Mix 2 networks


before I spend money on new technology, I wanted to write this down here. I'm thinking about implementing the following with a GL.iNet GL-MT6000 (with original OpenWRT, of course), but I'm not sure whether it will work at all.

I currently have a Fritzbox 6660, after the Fritzbox comes a 16-port switch (unmanaged, no VLAN) to which several devices are connected, printers, raspies, notebooks, PCs, etc.
Some devices are connected via WLAN via the Fritzbox (or Fritz repeater). Both via LAN and WLAN there are 2 networks, one “secure” and one “insecure” for all “insecure” devices. This actually works quite well. The problem is that I have to mix the two networks, for example: an “insecure” device must be able to access a printer that is connected to the “secure” network. Or I want to be able to say that device X can only access the Internet, but has no access to the rest of the network.

As far as I understand it, I would have to place the GL-MT6000 between the Fritzbox and the switch. The WLAN should also run via the router. But now I'm not sure whether this would work at all? Would I have to replace the switch with one that can VLAN?

Has anyone implemented this and can tell me roughly how and whether it would work?

The answers to your questions really depend on your desired topology and network requirements. It's not entirely clear what you want to achieve in the end, but I'll do my best to make some assumptions.

  • It seems that the FB6660 is currently both your cable modem and your router
  • You've got an unmanaged switch which connects your trusted wired devices
  • You have two different networks setup via wireless -- a trusted lan on wifi (theoretically the same subnet as the wired network) and a guest network (wifi only)
  • There also seems to be a wifi repeater in the system, although it's not clear which model and how it is connected
  • It sounds like you want to get the GL-MT6000 to operate as your main router as the future state.

With that in mind, the ideal situation will be to set the FB6660 to operate as a modem-only (bridge mode) device. This will pass the ISP supplied IP address directly to the wan of your MT6000. This also means that wifi will be disabled on that device, so you'll rely on your MT6000.

If your untrusted/guest/iot network is wifi only, you can easily configure your OpenWrt router (MT6000) with a guest wifi network and you'll have the same functionality as you have now. If you want to add wired connectivity to the untrusted network, you can actually dedicate one or more ports on your MT6000 for that network.

If you want to add your guest/iot/untrusted network to the 16-port switch, you will need to replace the current device with a managed switch.

The fritz repeater may or may not easily integrate into your network, depending on how it connects (wifi, ethernet), if it can run OpenWrt, and what network(s) it needs to repeat.