I have just flashed a TP-Link WDR-3600 with OpenWRT and want to use it in my network. It will sit behind my ADSL router, which will only act as a modem, with my OpenWRT taking over gateway router tasks. The ADSL modem router lacks a bridge mode, so I will have to go with setting it into DMZ mode. The WDR-3600 will become the new DHCP server and I will turn off the WiFi on the ADSL router and use the OpenWRT router instead.
I want to set this up so that most clients use my PiHole DNS sever, while some clients (both wired and wireless) use a separate set of DNS servers. Ideally, I would like all clients to be able to communicate with each other on the LAN. What is the best way to achieve this? The router is currently set up with:
4 devices – br-lan, eth0.2, eth0 and eth0.1
3 interfaces – LAN (br-lan), WAN (eth0.2) and WAN6 (eth0.2)
(I haven't activated wireless yet.)
I think I've understood that the 4 physical LAN ports are combined in the br-lan interface. I could break out one of the physical devices from br-lan, but that seems not possible from Luci – do I need to use the command line to do that?
Is there another way that I can achive the separate DNS server assignments to a specific physical port and to a separate SSID on the wireless interface?
I have been trying to get my head around L1, L2, L3, devices, interfaces, VLANs etc. – if there is a recommended set of reading materials that would help me figure out the above, that would be great, but I would also appreciate practical suggestions on the best way to achieve what I want.
(Or should I say: Captain Haddock?)
You can vlan every port differently using (old) swconfig, i.e. eth0.1 eth0.2 eth0.3 eth0.4
There is lots of info on openwrt wiki about that, starting at:
And it could be done within Luci.
I had a device with broken WAN port and could route eth0.1 as WAN and all others to LAN.
So it is possible.
Also with different DNS for each port (or wifi), although I don't have any experience with that.
Starting OpenWrt v21.02.0 the swconfig will be removed/changed, so can be that some items have to be arranged by command line, but should later again be availbale through webinterface, i persume.
Thanks a lot! I am just wondering how to do it in Luci. When I look at the br-lan device, "General device options", I see this:
In other words, the ports that are bridged are not 4 ports but "eth0.1". The "eth0.1" device is greyed out in the list of devices and listed as VLAN (802.11q). If I look in its configuration options, there is no list of the physical ports in there either. Does this mean my version of Luci cannot do the splitting up of ports?
I am also wondering about another difference in UI – a lot of articles on the web refer to this view:
You write about your second picture: "option, which I do not have anywhere?"
In your first picture: "I see this:" The 3th tab-option should be the same as your second picture?
You show only the tab: "General device option", the 3rd is: "Bridge VLAN filtering".
So what are you missing?
No, that's from 21.02 - for devices that use DSA - yours does not - so the configuration for your device would be using sw_config style and look similar to most of the current documentation (that doesn't mention DSA) - and the VLAN configuration would be done in switch pages
Just one more question – I think that using VLANS, I can't both achive different DNS servers for different devices (and potentially also for an additional SSID) and for devices on the different servers to be on the same DHCP server. Have I understood that right?
Which version of WDR3700 do you have? There are 5 of them.
About your last q's: The way you setup different vlans, i think it should be possible to use different DNS's (don't know for sure, never tested this).
According your zone-settings within firewall should accomplish this, then you CAN use 1 DHCP server.
It's all about the right configuration, you can do things the OEM firmware version can not.
