Use (some) Ethernet ports as switch

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi all. Pardon my network vernacular if I use it incorrectly. Here's what I'm looking to do and would appreciate a recipe or some guidance.

I have an OpenWRT router that I want to use behind my ISP Gateway + router. ISP unit has LAN with DHCP and I am unable to change any of that. The OpenWRT router is has it's WAN port connected to a LAN port on the ISP router. I'd like to setup the OpenWRT router to use 2 of it's Ethernet ports for it's own LAN (yes, double NAT) and have the remaining two ports act as a switch(?) where any devices connected to them are on the ISP router's LAN and get their addresses from it's DHCP server. Internet access is rquired on all devices connected to the OpenWRt router. I'm somewhat familiar with VLANs and can isolate the 2 LAN configurations but I'm not sure how to have the first 2 ports as as a switch? TIA

2

Yes, this should be achievable.

We need to know which ports you want to act as a switch on the upstream (i.e. the ISP router's lan connects to the OpenWrt wan; what other port(s) do you want to assign to effectively 'pass through' as a switch on the ISP router's lan).

We also need to see the following from your config:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
ifstatus wan | grep address
1 Like
3

I'll do that when I get home tonight but it's a mostly out-of-the-box Openwrt configuration and I'm flexible with which LAN ports are upstream and which ones have their own LAN. Would simply removing 2 LAN ports from br-lan and assigning them to the wan interface do the trick?

4

The method used will depend on your device (if it’s dsa or swconfig). And no, don’t assign the port to the wan interface.

1 Like
5 
ubus call system board
{
        "kernel": "5.10.221",
        "hostname": "AKWrt",
        "system": "Broadcom BCM53572",
        "model": "Linksys E1200 V2",
        "board_name": "0x058e:42",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.7",
                "revision": "r20341-591b7e93d3",
                "target": "bcm47xx/mips74k",
                "description": "OpenWrt 22.03.7 r20341-591b7e93d3"
        }
}

cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd6f:8069:d75a::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 5t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 5t'

ifstatus wan | grep address
                "addresses",
        "ipv4-address": [
                        "address": "192.168.2.187",
        "ipv6-address": [
                "ipv4-address": [
                "ipv6-address": [
6

Your device uses swconfig. The solution is pretty simple...

These are the things that need to be modified:

VLAN 2 is the wan, and VLAN 1 is the lan. We'll remove one of the ports from VLAN 1 and put it into VLAN 2.

The ports listed are logical ports -- they don't necessarily map 1:1 to the physical position/label on the device itself. Logical port 4 is the wan port, logical port 5 is the CPU. We'll take logical port 3 (which will hopefully be physically adjacent to the wan port) and assign that to VLAN 2:

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 5t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '3 4 5t'

Then reboot and test the physical ports. One of them will connect you through to the upstream router, while the others will be your OpenWrt lan.

As an aside:

The version of OpenWrt you are using is EOL and unsupported now. It may have security vulnerabilities and will never be patched. Normally, the advice is to upgrade to the latest firmware, but your device is no longer supported in 23.05 and later. So, I would recommend you consider new hardware as soon as reasonably possible.

8

That worked perfectly! Thanks @psherman

I have a similar question. I have another OpenWRT router which is wirelessly connected to the ISP router as a client, that I want to use as a wireless switch. I'd like to setup the OpenWRT router to use it's LAN port as upstream switch to the ISP router. Here is the current configuration -

{
        "kernel": "5.15.162",
        "hostname": "OnHub",
        "system": "ARMv7 Processor rev 0 (v7l)",
        "model": "TP-Link OnHub",
        "board_name": "tplink,onhub",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.4",
                "revision": "r24012-d8dd03c46f",
                "target": "ipq806x/chromium",
                "description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
        }
}

 cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd3c:8252:d839::/48'

config device
        option name 'br-wan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'eth0.2'

config interface 'wan'
        option device 'br-wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'br-wan'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '2 0t'

config interface 'wwan'
        option proto 'dhcp'

config device
        option type 'bridge'
        option name 'br-lan'
        list ports 'eth1'
        list ports 'eth1.1'
        option ipv6 '0'

 ifstatus wwan | grep address
                "addresses",
        "ipv4-address": [
                        "address": "192.168.2.xx",
        "ipv6-address": [
                "ipv4-address": [
                "ipv6-address": [
9

If your uplink is coming from a wireless connection, routing (to a unique subnet) is trivially easy. However, if you wish to make it a wireless repeater or a wireless > wired bridge, you need to use relayd (WDS or mesh/802.11s are better, but require that you have an OpenWrt device upstream; your ISP router won't work with these methods).

https://openwrt.org/docs/guide-user/network/wifi/relay_configuration

1 Like
10

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.