Hello, there OpenWrt community. I've been using OpenWrt for quite some time now, but just recently moved into a new apartment complex and I'm slightly confused on how to set my settings.
In the attached diagram, all of the arrows represent SINGLE ethernet cables from one device to the next.
My ISP in this building just has one ethernet cable coming through to my unit. Rather than picking my living room or my bedroom, I wanted to utilize both so I grabbed an unmanaged switch.
Now, I have a Netgear RAX70 that I use as an access point set at 192.168.1.2, which is connected to the unmanaged switch.
My OpenWRT router (RC7800) is connected to the switches well.
I'm not quite sure how to get my OpenWRT to talk to my access point. I have the access point connected to a LAN port.
I did have it working for about... a minute before, for some reason, I lost the WAN connection.
A few questions I have:
On my Access Point, I SHOULD be using the LAN port to connect to the unmanaged switch, yes?
On my OpenWRT, which port should I be using? WAN or LAN?
How should I be configuring the OpenWRT is serving as my main router (connection to WAN, DHCP, DNS)? I imagine it's more of a Switch configuration than an interface configuration, but I could be wrong.
Is it possible with this unmanaged switch set up or am I trying to do something that's not possible? My ISP said the unmanaged switch is something they recommend to their customers if they want to take advantage of both ethernet ports in the unit.
If you connect an unmanaged switch that way then all ports on the switch should be considered WAN ports that you shouldn't trust and you should have a firewall on all devices connected to the switch. If you want devices on the AP to access resources on the router then you should set up and use a VPN server on the router.
You may want to look at VLANs (which require a VLAN aware smart/managed switch; the unmanaged switch is not suitable for this purpose), and/or run some additional cables. As was stated earlier, you should treat the connection from the building as a WAN -- untrusted. Your current physical topology doesn't make it possible to have the two Netgear devices work together as a trusted network.
I really wanted to be able to do this, but... the switch is the only thing I could get to fit inside the panel. The panel runs two wired connections to the rest of my apartment. I have an ethernet port in my living room and one in my bedroom.
This is what I'm stuck on, I think. This is the first time I've had to configure OpenWrt to use a single ethernet cable. I have an R7800, which I think has that capability, but I'm unsure on how to configure it.
i hope you have some sort of full managed switch. Why ? if you have some sh*** tp-link or similar cheap web/easy managed switch, you are open to whole world. As you say, both devices get PUB IP, so in cheap managed switches you could never turn off native vlan1 and your cheap switch will be exposed to PUB
good recipe for disaster
Actually, AFAIK, the Netgear switches are okay. The TP-Link entry level smart switches have some major flaws in their implementation (I have one of these sitting in my closet and I don't use it much for that reason).
To clarify, you have a Netgear RC7800 running OpenWrt and an RAX70 that is running the stock firmware, correct?
And then from a physical topology perspective, you can't run any additional cables -- you're stuck with 1 cable to each of the Netgear devices, all coming together in the panel where you are able to fit a switch, but that's all. Do I have that correct?
There can be a bit of a chicken or egg situation with setting some of this stuff up, and there are situations where you can get locked out of your gear and have to reset things. So start simple and build your way up to the full solution.
Here is what I would suggest as a template. You can change VLAN IDs and ports if you want, but just giving a framework here:
WAN (from building) > GS105Ev2 Port 1.
GS105Ev2 Port 2 > RC7800 Port 1
GS105Ev2 Port 3 > RAX70 Port 1
VLAN 10 = WAN
VLAN 1 = LAN
GS105Ev2 VLAN configuration:
VLAN 10 untagged on port 1 + PVID VLAN 10 on port 1
VLAN 10 tagged on port 2
VLAN 10 disabled on all other ports
VLAN 1 tagged on port 2
VLAN 1 untagged on port 3 + PVID VLAN 1 on port 3.
VLAN 1 optionally untagged on ports 4 and 5 + PVID VLAN 1 on those ports, if in use.
VLAN 1 disabled on port 1.
Netgear RC7800 OpenWrt Configuration (do this while physically connected to anything other than port 1)
Create VLAN 10 on the switch, assign it as tagged on port 1
Change VLAN 1 to tagged on port 1.
Edit the WAN interface > General Settings > Device. Select the switch VLAN that is VLAN 10 (this may show up as ethx.10 or switch0.10 or something like that).
Once you make the connections, things should start working.
Setting the PVID on each port requires 2 steps on those Netgear switches (described in a moment). The PVID (Port VLAN ID) sets the active untagged network on a given port (sometimes also called default, or native network on the port). You can only have a single untagged network active on a port at any given time. On some switches, you can actually set multiple networks to be available as untagged on each port, but as I mentioned, you can only have one active untagged network at a time, and it is the PVID setting that selects which one is active.
On the Netgear switch, you will go to the VLAN page and set each port to be a member of the VLAN as Tagged or Untagged; or you can set the port so that it is not a member of a given VLAN (depending on the implementation/firmware, it is either blank or Exclude.).