Is this possible with vlan?

Untitled1027×805 81.5 KB

Is this possible with vlan?

Here are two routers with openwrt installed.

1. Router 2 is connected to the “LAN port bridged to the WAN port of router 1” and receives a separate public IP to form a separate network.

2. AP2 can set access VLAN. Set vlan20 on wifi1.

3. The port connected between router 1 and router 2 should NAT the Internet packets of 222.x through vlan10, and at the same time, router 1's network packets (111.x, 192.168.1.0/24) should also be forwarded to vlan20.

4. 222.x internet packets processed by vlan10 go to man.
   111.x Internet packets processed by vlan20 go to woman. So woman can roam between AP1 and AP2 via wifi1.

Is processing 3 possible through VLAN?
I understand that this type of roaming is generally layer 3 roaming through tunneling, but I am wondering if this setting is possible.

This is exceedingly confusing to read... but fundamentally...

This will only be possible if the ISP will provide multiple public IP addresses.

And this can actually be achieved with a single router by setting up two wan interfaces, but i the goal is to have 2 routers and policy based routing.

Each router will have NAT on the wan interface. It's not clear if you want these to be entirely independent networks, though, or if you want the two lan subnets to be able to talk to each other.

The VLAN doesn't do any 'processing' -- it's the routing engine that does the work, and normally that means NAT on the wan + routing between the lan and wan.

If you want to setup the wifi1 SSID on AP2, yes, a VLAN configuration can make that possible.

Roaming is a wifi specific activity that has nothing to do with VLANs. However, it happens at L2 (switching).

Back to the original premise of your question, though...

• If you want two independent networks, this can be done on 1 router or on 2. It can also be done with just a single public IP (although obviously all packets will eventually traverse via the same wan, but the two networks can be completely isolated, if desired).

You need to find out if your ISP will provide a second public IPv4 address... if not, you will be looking purely at the idea of 2 subnets in general that use the same wan.

Side note: you may want to consider relabeling 'man' and 'woman' as just 'user 1' and 'user 2' or something more generic.

no problem.

Independent.

Router 1 is weak. mt7621. It just performs NAT in front and AP1 is connected to provide public wifi1.

Router 2 is x86. It forms a separate network and provides wifi2 for me from the connected AP2.
And create a public wifi1 that can be used with AP1 connected to router 1.

man, woman are just examples from the diagram site lol.

The specifics of how you will achieve the goal depend on the details of your network config file... if you post those files for each of your devices, we can advise (make it clear which device is the mt7621.

I understand that... but it just reads strangely. User 1 and User 2, or Person A and Person B is a more generic and less unusual way to explain your goals.

I don't know much about VLANs...

Since it is difficult to remove a working mt7621 from the front, I am currently experimenting with the x86 as number 1 and the mvebu router as number 2.

x86 has separate interfaces from eth0 to eth3, and the mvebu router has eth1 and eth2 as wan, and lan1 to lan5 as lan.

The current situation is that the woman is assigned an IP of 192.168.1.x and is communicating through 111.x.
However, even though man is assigned an IP of 192.168.50.x, he also communicates through 111.x.

It's late, so I'll check tomorrow.

The 111.x and 222.x in the diagram are actually opposite in the screenshot below.
The diagram was just an example...

Instead of screenshots, please post your text configs...

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network

I just changed mvebu's brwa20 from dhcp client to unmanaged protocol and it works as I want.

Paste the settings below. The names are slightly different from the screenshot.

x86 config

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
        option device 'lo'

config globals 'globals'
        option ula_prefix 'fdbe:ce67:4643::/48'
        option packet_steering '1'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.50.1'
        option device 'br-lan'

config interface 'wan'
        option proto 'dhcp'
        option peerdns '0'
        list dns '127.0.0.1'
        option metric '1'
        option device 'br-wan'

config interface 'wan6'
        option proto 'dhcpv6'
        option reqprefix 'auto'
        option peerdns '0'
        list dns '0::1'
        option reqaddress 'none'
        option auto '0'
        option device 'eth1'

config device
        option name 'br-lan'
        option type 'bridge'
        option macaddr 'xxxxxxxxxxxxxx'
        option ipv6 '0'
        list ports 'eth0'
        list ports 'eth2'
        list ports 'eth3.20'

config device
        option name 'eth1'

config device
        option type 'bridge'
        option name 'br-wan'
        list ports 'eth1'
        list ports 'eth3.10'

config device
        option type '8021q'
        option ifname 'eth3'
        option vid '10'
        option name 'eth3.10'
        option ipv6 '0'

config device
        option type '8021q'
        option ifname 'eth3'
        option vid '20'
        option name 'eth3.20'
        option ipv6 '0'

mvebu config

root@OpenWrt:/# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdf3:4b2f:3dfa::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'lan5'

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'br-wan'
        option type 'bridge'
        list ports 'eth1'
        list ports 'eth2'

config interface 'wan'
        option device 'br10'
        option proto 'dhcp'

config interface 'wan6'
        option device 'br-wan'
        option proto 'dhcpv6'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'lan5'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'lan1:t'

config device
        option type '8021q'
        option ifname 'eth1'
        option vid '20'
        option name 'eth1.20'

config device
        option type '8021q'
        option ifname 'eth2'
        option vid '20'
        option name 'eth2.20'

config device
        option type 'bridge'
        option name 'br10'
        list ports 'eth1.10'
        list ports 'eth2.10'

config device
        option type 'bridge'
        option name 'br20'
        list ports 'br-lan.20'
        list ports 'eth1.20'
        list ports 'eth2.20'

config interface 'br20'
        option proto 'none'
        option device 'br20'

It is different from the diagram because the order of the routers is changed.

AP2's wifi1 (vlan20) receives the x86 router's 192.168.50.x ip and communicates with the public ip 1.
AP2's wifi2 (vlan1) receives the mvebu router's 192.168.1.x ip and communicates with the public ip 2.

great.

Have you achieved your goal? If not, please let us know what is and is not working.

Yes, thanks.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.