Sorry for noob question, but you guys already helped here a lot in the past.
I'm trying to "consolidate" my network using VLANs. My setup is one DSL router and two OpenWrt routers, connected to this DSL router. Both routers have private and guest WLANs. Now every WLAN has separate ip subnet.
All devices seems to support VLAN:
DSL router: Zyxel VMG1312-B30B
OpenWrt #1: TP-Link TL-WR841N/ND v8
OpenWrt #2: TP-Link Archer C6 v2
My goals are:
allow access to miniDLNA server (running on RasPI) from all private LAN/WLANs.
consolidate all (LAN + private WLAN) as single network
(optional) consolidate both Guest WLANs as single network
From what I read, VLAN seems to be solution. However I don't know what are the requirements for VLAN that include WLAN interfaces. Must it be bridged with some LAN port? Or how does it work? Many thanks.
It more the other way around. It’s the interface that works with the tags. A bridge typically spans multiple interfaces - though in OpenWrt is often used as a construct to make GUI config easier for the GUI.
It is very tedious question. So 'consolidated' network should have SINGLE gateway, i.e. one router should behave like router, and the second should behave like dumb access point. In your configuration the only opportunity to unify them is by wan, so you should add vlan to wan, it is very tedious.
Does the DSL modem support VLANs? That would be a good starting point. If it doesn't, then it will get more difficult, as you'll have to interconnect 3 devices, which might cause bridging loops.
If it does, then assign all necessary VLANs on it and convert the OpenWrt routers to dumbAP.
That's correct, VLAN is an Ethernet-only construct. There are no VLANs with 802.11. What you can do is bridge a given wireless interface to a VLAN-tagged Ethernet interface, so that when the 802.11 client's packets go out over Ethernet, the Ethernet interface tags the packets.
If I understood it properly, you need to create an interface group for LAN and one for Guest. Then configure them for IP/mask/etc
Finally use add Tag Operation to mark the downstream traffic with a VLAN tag.
However I am afraid that it will not let you to add both VLANs for LAN and Wifi on one LAN port. That is because the reason behind the VLAN functionality is to allow IPTV or VoIP that might work on a different VLAN to be assigned on a specific LAN port. So if you connect the VoIP Phone or the STB on the router to connect to the specific subnet for the voice or tv, instead of the generic internet.
Yes, after some fiddling I believe VLAN functionality on that DSL router is not meant to be used in normal network traffic (but rather as you said with IPTV and VoIP).
There are interface groups, however only one group can use WAN Interface (in my case ADSL/ppp1). So these groups are pretty much useless for me.
My only hope, is that VLAN functionality works, so I can make one of OpenWrt routers primary one and second one dumb AP.
If you can rewire your network, VLAN support in the DSL router is not needed. In fact, you could even set it to bridge mode:
Disconnect PC#1 from the DSL router, and connect it to OpenWrt#1 or #2 LAN.
Set up OpenWrt#1 as a dumb AP. Connect its LAN port to OpenWrt#2 LAN, and disconnect it from the DSL router.
Use OpenWrt#2 as the router and DHCP/DNS server, its WAN port remains connected to the DSL router.
Now the DSL router has only one client left (OpenWrt#2). Reconfigure the DSL router to bridge mode, and adjust OpenWrt#2 WAN configuration if necessary.
Enable VLAN tags for the LAN and Guest subnets on the link between OpenWrt#1 and OpenWrt#2.
Yes, this makes lot of sense. However rewiring is not very comfy job and would require lot of new cables, drilling ... (I live in two-storey house).
Regarding TP-Link TL-WR841N/ND. Yes it's very obsolete now, but I plan to give it second wind by replacing it's FLASH - NOR Memory with 16mb one (or if I fail soldering, I would buy new router).
With a budget for new hardware, I could think of a few more alternatives to work around possibly limited VLAN support in the DSL router:
Buy a switch with 802.1Q tagged VLAN support and put it next to the DSL router.
Buy an OpenWrt-supported router to replace the TP-Link TL-WR841N/ND v8, and use the latter as a VLAN-capable switch (100 MBit/s only) next to the DSL router.
Again, buy an OpenWrt-supported router, but connect it next to the DSL router, which can then be set to bridge mode. OpenWrt #1 and #2 become dumb APs. The new router will handle VLANs, SQM, DHCP/DNS and all the other OpenWrt features.
An OpenWrt router with integrated DSL modem works well for me on ADSL. The VRX200 Lantiq SoCs will max out around 50 MBit/s network throughput when SQM is enabled, and I have seen reports that DSL sync speed can be lower than other DSL modems, especially when connected to a Broadcom DSLAM at higher line speeds.
Thank you for your advices. I decided (upon your suggestions), to replace old DSL router with TD-W8980, which has lantiq chipset and can run openwrt. Also I bought mikrotik hex PoE router mainly for IP cameras, but can also be used for something else.
But now I have another question. Let's say I will replace TL-WR841N/ND v8 with mikrotik and make TL-WR841N/ND v8 just dumb AP connected to mikrotik router. I understand, that this is more question for mikrotik's RouterOS, but wondering if it's even possible, to have two VLANs on mikrotik (one for wired and non guest wifi and second for guest wifi)? They both will use share WAN port connected to TD-W8980. I heard about VLAN trunking, but really don't get the concept.
VLAN on Ethernet adds a "tag" to the front of the packet that says which "virtual wire" the packet belongs on. NICs on the other end of the wire only "read" packets where the tag matches what they've been configured for. Since each packet has a tag saying which "Virtual LAN" it belongs to, you can send several different ones over the same wire and it all gets sorted out at the other end.
