So I have the understanding of the trunk. I want to send multiple connections down one physical wire.
Hear me out.
Instead of trunking the two LAN's and WAN down the physical WAN port in OpenWrt, would I be better off doing the trunking on the switch? What I mean by this is have three physical leads from the OpenWrt router to the switch and then do the trunking on the switch itself rather that doing it with OpenWrt?
That way the one LAN port from the router provides the Private LAN to the switch so all the clients connected to the 24-port switch will benefit from the fast switch fabric. Another cable from LAN port 2 will provide the Guest LAN and finally the WAN port will be connected too.
I trunk everything on the same wire. There is no significant benefit with the hardware in most SoCs to having multiple wires, unless you're pushing over a gigabit/sec over multiple VLANs to multiple devices. Even then, you'd be better off connecting those devices directly to the "real" switch than dealing with the bottleneck of the SoC's switch.
What I mean by this is have three physical leads from the OpenWrt router to the switch and then do the trunking on the switch itself rather that doing it with OpenWrt?
yes, that is option too.
Anyway, last thing on my mind is. In case of wireless network, make sure you have bridged wlan interfaces with your vlans. I remember, that for example in my setup I had to setup bridge even for just single wireless interface to make vlans (guest wifi) functional.
Aha finally I think I understand your requirements. I was bit confused what is purpose of WAN in your network.
From my understanding your vlans are:
5 - private
10 - guest
And both those vlans are using internet connection through shared WAN port (which is separate vlan itself).
So basically you need to create three interfaces (one for every vlan). Let's say
LAN: (bridge over ethX.5 and wlanX)
GUEST_LAN: (bridge over ethX.10 + wlanY)
WAN: (bridge over ethX.20) maybe single ethX.20 is OK too
and then setup zone forwarding from LAN and GUEST_LAN to WAN (masquerade)
Regarding switch config:
I would remove tagging from WAN port for VLAN ID 5 and 10 (it's not necessary since you'll actually route traffic). For VLAN ID 20 I would change tagging from CPU(eth0) to CPU (eth1) as in openwrt page example.
Doing the trunking and routing on the switch seems to be my favour at the moment.
I have 3 RJ45 cables going from my OpenWrt router to three ports on the switch. I have created three VLAN's so that my switch is segmented. I'm currently connected to my guest network, so if this post uploads I know I've got internet access haha.
Ok, I see. As others suggest it will be probably faster. Anyway If you change your mind, I'm pretty sure you can make it (also with just single eth cable) on openwrt router as I suggested.
Well I know that the untagged ports I set for VLAN 5 on my switch I can connect to my wired devices so that they have a switch fabric between them, meaning there is no need for Link Aggregation to the router's 4 LAN ports.
In regards to adding the two LAN's to the WAN port for trunking, would you say I'm doing it correctly by tagging the physical WAN port on the switch from the VLAN's? It is shown in the last screenshot.
My next task of course is doing these VLAN's in reverse on my smaller 5-port switch and bringing it back into the second AP/router.
Well I know that the untagged ports I set for VLAN 5 on my switch I can connect to my wired devices so that they have a switch fabric between them, meaning there is no need for Link Aggregation to the router's 4 LAN ports.
my question would be, how do you plan to access internet from those wired devices without having router in the way? Is your modem capable of doing some routing/dhcp,nat etc...?
The 24 port switch will have several wired devices plugged into it on a VLAN that will match the OpenWrt one. There will be one dedicated port that will connect the switch VLAN to one of the LAN ports on the OpenWrt router.
Don't set tagged and untagged on the same port. There are two kinds of connections you can set up. A trunk cable has all packets tagged with their different VLANs. A user cable has one VLAN untagged and the rest off. This is used to provide one network to a device such as a PC that is not aware of VLANs.
The CPU ports should also be set up as trunks in the switch -- vlans either tagged or off as needed. Since there are two CPU ports it is common to dedicate one to the WAN link and the other one for LAN like functions, either the actual lan or the guest networks. Then attach them to the kernel networks (wan, lan, etc) using the ethX.Y notation.
Though it will appear in the list, when you are using VLANs on an eth port do not connect plain ethX (without a dot and VLAN) to anything.
You can continue the trunk through a managed switch to a device such as an OpenWrt router that is VLAN capable. Set that port tagged on all the VLANs that you want to forward. The main router needs the cable modem, the LAN PC's and APs, and the guest APs. Meanwhile AP2 only needs the LAN and guest on its trunk, you can leave out the modem.
If your ISP speed is more than 500 Mb you would want to plug the main router directly into the cable modem so that having to share a trunked port is not a bottleneck. At lower speed it won't matter.
That cable is connected to the ONT/Fibre modem downstairs and did connect directly into the WAN port on the back of the OpenWrt router. However, as I need to extend the two LAN's I wanted to double up on the WAN cable as that goes downstairs. All I would then need to do is untag the WAN to the modem as usual and keep the two LAN's tagged together till they get to the second AP/router.
However, as I need to extend the two LAN's I wanted to double up on the WAN cable as that goes downstairs.
I'm convinced, that you can achieve this with external cable connected to the router. "By passing" router makes only sense in intra vlan communication (would be faster), but packets reaching internet, still need to be routed through the router = you still need to setup AP/router1 to do masquerade (and have those 3 interfaces I've mentioned) to access internet (in your current network topology).
I want to connect the physical WAN port on the OpenWrt to port 1 on the Netgear switch and the outside cable from the the ONT/Fibre modem to port 2 on the Netgear switch.
I already have the guest and private LAN connected via two LAN ports on the OpenWrt router to two ports on the Netgear switch to match the VLAN's on the OpenWrt router; VLAN 5 & 10.
I can easily tag the two LAN's to the trunk port (by setting port 2 on the Netgear switch) to 'tagged' in each of the two VLAN's.
This trunk port (port 2 on the Netgear switch) is the actual WAN connection as well as being the trunk for Private LAN and Guest LAN, so I need to connect it to the WAN on OpenWrt (Netgear port 1 > OpenWrt WAN port). This is where my confusion is, whether to set tagged or untagged.
OpenWrt port 1 > Netgear port 1 <----> Netgear port 2
tagged > tagged <----> tagged
Will the OpenWrt WAN port communicate with port 2 on the Netgear switch through the untagged port 1 on the Netgear switch (the physical connection between OpenWrt and Netgear switch)?
Tag everything you can. It will make your life a lot easier. Especially on trunks, everything should be tagged, in my opinion.
Since your modem likely isn't VLAN-aware, you'll need to configure its port on the switch with the proper PVID.
If in transparent / pass-through / bridged mode, the modem won't "magically" communicate with your router over an untagged line, unless you connect them with an "internal" VLAN in a managed switch. Even if it takes your public IP itself and does NAT, you still want to isolate it within the switch, otherwise every host will have access to it through the switch.
yep sorry sometimes I'm slow thinker.