And first of all, thank you for OpenWRT! It is a great comunity and a great peace of software.
I've been using it to learn and build my home and small office network based on it.
And because of a recent change / grow I now have the request to do like in the dashed lines: put some resources in the A location with B addressing and vie-versa.
To me it only occurs making a VLAN tag, but this would need the reconfiguration of the existing all network, right? (haven't deal with VLANs before so to me they are a bit confusing yet)
Switch A and Switch B are VLAN aware, they are managed switches.
The main router is not.
Is this possible?
Can you help me with an approach to make it viable?
If both switches are aware of the VLAN, you dont have do anything with the router afaik you can make vlan in switch itself tag traffic from B switch to A switch using trunk and untag the VLAN on A as a regular port, so it will be working as network B switch router dont have to aware of the VLAN
In theory you can create VLANs (e.g., VLAN 10 for Network A, VLAN 20 for Network B) on Switch A and Switch B. Assign ports on Switch A to VLAN 10 and ports on Switch B to VLAN 20. Then configure the ports connecting Switch A & Switch B to the router as trunk ports to allow VLAN 10 & VLAN 20.
Finally, configure your router interfaces with IP addresses in each network's subnet (e.g., 10.10.1.1 for VLAN 10, 10.209.200.1 for VLAN 20).
There are two fundamental approaches to this. The conventional one is to keep separate L3 networks but provide for routing between them. All the endpoints at site A would have 10.10 IPs and all the endpoints at site B would have 10.200. A computer at A could print to a printer at B by knowing its 10.200 IP. The most direct way to set this up is symmetric routing-- disable NAT in the OpenWrt routers and install routes in the main router:
10.200.200.0/24 via 10.1.1.111
10.10.1.0/24 via 10.1.1.101
The other way is to connect and extend the L2 networks. Each switch would carry both networks using two VLANs and port by port configuration would determine which network a particular endpoint is part of. To "trunk" the VLANs between the switches, a connection of some sort is needed, which could be:
A cable between the two switches.
A cable between the two OpenWrt routers, using those as trunk switches as well-- the cable between each router and its switch would also need to be converted to trunk both VLANs.
Trunk the VLANs into the OpenWrt router as above then use two L2 tunnels such as GREtap through the existing connection to the main router.
Large L2 networks are discouraged though since there is no security and the bandwidth of the trunks (especially if a VPN tunnel is involved) can become clogged with broadcast and multicast traffic. With an L3 approach the two networks operate largely independently, and you can write firewall rules for example allow only certain computer(s) at site A to reach one particular printer at B.
In the OpenWRT routers I have two ethernet ports. Wan goes to the router, the other, Lan, goes to the switches. This is similarly configured in A and B environment.
How can I pass the VLAN ID from switch A -> Lan -> Wan of OpenWRT A - > Router -> Wan -> Lan of OpenWRT B -> switch B? I have test with success making a VLAN network on the same OpenWRT router, attach switch ports to it and this work. Trying to pass traffic from A to B environments haven't had any success.
I suspected the "not VLAN aware router" maybe be the culprit but seems for your awnsers that maybe not the root cause.
Sorry, I'm a truly newbie in VLAN, some completely out of scope or sense writing may occur...
Tbh it looks like you might be overcomplicating matters here.
What is the physical layout of the network? The diagram at the top suggests everything is in a single location (Your home?). You're then splitting the network to separate devices for 'home' and for 'office', is that correct?
If so, what is the purpose of the two OpenWRT devices? Is there any possibility of replacing the (presumably ISP supplied) router? Can the two switches be cabled directly together?
You cannot run VLANs on the cables leading to the main router since that device cannot process VLANs. If this is the only place to connect the two networks together you can use tunnels so the main router only sees regular untagged packets with 10.1.1.X IP addresses. Inside those packets are actually LAN A and B packets which are en route to the other side.
What is the physical layout of the network? The diagram at the top suggests everything is in a single location (Your home?). You're then splitting the network to separate devices for 'home' and for 'office', is that correct?
Single location but different stages with neighbours in between.
If so, what is the purpose of the two OpenWRT devices?
The two routers are a historical inheritance. Like they "are there" I'm using them but is not mandatory question, can remove one of them, both, put one other switch.
Is there any possibility of replacing the (presumably ISP supplied) router?
No change on changing the ISP router (the one not VLAN aware)
Can the two switches be cabled directly together?
Unfortunatly, no. But the OpenWRT routers instead of directly connecting to ISP router can connect to another switch, with similar specs that the ones already existing, what will lead to a similar physical connection between them aren’t it?
@mk24
Can put a switch (VLAN aware) in between the router and the OpenWRTs? The traffic will only get the switch, translate the VLANs and pass it to the other switches...
Right?
You'd probably be better connecting both existing switches to another managed switch, then using 1 OpenWRT device between that new switch and the ISP router.
Basically ditching one OpenWrt router & consolidating routing onto a single OpenWrt device. Then connect both switches to that single OpenWrt router using separate ports. Correct?
What if he tries VXLAN or GRE Tap? In this case he won't need to buy an extra switch & then do further rewiring. Plus it still needs VLAN configuration..
OP has said the OpenWRT devices only have two ethernet ports. One WAN, one LAN. So that's not going to work.
It might work. However I'm not sure the additional complexity would be a worthwhile trade off against the relatively low price of an small managed switch (even more so if the OP already has access to a spare switch).
Depending on what the OpenWRT device is, it might be possible to add an additional ethernet port by using a USB adapter. That could be a possible option to allow use of a single openwrt device with no additional switch.
Yes, that would make everything very easy. If the ISP router can also be configured to pass the public IP address to that OpenWrt router, we would avoid the double NAT.
