Hello! I'm new to OpenWRT and am unclear if I'm making a config mistake or if I've bought the wrong kind of switch/router.
I basically want to isolate my ISP router so that my ethernet is managed by my switch (Netgear GS308T), i.e. the switch is meant to effectively be a router.
I've created 2 VLANs, tagged port 1 to both, set ports 2-8 to only participate in VLAN 2, and assigned both to the same firewall zone.
This almost works... except that none of the devices (ports 2-8) in VLAN 2 get assigned an IP address. What am I missing? There's no DHCP options in the interface or device - is my switch not able to do this?
Hostname OpenWrt
Model Netgear GS308T v1
Architecture RTL8380
Target Platform realtek/rtl838x
Firmware Version OpenWrt SNAPSHOT r21433-a797f0e82a /
Kernel Version 5.10.156
/etc/config/network:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd37:872c:f3aa::/48'
config device 'switch'
option name 'switch'
option type 'bridge'
option macaddr 'XXX'
list ports 'eth0'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
list ports 'lan8'
config bridge-vlan 'lan_vlan'
option device 'switch'
option vlan '1'
list ports 'eth0:t'
list ports 'lan1'
config device
option name 'switch.1'
option macaddr 'XXX'
config interface 'lan'
option device 'switch.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.0.1'
option ipaddr '192.168.0.10'
list dns '8.8.8.8'
config bridge-vlan
option device 'switch'
option vlan '2'
list ports 'eth0:t'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
list ports 'lan8'
config interface 'main'
option proto 'static'
option device 'switch.2'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
Is the DHCP server enabled for your second interface? In LuCI, when you edit the interface, there is a tab called "DHCP server".
That said: For DHCP the switch is probably OK. Just keep in mind that it's not meant to be a router, so expect really bad performance if you use it for routing or firewall purposes.
Ah crap I see, thank you for the links. Basically I'm not trying to do anything complicated, I a) wanted to play with openwrt and b) wanted a single admin interface so I could ignore my ISP router. I didn't realise routers were so much more powerful than switches - that explains the price difference I guess! Maybe I should scrap this VLAN plan and just let it be a plain old switch.
Seeing as you have the exact same model - are there any particular benefits of using OpenWRT on this switch? Anything cool I should try?
A switch is not a good place to run the routing elements of OpenWrt. Setting up VLANs in this nature (if the VLANs are supposed to route to the internet or other networks) means that they need to be routed on the switch. Switches are very good at switching (L2), but pretty slow at routing (L3).
If you want to experiment with creating and routing VLANs, you will be best served with a real router running OpenWrt.
There are many reasons to run OpenWrt on your switch. I'm not suggesting that you go back to the vendor firmware.
What I am saying here, though, is that a switch is not a good place to deal with VLANs from a routing perspective. In other words, you should use a router to setup the VLANs for routing purposes (and often, but not always, that includes that DHCP and DNS servers for the networks). The switch would be configured to switch those VLANs such that the relevant ports are members of each VLAN as needed (trunk and access ports).
The idea is that routing (L3, inter-network connections) should happen on hardware that is good at routing... switches generally do not do well at this from a hardware perspective. And switching (L2, intra-network connections between ports) should happen on hardware that is designed for efficient switching. These are two very different mechanisms of moving traffic, and the hardware is reflective of that in its design.
Does this mean that your other devices are also running OpenWrt? If so, perfect! Set up the VLANs first on the router (where they can be routed) and then use the switch purely for moving the traffic between ports based on the VLAN membership.
Mine? Yes. It took some time to reach this goal, but I have all networking equipment running on OpenWrt. Moving to an OpenWrt-supported switch was the last step I took (well, the realtek target is still relatively new and my routers are OpenWrt-based since the 0.9 series).
Great. Start with the router. That is where the main setup need to happen. Then you will set your switch to handle the VLANs, but the switch should actually only have an address on the management network. The other networks will be unmanaged (no address).
Thanks both this is great discussion. It looks like I need to go back to the drawing board - my ISP-supplied router/modem isn't openwrt compatible, so I'll either need to accept that it'll handle DHCP, or I need to invest in a new router.
I think technically the solution for my OP is to install dnsmasq, so I've accepted andyboeh's reply (although to be clear I've not actually attempted this to see if it would work)... Clearly the actual solution is not to use a switch as a router!
should I have bought an actual router?