For starters, as far as I can tell things are setup "alright". I can't seem to understand how to get my wi-fi to join the same vlan port that is going out to my other router.
The router running Open-WRT has a better wi-fi hardware, what is why I'm not using the wi-fi built into the Verizon router. I'm hoping there is a way for me to allow the Wi-Fi to join in on the vlan20. So I would be able to view the other systems on that vlan20.
Also if this is a problem I don't know but all routers are running their own DHCP. But have the Open-WRT router set as their gateway. Open-WRT router is also using DSA for switching.
Thank you for any help you can give as I have already had to restart a few times. lol
Is VLAN 20 tagged from the Verizon router? Is the Verzion router creating any additoinal networks, or is it only VLAN 20?
How is the Verizon router connected to the WRT1900AC -- is it LAN-LAN or LAN-WAN?
Let's see the configuration of your WRT1900AC
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
Hello psherman, I have done nothing to the Verizon router other then to change its default private IP address to 192.168.20.1 and its default gateway, pointing it to the Open-WRT router (192.168.1.1).
The Verizon router does nothing but act as a wired hub for the other systems to connect to. Open-WRT goes from lan port to WAN on the Verizon, from there the other systems connect to the Verizon lan ports. I guess it would be LAN-WAN then.
Thank you very much psherman for taking a look at this.
PS) I am unsure what you mean by this "Is VLAN 20 tagged from the Verizon router?" Only tagging was done within Open-WRT router.
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'XXXXXXXXXXXXX'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config device
option name 'lan1'
option macaddr 'XXXXXXXXXXXX'
config device
option name 'lan2'
option macaddr 'XXXXXXXXXXXX'
config device
option name 'lan3'
option macaddr 'XXXXXXXXXXXXX'
config device
option name 'lan4'
option macaddr 'XXXXXXXXXXXXXX'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '1.1.1.1'
list dns '8.8.8.8'
option device 'br-lan.20'
config device
option name 'wan'
option macaddr 'XXXXXXXXXX'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option type 'bridge'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
option type 'bridge'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'lan1:u*'
config bridge-vlan
option device 'br-lan'
option vlan '30'
config bridge-vlan
option device 'br-lan'
option vlan '40'
list ports 'lan4:t'
config interface 'Servers'
option proto 'static'
option device 'br-lan.30'
option ipaddr '192.168.30.1'
This is the problem. The devices behind the Verizon router are NAT'd and firewalled by the Verizon router since you've connected to the WAN port. Those devices are not on the 192.168.1.0/24 network -- they will be on some other subnet (seems like they are on 192.168.20.0/24). The problem here is not OpenWrt, but rather the Verizon router. You need to connect to the lan port of the Verizon router.
Before you do that, though, you need to do the following:
Set the verizon router's LAN IP to something in the 192.168.1.0/24 network that does not conflict with anything else on the network and is outside the DHCP pool (pool = 192.168.1.100 - 192.168.1.249).
turn off the DHCP server on the Verizon router
connect the verzion router's lan port (instead of the wan port).
renew DHCP leases on the devices connected to the Verizon router.
EDIT: I should clarify that the above will put your lan and the devices connected to the verizon router all on a single subnet. If the desired situation is to have them on an independent/isolated network, you'll still want to do most of the above, but with some additional changes to the main router to create the additional subnet that originates on the OpenWrt side. Let me know what your goal is.
Yes the idea was to keep them in their own isolated network, I was going to ask about the fact that they are now on the same network as that of the Open-WRT router (192.168.1.#). But I guess that is why.
So if I may ask, how do I go about putting them on their own isolated network ?
The way to address this is to create a new network on the OpenWrt side...
First, reasisgn the main lan... to a new bridge... maybe br-lan.1 (not sure if you want this on any physical ports and/or wifi... but it's worth keeping this intact.
In the below, this would put VLAN1 (192.168.1.0/24) on port lan2 untagged, plus it is still connected to the wifi network.
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan2:u*'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '1.1.1.1'
list dns '8.8.8.8'
option device 'br-lan.1'
you'll need to assign lan20 to a firewall zone (or create a new one) and also probably make a DHCP server for this network. To link it with wifi, you'll create an SSID and set the network as 'lan20'. Your Verizon router will need to have a static IP (such as 192.168.20.2), and the DHCP server disabled. Then you'll connect to the Verizon router's lan port.
I'm guessing that your DD-WRT linksys router is similar story...
Basically, your current config isn't really VLANs, but rather cascaded routers -- behind each additional router you've got a double--NAT situation and those routers are actviely routing. The preferred approach is to configure your main router with the additional networks/VLANs and then make those other devices dumb APs/switches.
That said, if you want them to route, you can do that provided that the firewall on those other 2 routers allows you to turn off NAT masquerading and allow inbound connections to the hosts behind them. You'll need to create static routes on your main router, too. The disadvantage here is that it is more complex to administer. That is why I prefer/recommend that you make the main router handle all of this -- you can then craft your firewall rules to give you whatever level of access/isolation you need, including very granular control if desired.
I seem to be having some problems or I miss understood how I should go about doing what you said.
Every time I try this out I end up breaking it, and having to restart from a backup, or maybe I am doing it right and I'm just missing some important details.
1: For starters how do I go about reassigning the main lan to a new bridge ?
Do I do this from within the network file or within the web-portal ?
2: After that do that, I just paste what you said for the config into the network file without editing anything else ?
As for the firewall I just used the same one that I was using for lan before.
Is the DHCP not on already by default, under "interface -> LAN" I do see settings for DHCP server, but I'm not sure what to do in there.
I just go back into the Verizon router and set its IP as 192.168.20.2 and keep DHCP disabled ?
The idea is to have a vlan20 that goes to my home computers using lan port 2 and have the wifi also be on the same vlan so I would be able to connect with using a wifi also.
Maybe a reset to defaults would be the best option... then we can add one VLAN so you can see how it is done... once that is working, you can add the others using the same recipe.
So after resetting everything where do I go from there ? I have tried the youtube videos but most seem to be all about wi-fi and the one I was able to find about ports, is what got me here now.
I had actually covered that earler, but it also became clear that the OP needs to configure the VLANs in the main router to achieve the goals... so we're working through that now.
The G-series devices - I don't believe it does VLANs. You can only enable a second guest WiFi network, maybe some static routing, DDNS, custom configs for the LAN...that's about it. The dual channel 5.4 GHz is cool!
(Thats 1 Big reason I connect the OpenWrt to the ISP demarcation point and use the ISP device downstream of it. One caveat though - they usually only convert from coax to Ethernet on new activation or a plan that has bandwidth greater than coax.)
Also, if the OP's connection is indeed coax, the WAN port is likely disabled anyways in addition to it being the wrong port.
The OP described using the device basically as just a switch where all devices connected to it will be on the same subnet. This means we can treat the device as an unmangaged switch... no VLANs/tagged networks involved. So, as long as DHCP can be disabled and the address can be set appropriately in the desired subnet, we don't need to worry about anything there. It'll be a lan-lan connection with the main router handling the routing/DHCP/DNS for that subnet.
Now would it be alright to plug in the router Verizon. It is already set to Static address (192.168.20.10), with DHCP disable.
Also the wi-fi if I am able to get it on the same vlan?
I tried to mess around with it and ended up breaking it again so back to step by step lol.
@lleachii yes the Verizon router is just a dumb router as I needed more ports then what my linksys can handle. Plus it has 1GB ports so why buy a switch if I can just use that.
Seems to be some type of problem nothing is able to connect to the internet, on that port same for the wifi. It is able to connect to the Open-WRT and Verizon routers. Seems to just be block from the internet. Maybe a firewall problem ?
Also, if the OP's connection is indeed coax, 