I purchased an HP JG927A at a PC recycling shop some time ago and flashed it with OpenWRT.
It works extremely well as "just a big dumb switch". But I'd like to take advantage of some of the more in-depth functionality of a larger switch. Specifically I want to segment off individual ports (or sets of ports) from each other.
I looked at the /etc/config/network setup and tried creating a new “bridge-vlan” interface and moving a couple lan ports on to it. But this did not work.
I’ve never tried splitting up ports under OpenWRT, let alone on a large “switch” device like this. Any configuration examples I could pull from would be deeply appreciated!
A visual example of what I’d like to do is provided below.
Please post your configs directly on the forum (not via external sites).
Please use the "Preformatted text </>" button for logs, scripts, configs and general console output.
Please edit your post accordingly. Thank you!
That said, it looks like you removed all the ports from the bridge. All of the ports need to be included in the main bridge, and then from there you create bridge-VLANs with only member ports (per-VLAN).
If I understand the OP's goal, it is to basically have 4 "independent" switches in one chassis. In other words, not using a VLAN aware router to trunk the VLANs, but rather setting up 4 independent networks entirely (possibly with 4 different routers).
@CursedSilicon if that is your plan, what you've drawn will work. But @brada4 's point about connecting the VLANs is relevant if you have other plans. The switch will not route traffic fast enough to be usable (it can switch at line rate, but routing would be in the ~20Mbps range). Or, if you will be using a single router with multiple VLANs, you need to setup one or more trunk ports.
@psherman Your description is correct, I do apologize for the misunderstanding. I’m not a networking buff, so my assumption was “VLANs” were what I was after. (Would “partitioning” be more correct in my case?)
I want to (effectively) take groups of ports and have them “only” be able to link up with other ports. Such as ports 1-4, 5-9, 10-14 and so on.
A bit more background if it’s helpful. My intention is to “partition off” a group of ports to set up a specific “independent LAN” for untrusted devices (IoT and other “junk” hardware that I don’t trust on my regular network)
Taking this to the next logical step.... where is the upstream for each of these networks? In other words, assuming that your iot network will have internet connectivity, where is that coming from? Will you be using a separate router for it? Or will you be using your main router? (is your main router capable of VLANs)?
For upstream I’ve got just a cheap x86 PC with some extra NIC’s. I was going to add a second network with OpenWRT and then connect that to one of these segmented off ports
@brada4 Is there a way to do this via the command line instead? In case I break anything it’s easier to revert as the switch has a serial (console) port permanently connected
As long as you're not performing the routing on the switch, that's fine. You mentioned you are using an x86 PC for your router -- this means you don't need to use the switch for any routing, simply L2 (switching).
You can do this all over a single port/cable (it's called a trunk when you are carrying multiple networks on a single port). You'd configure each side to have a matching trunk port, and then segment the rest of the ports as desired (and you can also have other trunks that go to other downstream VLAN aware devices like APs and such).
The VLAN guide on the wiki also only has an example for a device “not using DSA” (possibly outdated, if I understand correctly?)
For reference. These are the two configuration panels I get when I select “Configure” on any of the LAN1/2/3/etc ports at the bottom of the above screenshot.
