VLAN Setup On Device With No Internal Switch and Only 1 LAN Ethernet Port

Installing and Using OpenWrt Network and Wireless Configuration
1

Looking for a little help getting over a mental hurdle with VLANs on my setup.

Background
I'm migrating away from my 2 x WRT1900ACS setup because I'm tired of the terrible Wi-Fi performance. On this setup I was using one of the 1900s to run as the main router and one as a dumb AP to better position my Wi-Fi to reach the back yard. I had a LAN (192.168.0.x) and GUEST (10.10.0.x) network setup. I had followed the OpenWRT guides available to setup the guest network and dumb AP.

Current Setup
I have an Aaeon Up Squared (https://up-shop.org/up-squared-series.html) device running OpenWRT x86 21.x as my main router. This device has 2 ethernet ports eth0 (lan) and eth1 (wan) configured. It has no internal switch.

Port eth0 feeds into my TP-Link TL-SG1024 switch. That switch runs to everything in the house, same as before with my 1900s. Port eth1 is plugged into my fiber box.

I've got on order a better AP but for now was just trying to repurpose both of the 1900s as dumb APs but using the stock firmware to see if that gave me better Wi-Fi performance and stability.

In researching how to run two networks (LAN/GUEST) with only 1 network port, I started down the VLAN hole. I've watched some great YouTube videos by OneMarcFifty to help me understand how that works. The mental hurdle I'm currently having is that since my device doesn't have an internal switch, and only one ethernet port (outside of WAN). I'm having a hard time matching up my setup to the examples he provides.

I understand that I might need to upgrade my TP-Link switch to one that is managed, although I believe my switch will "pass through" tagged packets. I have on order a TP-Link EAP225-Outdoor that I plan to mount out doors to get even better Wi-Fi to the back yard.

Problem
What I'm looking to do is get prepared for when my new AP shows up. My understanding is that I can create a default VLAN that would be untagged and that everything would use except anything that I need to come across on the guest network. That network would need a tagged VLAN setup for it so that I can direct the traffic to the correct OpenWRT interface (GUEST) on my main router.

What I've Done So Far
I've created a new 802.1Q device on my main router for the eth0.10. I've assigned that to my GUEST interface. I've created a new 802.1Q devices for eth0.1 for LAN but haven't assigned it anywhere as I'm not sure its needed. I believe I need to create a VLAN entry under the Bridge VLAN Device tab on the Bridge Device (br-lan) that exists. Its at this point I get lost as things don't look the same at this point as they do in almost all the examples.

image
image969×501 30.8 KB

image
image967×581 36 KB

image
image913×412 15.3 KB

If anybody can give me some guidance on how they would set this up it would be appreciated.

As an update after reading some more about DSA and how VLANs can be configured on it I was going to try to set this as my settings but am unable to save from this dialog.

image
image904×443 18.5 KB

I'm guessing it has something to do with the br-lan only having one port possibly under it?

Found some more information on reddit, possibly I cannot configure this setup on this device from luci.
https://www.reddit.com/r/openwrt/comments/pj2ey8/help_with_vlans_on_gli_glb1300_with_owrt_2102/
Currently reading the linked post from that.

2

In most cases, if you don't have a switch, you don't need to use DSA syntax. Usually, for a routed port (eth0 for example), the tagged network declaration would simply eth0.x where x is the VLAN ID.

That said, you will need VLAN aware devices downstream in order to deal with the tagged VLANs. And you really shouldn't use an unmanaged switch. Although that switch might just 'pass' the frames through, it can present a bunch of risks with respect to how your network runs. In some cases, managed switches may not pass the tagged networks, or even worse, may strip the tags and mess up the whole network. You really need a managed switch for this task.

The other reason that a managed switch is important is that it allows you to create access ports (i.e. a single untagged network -- the 'normal' way that most end devices connect to the network) for each of your networks, which enables you to verify that they are working as expected before you add additional variables of getting your wifi AP to function properly with VLANs.

Your WRT1900ACS most likely will not support VLANs using the stock firmware. But the EAP225 will have the capability in the standard firmware. You just need to configure it appropriately.

1 Like
3

Thanks for the response, appreciate it. I hear you on the managed switch and so I've ordered a replacement and will attempt things again when that comes.

So if I'm hearing you correctly, I should just create the 802.1q devices (that have a base device of eth0) for my lan and guest network (eth0.1 and eth0.10) and then assign those to the interfaces. Then under the bridge device just toggle them as necessary to support tagging. Then configure my new switch, which I think defaults to vlan 1 for everything.

The hardest part of working with this setup is if I mess up the network settings I gotta pull that Up Squared device out of the closet and hook up a keyboard and monitor to use the local console to manually edit the configs to get it back to accessible via the network.

4

Just want to follow up for future reference. I was able to get everything working as I want once I got all the correct hardware. I ended up getting a TP-Link TL-SG3428 switch which was pretty easy to setup the VLANs on. Combined with the TP-Link EAP225-Outdoor I was able to just set the two ports (one uplink to the OpenWRT router and one connected to the AP) as tagged for the LAN and GUEST network (.1 and .10) and the rest on the network switch I left as untagged for LAN since the only GUEST network I needed was wireless.

The hardest part was maintaining access to my networks while making the changes, since I didn't really know what I was doing at first with the switch and router setup. But for the router I just needed to set both the LAN and GUEST interfaces to the 802.1q devices I created off the base device of eth0 and things just worked.

image
image531×503 20.1 KB

I kept both the switch and AP running the stock firmware as it was easy to setup and seemed to work just fine. So far my wireless networks are so much more stable than they were using the WRT1900ACS. They are for sale on eBay, dirt cheap, if anybody wants them.

5

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.