Do I have to have a managed switch to have guest wifi where the DHCP is handled by the router instead of setting it up on a dumbap?
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guestwifi_dumbap
Misconstrued the use case. Deleted.
1 Like
You can also run multiple cables from the router to the ap or just one cable with multiple vlans directly. Where does come the switch into play?
If you have wifi APs that are external to your main router, yes, you should be using a managed switch to distribute the VLANs from your main router to your AP.
That said, as @_bernd is pointing out, it does depend on the physical topology of your network. If you have (or can run) a cable directly from your router to your AP, you don't need to add a separate managed switch. A diagram of your network topology could be useful for the discussion.
Also, managed switches can be pretty inexpensive if you don't need a lot of ports, and you can even use many typical all-in-one wifi routers if they support OpenWrt (or other VLAN aware firmware)
Here is a rough (sorry) diagram. The R4S and NWA50AX Pros are all running 23.05.05 OpenWRT
When I try and setup the router to be the DHCP server, or even if I try and extend the guest wifi from one AP to the other, devices do not receive IP assignments, which has forced me to have both APs split doing the DHCP assignments (one doing half the pool, the other doing the other half), so that devices physically closer to a specific AP use that AP.
My preference would be for the R4S to be the router for both the main and guest network and just have the APs be dumb APs for both. This setup works fine for the home network but causes the issue I explained above for the guest network.
side note: I hope to switch to an HP JG924A managed switch with OpenWRT but it bricked going from the kernal to the sysupgrade and now I can't reach the serial console. So that plan is on hold.
The diagram is plenty sufficient. Thanks.
I agree that this would be the best architecture.
A managed switch really should be used here.
There could be a whole bunch of reasons that this isn't working properly, but a managed switch is pretty key, here.
This sounds like you have multiple DHCP servers running which is guaranteed to cause you problems. Can you confirm that? Is each AP running its own guest network at this point?
In terms of infrastructure changes, you could get a little 5-port managed switch -- maybe even one with PoE. Connect the NanoPi to the 5-port switch with the VLANs all on a trunk, then connect each of the APs to the 5 port switch with the same trunk configuration. Finally, connect the 5-port switch (with a port configured just for the lan as an access port) to the 16 port switch, and everything should work well.
I don't know where you are in the world, but Amazon US has a switch that could do what you need for $55 USD. I don't usually recommend these particular entry level TP-Link switches because they have some issues, but they'd probably serve you fine. And there are others at around $70+. You could also go without PoE (assuming you're currently using PoE injectors) and that would drop it into the $30-50 USD range.
EDIT: Actually, your APs are 802.3at, so you might need a more powerful PoE switch if you go that route, but still this can be achieved for probably around $100.
EDIT2: looking again at the switch I linked earlier... yes, it can do 802.3at and has a 65W power budget... so that should be fine
Yes. Currently both APs are running DHCP for the guest network but the IP pools do not overlap. If I do not do this, then only one AP would be broadcasting the guest wifi due to the issues I stated above.
Its the same guest network though.
Does it matter if I have a 2 port biscuit that connects the Ethernet from my APs (located in different rooms) to my switch?
If they are running their own entirely independent guest networks, this won't be a problem. However, if the guest network is linked in any way, you will experience issues. Only one DHCP server should be active at any time.
These are passive things, so no, there's no issue here. As long as the physical setup allows you to connect both APs and the router to the same managed switch, you'll be set. And based on the current diagram, it would seem that this won't be an issue... you'd take the respective 3 cables and unplug them from the current switch and plug them into the new switch. Then one additional cable would run between the new switch and the existing switch.
Its the same guest network via 802.11r - again, I would prefer to do it literally any other way but it does not seem like I can.
I guess my only concern was that since the biscuit is 2 in, 1 out, there might be an issue with them both being on the same port in the switch.
Disregard. not true.
Each ethernet device needs to be on its own port..
Can you provide more detail about this biscuit? 2 in 1 out? Does each connection on the biscuit go to exactly one device on the other end? And does each connection go to exactly one port on the biscuit side?
I was mistaken. Its 2 in 2 out. my bad.
would your solution or switching to the HP JG924A be the preferred route or is it six of one, half a dozen of the other? so to speak.
Time vs money.
If you can get the HP device working again, it's a gigabit managed switch with PoE. Simply swap out your existing switch with the HP and you're done. This will take some time, though, if you need to figure out how to unbrick it.
Or buy a new switch -- 5 port if you're going for the cheapest option, or get a 16 port managed PoE switch if you want (more expensive, but physically less equipment) and put that into place.
Either way, you need a managed switch for your router and APs. One with PoE will be handy, but not required if you have injectors or are using the standard DC power input on those APs.
1 Like
The competition, entry level, is either stuff like a no name brand that I caught phoning home to China (also mentioned in the reviews) or this which lacks a couple functions the TP-Link has.
I don't read 'managed-switch'; I've just come across discussions about the Netgear vs. the TP-Link.
Probably the best recommendation at the price range.
would you recommend spending extra to try and get one that has openwrt support or is it not needed in my case?
I have bricked like 3 devices in my foray into openwrt and starting to wonder if I am causing more trouble then its worth.
IMO, that's a 'nice to have' but not a requirement. It's up to you, though.
Sorry you've had so much trouble. With that in mind, I'd just stick with the vendor firmware for your managed switch.
I have a little home network that is way over-engineered.
I would get a router (force of habit) switch that ran OpenWrt if I needed anything more than one trunk dedicated 'high priority' for my gaming.
I think its mostly a PEBKAC issue 
but those Zyxel APs were not beginner friendly. I also just seem to be super unlucky about my serial adapters actually working.
hahah i get that. I am just trying to use more open source, privacy friendly options after spending half a decade with Google Wifi.
So, if you pick not to get an OpenWrt switch, that is supported, you wonder if any issues that come up are because of that choice...
It is a dilemma.
@psherman finally got that switch to work. As expected it was user error.
I am hoping you might be able to help get these VLANs setup. I have spent an embarrassing amount of time looking at guides but everything seems to be from about two years ago.
I get stuck pretty much at the beginning which is getting the NanoPi setup to receive the tagged VLAN traffic.
Sure... start a new thread with your goals and the current config on the router. Feel free tag me into that new thread.
1 Like