Hello Folks,
i write in hope that you can help me out with my requirement.
I want to split my network into 3 tagged VLANs.
Does OpenWRT got the ability to serve as a router and dhcp server for those VLANs?
What i've read so far it must be possible having the right hardware for it.
Somehow i cant get my head around it as i dont find anything documeted to start.
Greetings
So I just went through a custom setup and did a bunch of posts around this topic, mine even accounts for ipv6! What kind of hardware do you have now? I used a raspberry pi, a usb Ethernet adapter and a Edgerouter - x that I had flashed to openwrt. Basically the concept is, on the main device I created the network interfaces, and on the Edgerouter I setup the vlan trunk and tagging. (This took me a while to mostly understand what was going on)
If you want connection between other VLAN users, then you need a second device to route traffic between those VLANs.
If you do not want VLAN users to communicate with each other, all you need is one device, create your VLAN's and attach a interface to each one. Then you can have a DHCP server for each interface
Why the mention of tagged? Tagged is needed only if you need a trunk, is that the case?
thanks for the quick replies.
what i want:
3 networks separated from each other (VLAN 1 "main", VLAN 2 "guest", VLAN 3 "IOT") with one device or additional network to have access to each of them.
Why tagged? Because i got 2 APs running with OpenWRT both devices would span a wifi for my "main" & "guest" vlan.
Which hardware? Thats whats gnawing in my head ...
As far as may knowledge goes, i need a dhcp server to servce dhcp pools for each vlan plus additional routing capabilities for a device / network to administer vlan 1 to 3.
Thats the reason i looked up for example a Ubiquiti EdgeSwitch 8 Port which does VLAN Tagging & Routing and got DHCP Server.
A cheaper version would be to get an tp-link archer for example and turn into a managed switch / router and dhcp for this purpose.
Any advice or recommandations is greatly appreciated 
An Edgeswitch 8 port sounds like far more switch than you need. And I wouldn't use it for a router and DHCP server - it is a switch.
Do you already have a gateway router for your network? If not, you'll need one. And how fast will your ISP service be?
Do you need POE for your AP's, or do they use their own power supplies?
Yeah i could get it around for like 180 € but somehow i feel its too much for my needs as just want basic functionality but with proper lan segmentation.
Today i will get my Fritzbox 7510 running for internet & phone. My ISP is providing VDSL 50 / 10.
I got an AC1750 downstairs and RE450 upstairs covering wifi with roaming both conntected via ethernet.
Since your AC1750 (I assume it is is an Archer C7?) and RE450 AP's are both already running OpenWrt, you have everything you need already. You don't need a lot of fancy hardware for VDSL 50/10 service.
Connect the Fritzbox 7510 Ethernet port (looks like it only has 1) to the WAN port on your AC1750. In other words, treat your Fritzbox like a modem. I assume the Fritzbox OS does not support VLAN or you don't trust the OS. If you can put your Fritxbox 7510 in bridge mode, do that, otherwise just accept that you will be double NAT'ing. Also turn off the Fritzbox WiFi.
Use your Archer AC1750 as your gateway router, switch and one of your two WiFi AP's. Connect the RE450 by Ethernet to a LAN port on your AC1750 as your second AP.
On your AC1750, set up your three VLAN interfaces, DHCP server for same, firewall and, since you have VDSL, I would set up SQM to tame bufferbloat - at least on your upload, but probably both download and upload. Trunk the VLANs to the port your RE450 is plugged into. Then set your RE450 up as a dumb AP with three network interfaces for the VLAN's (but no DHCP - your AC1750 is handling that!).
You've got some decisions to make on your WiFi SSID's. My personal preference is to have separate SSID interfaces for 2.4 GHz and 5 GHZ for each VLAN, and bridge the 2.4 GHz and 5 GHZ WiFi interfaces to the same VLAN network. I also use the same SSID names, security and password key for each VLAN on all AP's (different SSID names for 2.4 GHZ and 5 GHZ, but same names for each VLAN) to support 802.11r fast transfer.
The answer to your original question, will OpenWrt do all this? Yes, of course it will (I'm running my network much like this now with all hardware using OpenWrt). But be prepared to "go to school" - networking school - and learn a lot along the way if this is your first time setting up something like this.
back to school is what i am now, in theory i got it but when it comes to execution i got a lot of doubts.
anyways thanks for your answer that could be a working setup, the thing i wanted to place all my hardware into my utility room because i'm limited on my ethernet ports.
Right now my archer C7 AC1750 is placed in the living room on the ground floor connected to the only ethernet port and serving one ethernet connection to my nvidia shield plus the wifi coverage.
i wouldnt replace the C7 in the living room as deals a great coverage on the groud floor for all connected devices.
a workaround would be to get another gigabit + wan device flash openwrt and let it handle all the traffic from the connected ethernet ports.
I was in doubt openwrt could handle all the L2 and L3 Layers but as i read all your answers openwrt could server also as dhcp servers for my vlans? (just be sure) 
Hey that’s mine! Nice I actually commented right below and never saw you linked my setup lol
Yes. OpenWrt handles this easily.
Okay i will give it a try ... i assume all my vlans must be routed to the fritzbox?
No. Especially if it can be put in bridge mode, I would treat your Fritzbox as a modem only device to provide Internet to your C7 WAN. That's it. Then have the C7 be your gateway router and have the C7 manage the VLAN's, DHCP and your firewall, plus provide one of your WiFi AP's and a trunk line to your RE450 for your second AP.
More generally, another reason to use the Archer C7 as your gateway router is to gain the security advantages of OpenWrt for your home network.
While it may be the case that your Fritzbox operating system supports VLANs and could be your gateway router instead of your Archer C7, you would need to find a Fritzbox forum for help sorting that out.
i check if fritz in modem mode is suitable for me because the only reason i got the fritzbox was use my landline phone.
when my c7 is in bridge mode for internet its acting as a gateway, so far so good ... but how is it that no routes are nessacary for the vlans? because all the interfaces are bridged to the lan interface and traffic is allowed for the wan interface?
I suggested putting your Fritzbox in bridge mode, not your C7. Read my above posts again. Bridge mode on the Fritzbox will provide internet straight through to your C7 with no routing on the Fritzbox. Again, the idea is to use your Fritzbox purely as a modem, so that your OpenWrt devices handle your home network set-up.
Routes are necessary for VLANs. On your C7, each VLAN should have it's own network interface and DHCP server configured on their own sub-nets, and you should add firewall rules on your C7 to allow each VLAN DNS and DHCP access.
yeah thats true, what i wrote is not what i meant 
fritzbox (modem) <> c7 (router + vlan + dhcp) <> vlans
My question goes like this ... are routes still nessecary when vlans are created and connected to the lan bridge to access the internet?
And this post should get you started on your RE450 as a dumb AP.
Just watch out for sending the intended tagged vlans to the lan port on your C7 that your RE450 is plugged into; and don't miss:'
in /etc/config/dhcp, add
option ignore '1'
in your dumb AP. You don't want two different devices fighting it out to provide dhcp service on the same vlan.
Thanks for the support so far. I will try to use the openwrt solution with my c7 as main device for serving routing, vlan and dhcp.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.