Personal(main), IoT and Guest VLANs - Netgear R6700v2

I flashed my Netgear R6700v2 router with OpenWrt 23.05.0.

I have setup VLANs and firewall rules with another Netgear router with Broadcom hardware using FreshTomato, but I'm very confused with how to do all of this with OpenWRT. My knowledge of all of this limited and I configured FreshTomato a long time ago.

I want to setup 4 different VLANs. One for my personal use (trusted computers, cell phones, RPi media server). One for IoT devices (smart thermostat, switches, Google Home, Chromecast). One for guest, that would simply be used by actual guests. Finally, one for only an IPTV box (least trusted device and requires no interaction with other devices).

I've tried to follow some video tutorials, but I see different methods of doing this. Another thing that confused me is that under Network -> Interfaces, people have different interfaces and devices by default, which I don't get. For example, by default I have the bridge device, eth0, lan1, lan2, lan3, lan4, wan, phy0-ap0, and phy1-ap0. Under interfaces, there's lan, wan, and wan6.

I do not plan on adding additional access points. I'd like to use this router as the main wifi source. My goal down the road is to get a managed 8 port switch, but I wouldn't be configuring that right now. Except for the IPTV box, everything runs off of wi-fi.

What you can see under Network -> Interfaces are the logical interfaces defined. The physical interfaces are on the tab "Devices". You can assign more than one physical interface to a logical interface, e.g. the "lan" interface usually covers all LAN ports (lan1, lan2, lan3 and lan4 in your case).

On your device, eth0 is the complete switch chip.

For configuring the switch (VLANs), please read up on DSA, for example here.

1 Like

Thanks. I'm going through that and OneMarcFifty's video on VLANs.

One thing I've run into is that on my router I do not see the option for "egress" or "ingress" tagged like in OneMarcFifty's video.

Is this due to the router or firmware version?

I don't know these Videos and I'm not going to watch them when there is documentation in the Wiki.

However, it is possible that it doesn't apply anymore if the video uses the switch menu (aka swconfig) when your device is DSA.

It does not use the switch menu. Probably some change in terminology from the change from 21->23. I was able to figure things out with setting up a separate interface with firewall rules using the documentation and another video.

I do think there might be some issue with my particular router regarding the VLAN tagging under "Bridge VLAN filtering". When I tried setting this up, I was getting no wan connection for the guest network. I ended up resetting the router and skipping that.

This was very helpful for setting up the guest network. When I tried doing the VLAN tagging I mentioned above, that's when I started having problems.

Like I said earlier, my goal is to setup a managed switch so having VLAN tagging setup properly is a long term goal, but at least for now I have a guest network setup and should be able to setup other isolated wifi networks in similar fashion.

One somewhat unrelated question I do have is regarding resetting the router to default settings should any problems arise or if I want to start fresh. Can I use this method?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.