I would like to use openwrt as a managed switch. The openwrt switch has 4 lan ports and 1 wan port. I have already configured the wan port as a lan port as the openwrt router connects to the internet though another router on my network. I want to configure the openwrt switch to connect to the main router through one port and use the other 4 ports as separate networks with internet access.
I have watched a couple of videos on openwrt vlans but can’t get this work. I want openwrt to provide IP addresses for all devices connected to it. If anyone can provide a high-level description of how to implement this, I would greatly appreciate it.
My current configuration is:
Router Asus RT-AC56U (BCM4708)
Architecture ARMv7 Processor rev 0 (v7l)
Firmware Version OpenWrt 21.02.1 r16325-88151b8303 / LuCI openwrt-21.02 branch git-21.295.67054-13df80d
The only networking change I have made is to configure the wan port as a lan port. The firewall is also disabled. Not sure if firewall rules are necessary to permit internet access and/or block traffic between networks.
The dumb AP mode is not ideal for this situation, and you most certainly do not want to allow a DHCP server to operate on the existing LAN network from your upstream router.
Are you more comfortable in LuCI (web interface) or are you good with the command line? That impacts how we discuss the steps (if you need specific guidance).
Fundamentally, you'll be creating a situation where there are 4 VLANs on the switch. Then you'll setup a network interface for each one. The subnet for each one must be different (often it is useful to use a subnet that leverages the VLAN ID -- purely for human readability purposes). So for example, if you create VLAN ID 4, you might use 192.168.4.0/24 as the subnet, and VLAN 10 might be 192.168.10.0/24.
Then, you'll probably want to setup a DHCP server for each of those networks, and finally assign each network to a physical port on the router using the switch conifg.
You will need to use the firewall to allow proper routing and also to allow/prohibit inter-VLAN routing.
The process is pretty straightforward, but there can be nuances depending on your specific goals.
Also, will the upstream router be used for anything other than the gateway for the OpenWrt router (i.e. will devices be connected to the LAN of that router)?
Let me try and answer the questions asked:
1/ The upstream router is a pfsense box that has other devices connected and runs a dhcp server
2/ I am not very experienced with openwrt but am more comfortable with its GUI interface
3/ as for where the networks should be separated, I'm open to suggestions as what would work best
As for me, I am a programmer with some basic, home-grown knowledge of networking.
It will be easier to manage your network with things centralized. I would separate the VLAN networks on your main pfsense gateway and send them tagged to your OpenWrt "switch" device on the pfsense port it is connected to. For the same reasons I would have the main pfsense box do DHCP server duties for the VLAN's.
With this specific info, I'd also recommend that you setup VLANs on the pfsense box and then use a trunk to send all the VLANs to the OpenWrt device (from which you can use the switch to split them into access ports). Setting up the VLANs on your main router makes everything much easier to manage.
pfsense is a very capable routing OS. I had assumed (incorrectly, obviously) that your upstream router was some very basic device without exposed VLAN functionality.