[Solved] Home network topology

I am looking for advice on the topology of a home network.

Given:

  • A. Small cable box: 1 ISP WAN wire leading in + 4 Gigabit LAN wires leading out. Enough space for a wired device without antennas. Intend to place here wired OpenWrt device (preferably with 4 ethernet LAN ports), offering firewall, DHCP, AGH DNS for the whole network. Perhaps split VPN for some of the VLANs.
  • B. 1st LAN wire connected to dumb AP with original firmware for reliable Wifi (Linksys WRT1900ACS). Intend to use it for 2 VLANs, VLAN 1 and VLAN2 (corresponding to 5 GHZ and2.4 GHz SSIDs).
  • C. 2nd LAN wire connected to most of the wired devices in the network (VLAN 1: PCs, printers, NAS; VLAN 3: TV).
  • D. 3rd LAN wire connected yet to another isolated LAN (VLAN 4).
  • E. 4th LAN wire – I don’t care (now).

Questions:

  1. For B: Is this possible?
  2. For C: Will I need a switch at this node? Under OpenWrt or under the original firmware?
  3. To understand the roadmap: What major settings will I need to change on OpenWrt device to set this topology up?
  4. Is it possible to use dumb AP in B also to be switch for the wired devices in C?
  5. If I would like to access some devices in the network from outside – what needs to be changed?
  6. What might be changed for improved security?

Thanks a lot! Will really appreciate your advice.

  1. Does stock WRT1900 support VLANs?
  2. You will need a "managed switch" that is one that supports VLANs. 802.3q VLANs are industry standard so you can use vendor firmware in the switch.
  3. Create some additional networks (IOT, TV, etc) and configure the Ethernet system to tag VLANs. The method depends on the type of hardware whether it is direct ports (typical for X86 and Pi type devices), DSA, or swconfig.
  4. Yes a VLAN-aware firmware (OpenWrt) can switch or bridge VLANs both wired and wireless.
  5. On IPv4 you can use port forwards, assuming that the ISP allows incoming connections. IPv6 generally gives LAN devices a public IP, but the firewall by default blocks incoming connections. You can make openings in the firewall for servers you want accessible from outside.
1 Like

Almost certainly no. Most consumer-grade all-in-one routers do not support VLANs with the vendor supplied firmware.

2 Likes

Many thanks!

Is there a way to know if particular [consumer-grade] device when flashed to OpenWrt will support multiple SSIDs (to-VLAN) on its radios?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.