Replace additional cable with help of VLAN

This is my network setup.
The OpenWRT router is connected to the unmanaged switch by the WAN port. The problem is that my devices connected to the OpenWRT router (or directly to the switch) can't communicate with devices connected to the wireless router on the second floor.
The router on the second floor is set to bridge mode and all its clients should get IP addresses from the OpenWRT router's DHCP server, but they won't.

But, if I connect another cable from the unmanaged switch to one of the LAN ports of the OpenWRT router, devices on the second floor would have IP addresses and internet access.

How should I implement this physical cable role with VLANs and bridges on the OpenWRT router?

OpenWRT v23.05

The easiest solution would be directly connecting your ISP modem to the OpenWrt router's WAN port and then going from one if its LAN ports to the switch.

Edit: Ah, and your upstairs router needs to be put in DumbAP mode, so that everything within your LAN is handled by your OpenWrt router.

1 Like

Unmanaged switches don't allow separate networks in the same switch. Strange, but entirely predictable, things will happen such as a device on the second floor getting its DHCP address from the ISP modem instead of from OpenWrt.

If they really are in the same room as the drawing shows, do what @andyboeh said and connect the WAN port of OpenWrt directly to the ISP modem using a separate cable. The only thing connected to the ISP modem (by wired or wireless) must be the OpenWrt router.

1 Like

I can't modify the wiring. The switch and the ISP router are in the basement and the OpenWRT router is in the main building.

Both ISP and up-floor routers are in the bridge mode (DumbAP with no DHCP server) and the only DHCP server and PPPoE connection is configured in the OpenWRT router.

I have another separate unused switch. I can take the cable from the wall outlet and insert it into this switch and from there connect both of the OpenWRT's WAN and LAN ports to the second switch. The problem with this approach is that the second switch has 10/100MB ports and it'll slow my network.
Is there any way to do the job of the second switch with the OpenWRT router itself? If I bridge all the ethernet ports on the OpenWRT router, I can communicate with the devices connected to the second router but the internet connection will be lost on both routers.

Please don't. You're connecting WAN and LAN and, even if WAN is provided via PPPoE, you are exposing your LAN at least to the ISP modem (and your ISP's network). Usually, you want a clear separation between WAN and LAN.

As @mk24 pointed out, the only thing connected to your ISP modem has to be the WAN port of your router. And that WAN port is never connected to any other device in your network.

So if you can't change the cabling, your next option is to get a managed switch and do the separation virtually using VLANs. For example like this:

  • Port 1, untagged VLAN 10 for the ISP modem
  • Port 2, tagged VLAN 10 and tagged VLAN 20 for the OpenWrt router
  • All other ports untagged VLAN 20 for your LAN devices including your upstairs router

The OpenWrt router needs to be configured for this kind of setup to allow LAN/WAN on the same physical port.

3 Likes

The modem does not seem to be bridged, if it has an internal IP. If you configure it as a real bridge, would it use PPPoE on a VLAN? Are there more devices connected to the switch? Does it handle tagged traffic properly? Could you change it for a managed switch, if it doesn't?

That's a good point. My previous ISP called this "Single user mode" and the modem had the internal IP 10.0.0.138 to reach its management interface (where you could configure about -- nothing). I think that it forwarded just the PPPoE traffic to its internal VLANs, but I'm unsure about this.

As three separate locations, this would be best set up as a main router and two APs. With the equipment you have, you could move the OpenWrt router to the basement and the switch to the main building, but then there would be no wifi transmitter in the main building, everything there would need to be wired.

I need to correct something about the ISP modem. This modem is a very old DSL modem that belongs to me and is not ISP's property. Here are the WAN and LAN configurations on the DSL modem:
DSL-WAN

Actually, I prefer not to do this. I have multiple SSIDs on the OpenWRT router for guests, VPNs, IoT gateways ... with different policies that can't be achieved with other generic wireless routers.

I think I have two options to get away with this:

First, as advised by @andyboeh and @mk24, I can unplug the ethernet cable from the switch and connect the cable to the DSL modem and the other end directly to the OpenWRT's WAN port in the main building without relocating the devices and another cable from other unused outlets in the main building and plug it into the OpenWRT's LAN port. All outlets in the building are connected to the switch. This setup would be as follows:

DSL Modem ↔ OpenWRT WAN — OpenWRT LAN ↔ Unmanaged Switch

Second, I could maintain the existing setup and simply run an additional cable from an unused outlet in the main building to the OpenWrt’s LAN port. However, should I be concerned about the security implications of this method? Is my LAN compromised to the outside world?

The advantage of the second option is that I have a Mikrotik outdoor wireless CPE (configured as a bridge like other devices) which is also connected to the unmanaged switch and I use it from time to time to connect to the internet with a different ISP. I have a separate PPPoE interface on the OpenWRT router attached to a separate SSID for this purpose. But if I go with the first mentioned option, I can only access one ISP at the same time and I also have to relocate the cable from the DSL modem to the Mikrotik CPE manually.

WAN Interfaces

I'm having a hard time following these proposals without a diagram.

If you are willing to run additional cables between the sites of course many things are possible. Another possibility is to extend the DSL line out to the main building so that you can place the modem there next to the router. DSL can run on one pair in a cat5 cable.

I updated the diagram for the first option:

and the second option:

Both of your options have loops in them... those will cause the network to completely break. Loops are not allowed, and you still haven't solved your issue... the unmanaged switch must not carry both the wan and the lan.

The only way that your desired configuration can be achieved (with the existing wiring) is using a managed switch.

In the first diagram, the unmanaged switch is only connected to the OpenWRT LAN port.

Correct, but that means that the OpenWrt router isn't doing anything for the stuff in the dashed box. Those devices will only work if the ISP modem is actually a modem+router combo... and if that's the case, you don't even need your OpenWrt router to do anything other than operate as a dumb AP/switch.