I only know to use Luci to do OpenWRT configurations. If needed, I will following instruction to do configurations in terminal as well.
My OpenWRT is like follows:
vlan1: 192.168.1.1/24, DHCP, DNS, NAT access via vlan2, lan/wifi SSID vlan1
vlan2: Internet Uplink. DHCP from ISP. NAT outgoing interface.
vlan3: 192.168.3.1/24, DHCP, DNS, NAT access via vlan2, lan/wifi SSID vlan3
I want to further achieve the following:
- vlan1 can access vlan3, but vlan3 cannot access vlan1
- add vlan 4, such that OpenWRT only offer DHCP on this new subnet. No DNS, no NAT access, vlan4 cannot access other vlans and vice versa.
Please give me directions on where I can find more information.
Thanks in Advance!
If you are looking for information, as far as documentation goes check https://openwrt.org/docs/guide-user/network/vlan/start, there are several topics you should check for your use-case, especially VLAN Switch for VLAN access and traffic control.
Thank you for the pointer!
VLAN3 machines cannot access VLAN1 machines now.
Can OpenWRT is not allow NAT access for VLAN4 client machines also.
I still have two issues:
- From a VLAN1 client machine, I can still ping 192.168.4.1, which is the vlan4 IP address of OpenWRT (it is not a big deal, but if possible, I want to hide that also.)
- From a VLAN4 client machine, the Default GW giving by DHCP@OpenWRT is 192.168.4.1 . How can I change that to 192.168.4.2?
Thank you for the hints, @trendy and @freezeheat.
I tried two methods to override the Router value issued to DHCP clients:
- From Luci -> Network->Interfaces->vlan4->edit
- DHCP Server -> Advanced Settings -> DHCP-Options, enter "3,192.168.4.2", then click on the '+' size.
- Save, Save & Apply
- Result: Win10, ipconfig /renew, timeout without getting any IP.
- Using uci
- run at OpenWRT ssh shell:
uci add_list dhcp.vlan4.dhcp_option=”3,192.168.4.2″
uci commit dhcp
Removing that Option3, then DHCP offer is ok. Just GW is not overrided.
should be 4.2
If you still have problem, you need to run a tcpdump to examine the contents of the DHCP offer, to make sure that options are applied and advertised properly.
Yes, I used is 4.2 . Thanks for spotting my typo.
I will try to learn tcpdump and see what I can find out.