time and interest in making that work...
But to get back the DNS issue, while my router is configured as its own non-recursive resolver (that is I ignore my IPS's DNS servers for normal internet access) I di hard code my ISP's DNS server address into the base station's config. (As I said I am close to moving SIP to an external provider to gain more independence from the ISP, but unless my ISP comes up with more hurdles I probably stick simply because moving is more effort than just carrying on as is).

I was actually asking about setting up VOIP under VLAN on WAN.

Sorry, my ISP does not do a separate VLAN for VoIP so I have no practical experience.

However I do use two VLANs on my physical WAN interface VLAN7 to reach my bridged-modem's dsl-ethernet bridge and VLAN42 to reach the bridged-modem's user interface...

For this I really only had to set up two interfaces (my router has a dedicated wan ethernet interface, so no DSA games necessary). I am sure that such an interface could also be bridged with one of the switch ports to hook up your phone...

Here is the relevant section of my /etc/config/network

config interface 'wan'
        option hostname 'turris'
        option ipv6 '1'
        option proto 'pppoe'
        option username 'SECRET_USERNAME'
        option password 'EVEN_MORE_SECRET_PASSWORD'
        option force_link '1'
        option device 'eth2.7'

config interface 'wan6'
        option proto 'dhcpv6'
        option device '@wan'

config interface 'WAN4FB7520'
        option device 'eth2.42'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.100.3'

I guess you could configure WAN4FB7520 also via DHCP with the necessary options...

Sidenote: since I want to route traffic over this interface from within my lan (to access the modem's UI) I also added WAN4FB7520 to wan zone of the firewall.

1 Like

I run Asterisk on OpenWrt on my FB7520 and it's working fine. However, my ISP does not require VLANs for VoIP, so I can only confirm this statement (my ISP is relatively open in this regard, other ISPs don't even provide the SIP credentials).

1 Like

I have never played with DHCP options on the client, but otherwise your config looks solid.

1 Like

This is the standard in Spain for FTTH installations. Each ISP can lay their own infrastructure, but they are forced to share it with other ISPs, so each ISP uses three different VLANs, for internet, VoIP, and IPTV.

Interesting, thanks! So over here the big incumbent used to do similar things but changed over to to everything within a single VLAN (I think IPTV is all on demand, that is no multicast anymore). I guess different regulatory regimes lead to different solutions.
Oh, IPTV in Spain, is that typically via multicast of also mostly on-demand unicast traffic?

Could not tell... I never used that service.

1 Like