I need help configuring my home network using OpenWrt which is running on an RPI4. I currently have the following setup:
I use my RPI as a firewall and DHCP server which is connected to my Fritz! Box modem. I use a USB network adapter as a second network port, through which the RPI is connected to my switch. All devices are also connected to the switch.
All devices are currently in a network. Now I would like to have two networks separated, one for mobile devices and PCs etc. and one for home automation devices. My question is how can I achieve this? Is it possible to create two different VLans and decide to which network to assign a device based on the Mac address of the device? Or maybe Is there an elegant way to do that?
Can you please explain what you mean? Does that mean I need to configure the VLans on the switch? In that case, I need a managed switch, right? Which I don't have right now, but that's not a problem. In the case I would have a managed switch how would I configure the OpenWrt and the switch?
Normally you do not expose the vlans to all your devices, but just use the tagged ports between routers and switches and use untagged ports to connect the devices.
In your case this would mean a tagged connection between rpi and switch, and the switch would bring the vlans to different untagged ports.
Except that the TP-Link TL-SG1016D is an unmanaged switch and therefore doesn't support VLANs, tagging or untagging (it's the behaviour of unmanaged switches when encountering VLAN tags is undefined, at best they'd let them pass through unharmed, but literally anything can happen - from dropping to clobbering the packets or subtle issues).
Maybe I didn't explain my case well enough. Most of my devices are connected through my wireless routers. The wireless routers run in bridge mode and are connected to the switch. So let's say I have a managed switch. How can certain devices be assigned to a VLAN or another? Can I do this based on the mac address? Can a managed switch do something like this?
You mentioned before you need 2 different networks, one for mobile devices and PCs, one for home automation devices.
You would have a tagged vlan connection from your rpi to the managed ( @slh) switch. Here you would either divide the 2 vlans to untagged ports, where you would connect your PCs and access points, in case each ap would only serve one vlan. Or, you would use the untagged ports only for your PCs and bring the tagged vlans to your aps, where each ap could open up e.g. 2 wifis at the same time in the 2 different vlans.
So each wifi belonged to one vlan, and then the devices that connect to this wifi would be in that same vlan. You could have a home automation wifi and a private wifi. And both of this wifis could be served at the same time by different access points.
I think that's probably the best way to go. But I need to find out if my APs can open two wifi's at the same time. I actually know I can get them to create a guest wifi. However, the configuration options for the APs are very limited. But thanks for the help
Thanks @Stefan1, I had already seen this post in the forum, but I don't know how to access the OpenWrt that is running on the AP and how to update it to a newer version. I tried to access it via ssh, but unfortunately I don't know the root password
I'm thinking of replacing my AP due to the limited configuration options. What do you think of the UniFi APs from UbiQuiti?
) switch. Here you would either divide the 2 vlans to untagged ports, where you would connect your PCs and access points, in case each ap would only serve one vlan. Or, you would use the untagged ports only for your PCs and bring the tagged vlans to your aps, where each ap could open up e.g. 2 wifis at the same time in the 2 different vlans.
