Right now I am using an Asus RT-3100ac router. It works good. I noticed that openwrt came out with their own house brand unit. I have the router set to do DHCP and NAT firewalling. The APs handle the wireless as I am a big fan of dedicated devices for singular dedicated functions. It works.
The problem I am running into now is that I need multiple devices setup on the DMZ. My gaming console and a game server, soon to be another game server as well. I find that managing such things helps keep my technical skills sharp. Since I have gotten gigabyte fiber internet, I am given more options to provide services for games I like to play with friends.
1)The first Question I have is will the Cisco Switch take or accept the VLAN specifications of the Router. As it is my understanding with sufficient rules one can have multiple DMZ ports setup based upon IP assignement.
2)The other question is does the openwrt one support having b class subnets. I have found that the Asus router(running Merlin) does not support anything other than a c class subnet at least on the web interface, I have not tried things on the command line though.
Essentially all VLAN-aware hardware in use these days uses standard 802.1q tagging, including OpenWrt based devices. The terminology may vary from environment to environment (in human terms -- for example: default, untagged, PVID), but they should all inter-operate as long as they are configured properly.
DMZ is something of a marketing term. What is it that you actually wish to achieve (in normal human language)?
"class" based subnets are largely antiquated in favor of "CIDR" (class inter domain routing). As stated above by @mk24 , you can setup any size subnets you want and as many of them as you need (provided that they are all unique and non-overlapping).
DMZ is something of a marketing term. What is it that you actually wish to achieve (in normal human language)?
I am wanting device to sit outside of the NAT firewall and be foreward facing to the internet. It solves certain connectivity issues some games. Plus it also resolves routing issues when you have internal devices behind the NAT that are also using those same ports.
Initially I had my console set on the DMZ and connecting in to voice chats was fine. I had to take it off the DMZ and put a game server on the DMZ. I could try reverting the setting and see what happens as the server is running fine so I would have a good comparative basis.
A DMZ is a separate network, which you would distribute to Ethernet connected machines using a VLAN.
In a consumer ISP connection, the customer only has one public IP address, and the "DMZ" setting on a consumer router/gateway means to reverse NAT (port forward) all incoming packets on any port to one machine on the LAN. Effectively that machine can be thought of owning the customer's public IP address, though it is not exactly the same since NAT is still in effect.
If you can get more than one public IP from the ISP, you can set up a true DMZ where the serving machine actually holds a public IP for its exclusive use.
AFAIK, DMZ hosts on the consumer routers that have this concept are actually behind NAT masquerading and part of your lan. They allow you to expose all ports (except any that are otherwise mapped) from your wan to the host defined as the "DMZ host", meaning any unsolicited ingress traffic from the wan (i.e. that originates from the internet) will be forwarded to the host in question. This is not good from a security posture as it is a very blunt method to expose any necessary services on a single host to the internet.
Such implementations of DMZ only allow for a single host to be "DMZ'd", but you can always map specific ports to other hosts on your network.
Outbound connections (i.e. those initiated from your lan) and the related return traffic do not require anything of this nature.
I recommend more targeted approaches -- port forwarding (if necessary) with specific ports to the hosts that have services that need to be accessible from the wan.
If it's just for you (and maybe a few family/friends), you can setup a VPN instead (a much more secure option), but if it's for the 'world' (such as a game server, etc.), port forwarding is the best option.
I tried port forwarding and it did not work out too well when I ended up having two devices that used the same ports. Especially on the console as it did not like port forwarding at all and only worked better when on the DMZ.
You can only forward a given port to a single device. This is true for all NAT masquerading based connections where there is only a single public facing IP address.
You can map other ports, though.... so let's say you need to map port 1600 to two hosts... you can map 1600 on the wan --> 1600 to the 1st host, then map say 1601 on the wan --> 1600 on the 2nd host. This means that anyone connecting from outside would just specify the port appropriately.
There is no way around the 1 port --> 1 host limitation for IPv4 when you have just a single public IP address. IPv6, on the other hand, makes this a non-issue since the idea is that every device can have a public IPv6 address and thus any/all ports are available (if allowed by the firewall) for each host. This, of course, requires that your ISP is a proper dual-stack (IPv4 + IPv6).
DMZ is really just "port forward everything" -- it's fundamentally the same, just indiscriminate. If you were having trouble with individual port forwards, it's likely that you were missing one or more that were needed for your application.
FWIW, you can port forward ranges of ports on OpenWrt to create the same effect as a "DMZ" on a consumer router -- that's what they do, after all.
A real DMZ is only possible if your ISP gives you more than 1 public IPv4 addresses - this usually involves a business contract and a quite steep markup on the monthly fee for the additional IPv4 addresses; with IPv4 address space exhaustion not every ISP can offer IPv4 addresses (at any price).
A quasi-DMZ, with a single public IPv4 address and NAT involved, is only sensible if you can get away with a fairly limited set of known/ configured port-forwardings (maybe a ranges of a few hundreds). Keep in mind, these 65535 ports on your single public IPv4 address are shared by all clients behind the NAT gateway, and they are required for every connection through the NAT, so port exhaustion is a serious topic, if you plan to just forwards 'everything' (deemed not to be in use) to your single quasi-DMZ host. This is a real problem these days, where you might have several dozen of clients (including IoT- and smarthome devices) in your network, some of them more demanding than others. This kind of works if you want to put a webserver into this NATed DMZ (2 ports), VoIP/ SIP is already considerably more complex by requiring a few hundreds to low thousands to be forwarded (and it gets really complex, if you need two devices with SIP needs concurrently).
For the typical gaming use, either static port forwards (less is more) or dynamic port forwardings via UPnP (not really secure, but handling the port forwardings automatically on your behalf, if set up/ supported by the router and your clients) are typically more sensible, this doesn't really require a DMZ in this sense.
It is quite common for residential connections to have just a single IPv4 address on the wan of the router. And in that context, most users (who have a public IPv4 address; CG-NAT being a different animal) are able to setup appropriate port-forwards for their game servers and other services as needed without resorting to the "DMZ" approach.
The documentation for the games/services will usually provide information about what ports need to be forwarded. And sometimes the client side can enter a port number, which means that the port that is forwarded from your wan doesn't always have to be the same as the port to which it is mapped on the server itself. Although not generally recommended (for security reasons), most game servers and certain other services can use upnp if you enable that on the router, handling everything automatically for you. Also, an increasing number of systems actually have cloud-based connection brokers to obviate the need for managing port forwarding or upnp in the first place.
With all of that said, there are many people who are able to run multiple servers across a handful of hosts without a need for additional public IPv4 addresses.