Need help with VLANs. WAN traffic going both in and out of the same port but with different VLANs

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello everyone.

I have a bit of a constrained and specific setup in my apartment. I get internet through a WAN cable in a electrical panel where there currently is a unmanaged 5 port switch. 4 of the ports are wired to 4 different rooms and the 5th port is the WAN input port. We are told to buy our own router so of course I bought a OpenWRT capable router and it works fine in the one room it is connected to. It draws a WAN IP via DHCP through our ISP.

I wanted to replace the unmanaged switch with a OpenWRT router and have it manage the WAN traffic to the rest of the rooms, but due to the limited space in the panel and availability of OpenWRT routers without WiFi, people on the forum recommended that I instead replace the unmanaged switch with a managed switch, use VLAN tagging and send the WAN traffic to the router (which is a OpenWRT VLAN capable router) to do the routing, then send the traffic back to the managed switch and then to the rest of the rooms with a different VLAN ID. This would be the most flexible solution as the router does the routing and WiFi.

The problem is that I have never had to configure VLANs before so I am a bit lost as how to actually implement this. My biggest concern is that the WAN port on the WiFi router has to have two VLAN ID tags so it can recieve on VLAN1 and send out on VLAN2.

I suspect that the LuCI interface is too simplistic to configure this advanced setup and I will have to drop to the command line, which is no problem for me. My problem is the lack of experience with configuring VLANs.

Can someone explain how to do this? The OpenWRT router has LuCI and the managed switch has a web interface. I have posted pictures of both interfaces below.

Current setup:

VLAN setup 1
VLAN setup 1557×563 5.23 KB

The interfaces for OpenWRT (LuCI) and the Zyxel web management:

VLAN interfaces OpenWRT and Zyxel
VLAN interfaces OpenWRT and Zyxel1059×1280 144 KB

2

You can configure this in luci no problem. Plug a laptop directly into one of the LAN ports on your router to configure LUCI.

Here's step by step:

  1. Plug your laptop into a LAN port on your router. Configure LUCI switch to be tagged on the WAN port for both vlan 1 and 2, save and apply.
  2. Change WAN interface to use eth0.2
  3. Change LAN interface to use eth0.1 (if it doesn't already)
  4. Plug your laptop into port 2 of the zyxel switch... configure an IP address on your computer if needed, and log into the switch
  5. Configure port 5 on your switch to be untagged in vlan 2 and not a member of VLAN 1 this port will be your ISP port. Configure the port VID to be 2 for this port.
  6. Configure port 1 on your switch to be tagged for both VLAN 1 and VLAN 2. This port will be for your router.
  7. Configure port 2,3,4 on your switch to be untagged in vlan 1 with port vid 1
  8. Save and apply settings.
  9. Plug the WAN port on your router into port 1 of your Zyxel switch
  10. Plug the ISP device into port 5 of the zyxel switch
  11. Plug the various cables going to the various rooms into ports 2,3,4 on the switch

done

5 Likes
3

It's traditional to use the last port in a switch as the "uplink" to the next network (in this case port 5 and the building Internet) but it would be OK to use port 1 as your diagram shows.

1 Like
4

Thank you very much for your help and explaination, it worked at the first try.

I learned a lot during the process, so thanks again.

Here is the final setup for future reference:

VLAN setup managed completed
VLAN setup managed completed533×587 7.5 KB

And the setup for the router and switch:

VLAN interfaces OpenWRT and Zyxel managed VLAN
VLAN interfaces OpenWRT and Zyxel managed VLAN980×1041 52.2 KB

2 Likes
5

Thanks for the tip.

6

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.