Hi all, I'm using a specific openWRT version because my device (WNR2000v5) had a specific image, the only one I could find that worked with this device, thanks to another forum member (WNR2000v5 pre-built images) . It is working great! However, I'm running into a configuration issue/ general networking question I could really use some help with:
The cable from the main router to 2nd router is ~500ft. CAT7 cable. Yes I know the official maximum is 300ft. Luckily I have had no problems with this.
I have the 2nd router set up in openWRT in "AP" mode. Any wifi clients get assigned an IP from the main router on the 192.168.0.x subnet.
Any LAN clients (either directly to 2nd router, or to the LAN ports on the POE switch connected to LAN port on 2nd router) are getting assigned IP from the 2nd router on 192.168.1.x subnet.
Basically what is happening is that my Home assistant (connected via LAN on the 1.x subnet) cannot see any devices on the main router subnet (0.x).
I understand I can connect the two routers LAN to LAN instead of LAN to WAN, and then disable DHCP on the LAN interface for 2nd router. I haven't been able to get this configuration to save in OpenWRT (it just fails and reverts). However in theory I would like to have the 2nd location's network be "separate" but still connected to the full network. I would like traffic to take the quickest path to destination.
tldr;
What exactly do I need to do to get everything to be able to talk to each other, but also take the shortest path. For example, for network to network traffic in the 2nd router location, I would like it to not have to go all the back to main router and then back to 2nd router just to work. I would like it so traffic only goes back to main router when:
a) it needs internet
b) it's trying to talk to a device on the main router side
can configuring a VLAN help with this situation?
Forgive me if this is not the right place for this. If not could somewhere suggest where to post this? Thanks
I suspect the problem is that your router is simply too old and doesn't have enough storage. It is a 4/32 device -- way too little memory and storage for any modern version of OpenWrt, and likely just barely cutting it for the build you appear to be using.
What you are currently using on your WNR2000v5 is also very out of date -- it is long since EOL and unsupported and has many known serious security vulnerabilities.
It really doesn't sound like you need VLANs here. And that would only help you if you could get the configuration to save successfully on the WNR2000v5, and it would also assume that your main router is VLAN aware (you didn't mention what that device is or if it is running OpenWrt or some other advanced and flexible firmware).
With that in mind, you really need to consider replacing your WNR2000v5 in general. If you don't need it to do any routing and if you don't actually need VLANs, you can get just a simple unmanaged switch -- that's simple and cheap. Otherwise, you should consider buying a device capable of running a modern version of OpenWrt.
If this is really something you want to do, there are two ways to accomplish this:
Setup VLANs on the main router and then use a managed switch (or a router/AP with VLAN capabilities like OpenWrt) to handle the VLANs)
Use a router like you're doing, and setup a 'guest' network (guest being really any network that is has some isolation relative to your main network)... you can do this for either or both wifi and ethernet. But your existing device is not a good option here.
Yea the WNR is a really old device I just had laying around. I can save other configuration settings, just not when I try changing it's static IP. Anyway, sounds like for security and other reasons I should just upgrade it.
Would you recommend a specific managed switch or router? I would like to set up the VLAN and also perhaps manage QoS. If I have several POE cameras at the 2nd location it could eat up my bandwidth (since it's only 100mbps connection between the two locations), and it would be nice if I can always prioritize the computer traffic over the POE traffic
So, no, it's not OpenWrt and it's almost certainly not VLAN aware.
So if you want to do one or more networks that are isolated in some way from the main network, get a router device -- ideally something that is supported by OpenWrt and has at least 16MB flash + 128MB RAM.
Model:DG3450A
Vendor:ARRIS Group, Inc.
DRAM Total Memory:677888 MB
DRAM Used Memory:440 MB
DRAM Available Memory:227328 MB
Flash Total Memory:469 MB
Flash Used Memory:432 MB
Flash Available Memory:37 MB
I love the openWRT interface so maybe I can upgrade that if it's supported.
Are there managed switches that have POE and wifi built-in? Or in that case am I basically buying a router. It could be nice to eliminate the need for the extra POE switch at 2nd location.
Arris device aren not supported by OpenWrt.
You could put that device into bridge mode and then use an OpenWrt router behind it... that would be my personal preference if it was my network.
Managed switches with PoE -- yes, many. Wifi included, probably not. Many all-in-one routers tend to have a 4 port switch + wifi, but no PoE.
Typically, the solution once you're going with PoE switches is to use a purpose build PoE powered AP (although obviously that isn't required as any dumb AP will be fine, including a router configured as a dumb AP).
Nope... not a good switch - avoid that one like the plague. The TL-SG1xx(P)E series are terrible. And, no, there's no wifi on any of those devices.
well darn, my two POE switches are TL-SG1005P(UN). What's the issue with them?
Ok so it sounds like a router with openWRT would be best, and keep the POE switches? But if I understood correctly I cannot set up VLAN with a 2nd router running openWRT and the main ARRIS router running it's own firmware.
If they are the models you said (without an "E" at the end), they are unmanaged switches. These are fine, within the context of them being unmanaged.
The TL-SG1xx(P)E switches are very low end managed switches. While they are VLAN aware, they have really bad firmware implementation such as not being able to select the VLAN used for device management among other things.
Since it sounds like you have an unmanaged PoE switch, that is fine as long as you don't attempt to push VLANs through those devices. You can still setup upstream VLANs, but only one network should ever traverse an unmanaged switch (in other words, the port on the router that connects to this PoE switch cannot carry more than one network, but the router could handle multiple networks -- for example, it could have a discrete network per physical port).
Yes, OpenWrt for a router makes sense. As for the PoE switches -- if all of your PoE devices will be on a single subnet/network, that's fine -- keep those switches. Just keep in mind what I said above.
Maybe a bit of confusion here...
Using firmware like OpenWrt, you can setup VLANs on a downstream router. The upstream/main router will doesn't have the ability to work with VLANs, so the scope of those networks is purely downstream from OpenWrt. OpenWrt will handle all the routing (and firewall rules) so that things work going upstream.
The process is largely similar to a guest wifi on a dumb AP. The major difference is that we will be assigning that new subnet to service physical ethernet ports, not just wifi. The term "guest" here can be considered generic -- it is just another network (nominally untrusted) that is setup behind an OpenWrt router. The application can be for guests, IoT, cameras, etc... whatever you want. And you can setup multiple networks with whatever levels of trust you desire.
absolutely, the ethernet is a temporary solution and has been working well but I do need to go to fiber at some point. It also would eliminate the ground connection between the two locations.
Interestingly I am getting full 100mbps speed on the 500ft cable, however the 'auto configuration' on the port will never set to 1000mbps, only 100mbps. The other ports connected to nearby devices all auto-set to 1000mbps. I looked at the specs on CAT7 cable and in theory the "100m/ 300ft" limitation doesn't change with 100mbps and 1000mbps. So in theory the fact my 100mbps is working over 500ft means I should be able to get 1000mbps, but it doesn't. If I manually set the port to 1000mbps, I get an unusable connection and have to go close to the device physically to reset it to auto-configuration.
My internet connection isn't much higher than 100mbps, so it doesn't affect my internet traffic, but being limited to 100mbps on local network traffic is a big issue, especially if I'm trying to view security footage on the NAS at location1 from a device at location2.
No, this isn't quite how it works. Basically, 100m is the official spec limit for any standard implementation of 10/100/1000 Ethernet. It's not like it suddenly stops working at 101m, but the point is that once you exceed 100m, the performance is no longer guaranteed and will begin to degrade as distance increases. Obviously the cable itself is a large part of the equation, but so is the equipment connected on each end -- some are more (and others less) tolerant of degraded signals.
The reason you are able to get 100Mbps working properly over your long distance run is that it runs at much lower frequencies than 1000Mbps, and therefore is less affected by the high frequency attenuation that is experienced with long cable runs. If you want to get into the underlying physics of it, look up 'transmission line theory.'
FWIW, my house (built in 2008) has a Cat5e cables run to each room (probably ranging from 30m to 50m in total length). Cat5e was never really certified for >1Gbps (in fact, there are some sources that say that the Cat5e limit for 1Gbps is 50m, while 100Mbps is the full rated 100m). I recently used a verification device to check my max bandwidth from my network rack to each room. To my surprise, I'm able to get 5Gbps according to the tester (a ~$2K USD Fluke network verification tool that tests up to 10G). It will be interesting to see if I can actually get reliable throughput >1Gbps when I do replace the endpoints with >1G devices, but running at those speeds is technically out of spec.
If you upgrade to a fiber line between your endpoints, you should be able to easily hit 1Gbps across your link , and 10G wouldn't be out of the question as long as your fiber lines are good quality and installed properly.
Beyond attenuation (and a lot of other things that involve voltage drop, interference and all forms of signal degradation), at distances significantly longer than 100m (which 150m certainly is), we're also starting to deal with timeout issues. Fibre is a proven way out of this dilemma, so you really should add SFP ports to the requirement list of your switch(es).
@psherman thanks again for all the insight here. Did not realize the 1Gbps has the higher attenuation on those frequencies but that makes sense. I will definitely be looking at fiber because I do want 1Gbps or higher. 10G would be incredible but I imagine I would need to upgrade all my hardware to support that.
Is there any particular model router you'd recommend for my 2nd router, to run openWRT?
fibre has another advantage, no electrical connection. This avoids problems with lightning strikes or differing ground potentials in the electrical grid. Whenever you need to cover distances outside, really do consider fibre.
It all depends on if you're looking for a router or a switch (discussed earlier in this thread). Either way, look at the hardware recommendations section of the forum:
Given the discussion, it's best if you can get one with SFP or SFP+ port to enable the use of fiber. But, if the model(s) that are most appealing don't have the ports, don't fret -- you can get media converters specifically for this purpose. Just one example (I'm not endorsing this specific product -- I don't know anything about it -- it's just the first hit on Amazon and it actually comes as a complete set of media converter boxes + SFP fiber modules).
I'm looking at upgrading to fiber sooner rather than later. I've never used fiber before so I'm a little confused at the terminology, but does this look like what I need?
I understand I'd also need to upgrade my main router to have one with SFP+ port, as well as either a router or switch for the "2nd location" with an SFP+ port
Yup... fiber can be confusing.
This really simple search has a great set of little explainers for the different types of fiber cables out there...
What is really the most important is that your fiber choice -- both the lines and the terminations -- matches the requirements of the modules you use to connect them to your equipment.
So, at the surface, yes -- the cable you selected looks like it should be fine, but don't buy it until you verify that it matches what you get for the SFP modules.
It's really nice to have a router with SFP or SFP+ ports built in. But per my earlier post, don't make your hardware decision entirely on the presence of these ports -- if a unit lacks the ports but has everything else you want, you can get the media converters I was talking about. You can also just get a single side so if you have SFP/SFP+ bult-in to the equipment on one side of the run but not on the other, just buy a transceiver module for the other end.
As far as SFP and SFP+:
SFP = 1Gbps
SFP+ = 10Gbps.
An SFP port can only accept an SFP module
An SFP+ port can accept an SFP+ or SFP module.
(in other words -- the ports are backwards compatible, the modules are not)
You will also see mentions of "SFP28." This standard can run up to 25 Gbps in the same physical form as SFP and SFP+. Usually SFP28 ports are electrically backward compatible with SFP+ (10/25G port) and often to SFP (1/10/25).
The only place to consider multimode fiber is when installing a large number of short runs within a building or a room and you're sensitive to saving a few dollars on each transceiver. Otherwise singlemode fiber should be installed, as it can go to much higher speeds in the future.
