Question about VLAN and network architecture

Hi!
I have a question related to VLANs & how to manage my network.
It's not directly related to openwrt, but some openwrt devices are involved in.

I have created a dedicated AP on my openwrt dumb AP to handle IoT (ip camera and others), separated from my LAN.

The VLAN goes to my router (sharing cable with LAN) and connexion between VLAN & LAN goes by the router management (firewall etc..) I use opnsense here.

my point is that all the video flow from cameras goes through the router to reach my NAS on the LAN.

Do you think I could "shortcut" my router by setting a VLAN path through my switch from camera to NAS (setting NAS port as untagged).

Here is a "schematic":

> [ router LAN+VLAN5]----------[LAN+Tagged VLAN   switch     LAN]--------[NAS]
>                              [                     Tagged VLAN]--------[VLAN Openwrt AP]----Y wifi to camera
>                              [                                ]
>                              [                             LAN]--------[my PC]

So today, each connexion from NAS or PC to camera goes through the routeur.

I don't mind for PC to camera: it's sporadic, for management.

Do you think I could do something like this :

[router LAN+VLAN5]----------[LAN+Tagged VLAN) (LAN+Untagged VLAN]--------[NAS]
                            [                        Tagged VLAN]--------[VLAN Openwrt AP]----Y wifi to camera
                            [ switch                            ]
                            [                                LAN]--------[my PC]

The idea is that camera to NAS will goes directly through the switch, not through the routeur.
By using untagged port to NAS, I would expect the NAS does not need to care about VLAN.
Still my PC will go through the routeur to reach the camera, but it's no problem.

Coud this work ?

You have two VLANs, LAN and IoT. I don't see how it could work if you configure more than one untagged vlan on the same port.

If the nas doesn't support tagged VLANs then I think the only option is to use a layer 3 switch which can be configured to route between the VLANs.

1 Like

Good point! I forget this...
I have seen that the NAS can deal with VLAN, but it's not very clear how it works. I will dig in this.
Thanks!

I just tagged vlan 1 on the port where the nas is connected, then I enabled Vlan on nas, with tag 1.
so I was able to configure next things with still a full lan access like before.

After I added vlan 5,also tagged.
It works fine!