My ISP provides internet and IPTV services. IPTV has its own VLAN.
To get correct IP addresses from DHCP server, correct MAC addresses needs to be cloned for interfaces.
My previous setup, that was working fine:
My router was OpenWrt 19.07.8 (with switch)
On wan port I had two virtual interfaces, one for internet and one for IPTV (with clone MAC addresses)
IPTV was processed on a router (with tvheadend app, getting tv streams from IPTV (VLAN) interface and providing streams to LAN devices)
I have two OpenWRT routers. First is OpenWrt 21.02.1 (with DSA), second is OpenWrt 19.07.8 (with switch)
First router - OpenWrt 21.02.1 - is used as router to internet (same as router used previously), but without tvheadend app
Second router - OpenWrt 19.07.8 - is connected to first router (OpenWrt 21.02.1) with tvheadend app installed. Now it is used just as a smart switch, extending LAN network.
Would it be possible to keep my second router (OpenWrt 19.07.8) as a switch, but also get IPTV VLAN streams for tvheadend app (to work the same way as in my previous setup)?
I tried to send IPTV on a trunk link between the routers but cannot get it to work properly. I do not have experience with networking, I just tried to follow information found on web.
First router settings (still does not have IPTV VLAN configured because I do not know how to set it up). It has basic settings, just internet MAC address is cloned.
This concentrates on the first router, and how to hardware switch the TV VLAN over to the second router, along with the regular LAN "trunked" on the interconnecting cable with a different VLAN tag.
The second router will then pull those packets into the tvheadend network, and hardware switch the LAN to other LAN devices. On a swconfig system, this is very straightforward and about what you are doing now, though I would strongly recommend using VLAN tags on all the networks of the "trunk" cable and not try to combine tagged and untagged on the same cable unless you have to. (which the modem does require.)
DSA hardware switching presently only will be properly configured to the hardware if all ports and all VLANs are in the same overall bridge. Other configurations seem syntactically valid and are accepted without error like they should work, but likely will not actually work. So for maximum flexibility, put all ports sharing the hardware switch (in most cases that will be all the LAN ports and the WAN port) into one single bridge before you start.
Then instantiate bridge-vlans (with different VLAN numbers) on that bridge for every network involved, including the LAN and the WAN. This means you'll need to assign numbers to the lan and wan for this internal switching, and attach to the bridge with numbers in the interface configurations (option device br-lan.1) for example. Conventionally tag 1 is used for LAN and 2 for WAN, those will work here, since the only special number set aside by other network components is 10 for TV.
Next attach the ports tagged or untagged to those bridge-vlans. The modem will be 2 untagged and 10 tagged, the trunk is 1 and 10 both tagged, and the local LAN access ports are 1 untagged.
Of course while you are changing all this, be logged into the router by wifi so you don't lose access because Ethernet is incorrect or not completely configured.
Yeah, assuming you need to pass-through WAN side VLAN 4 to to one of your LAN ports you need to change your configuration like this:
Also add the WAN port to the br-lan bridge, add a VLAN 6 with local checked and only WAN port set to tagged
Change your PPPoE interface from wan.6 to br-lan.6
Add a VLAN 4, include WAN port as tagged and a LAN port of your choice as tagged (or is the IPTV STB expecting untagged traffic? In this case set the chosen LAN port to untagged). Local can be disabled for the VLAN 4 as the router itself does not really need to "see" / deal with bridged IPTV traffic
Assuming your IPTV STB is connected to LAN 1 and expects untagged traffic, the VLAN settings on br-lan should look like this:
VLAN ID
Local
lan1
lan2
lan3
wan
1
[x]
-
u
u
-
4
[ ]
u
-
-
t
6
[x]
-
-
-
t
Your logical interfaces should then use the following devices:
Logical interface
Proto
Zone
Device
lan
static
lan
br-lan.1
wan
pppoe
wan
br-lan.6
Further notes:
you do not need to include eth0 in the bridge
to make the config slightly less confusing once all ports are bridged, I personally rename my br-lan bridge to a more generic name like switch0. You can easily do that on the cli using something like sed -i -e 's#br-lan#switch0#g' /etc/config/network && /etc/init.d/network restart
I am going to try your proposal in the weekend. Hopefully I will be able to make it working.
Settings from my ISP are ok. All ports are in one bridge.
Lan4 is connected to second router (with tvheadend).
It is set to tagged for VLAN 16 (IPTV) and untagged for VLAN 1.
Now I have problem with second switch.
All ports are bridged to LAN and it has static IP address.
How to get IPTV on second router on a single port (LAN 1)?
The second router should extend LAN from first router and also process IPTV with tvheadend app.
I do not know how to configure the ports. Link from first router is connected to LAN 1.
Should some IPTV interface be created that will get it's own IP address from first router?
Or should only one static address be used for all switch?
I tried couple of settings, but always lost connection to router and had to start again.
The first router should not be doing anything with the TV network other than hardware switch it onto the trunk cable to the second router. In order for DSA to actually establish a hardware switch route, I think you still need to declare a layer 3 interface, but this should be a dummy interface of proto none. The ONT VLAN16 will never see a MAC address or IP address from the first router since it is acting just as a switch.
Make both 1 and 16 tagged on lan4 the trunk cable.
In the second router's switch config, you need two VLANs with numbers that match what will be coming over the cable (1 and 16) and both tagged on the CPU and the trunk cable. Then eth0.1 is the LAN and eth0.16 is TV.
Start APs on the lan networks and log into the routers by wifi so this is less likely to happen. If you want to be really bombproof create an admin network with a DHCP server and a wifi AP which will be independent of even the LAN.
