I wan't to change my network to add VLAN and separate network but I'm new to OpenWrt so I try to go step by step.
I have a Netgear GS108Tv3 with OpenWrt 22.03.
In its initial configuration, all ports are bridged together as described in the docs.
My OpenWrt is linked to the ISP Modem/router which is on the subnet 192.168.1.1/24.
I removed one of the port (port 3) from the bridge, created a new interface called "WIFI" with port 3 and connected a Wifi access point to port 3 (ORBI RBR750).
The WIFI interface (network 192.168.30.1/24) has DHCP enabled.
The clients that connects to the Wifi AP got an IP address in the range 192.168.30.x but can't go to internet.
I have configured a zone in the firewall section to allow connection from wifi to LAN with no success
the WAN zone has created by the installation but I think it is useless since the internet is reached thru my ISP modem (gateway on the LAN)
Can you help my troubleshot this problem, it is giving me headaches
How to access internet from clients connected to WIFI ?
Thank you
Are you doing anything special on the Netgear switch? Keep in mind that you should not attempt routing on that device due to the fact that it is a switch and the hardware is not optimized for routing (it'll be really slow).. all routing should hpapen on the Orbi.
Let's see your configuration files from the Orbi:
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
When I say : I removed one of the port (port 3) from the bridge
I mean : I went to Network > Interface menu, then on Device tab, click Configure on the device named "switch" and then deselect the port called lan3 from the bridge port menu:
Referring your second question, I've installed OpenWRT on the netgear GS108Tv3 switch and I attempted routing on this device. I didn't know it is to slow to do routing.
It don't seem OpenWrt is compatible with ORBI RBR750 on the compatibility list
here are the files :
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdf4:xxxx:xxxx::/48'
config device 'switch'
option name 'switch'
option type 'bridge'
option macaddr '94:18:xx:xx:xx:xx'
list ports 'lan1'
list ports 'lan2'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
list ports 'lan8'
config bridge-vlan 'lan_vlan'
option device 'switch'
option vlan '1'
list ports 'lan1'
list ports 'lan2'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
list ports 'lan8'
config device
option name 'switch.1'
option macaddr '94:18:xx:xx:xx:xx'
config interface 'lan'
option device 'switch.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '1.1.1.1'
option gateway '192.168.1.254'
config interface 'wifi'
option proto 'static'
option device 'lan3'
option ipaddr '192.168.30.1'
option netmask '255.255.255.0'
option broadcast '192.168.30.255'
list dns '1.1.1.1'
list dns '8.8.8.8'
option gateway '192.168.1.1'
If your Orbi is running OpenWrt, that is where you should be doing the routing. The switch (Netgear device) is not designed for routing. The Orbi is.
There are a whole bunch of problems that I see here... I'd suggest that you reset your devices to default and then do the following:
if your fritzbox is using 192.168.1.1 as its IP address, the GS108T must not use the same address (currently it is, based on the configs you shared). Set it to something like 192.168.1.2 instead.
Ok, I understand I can't use the GS108T as a router.
Unfortunately, my Orbi RBR750 (AX4200) doesn't have a OpenWRT firmware available.
The only one that exists is for the RBR50 (AC3000) but I don't think I could use this firmware in my RBR750, could I ?
No, don't attempt to install firmware for another device... it will almost certainly cause a brick.
Given that your Orbi can't run OpenWrt, if you were to do what you're proposing (routing on the switch), you'd only be able to use that new network on the AP... the regular LAN would not be braodcast on the AP in that situation. Is that what you want?
Or... better asked...
what is your goal? Why do you want a separate subnet for wifi? Is it for guests or other untrusted devices?
For this type of network, you really need to have a proper router. You don't want to do the routing for this network on a device that is designed as a switch.
Depending on your perspective, you could buy something that will suit your needs long term, or just something to tinker around with until you're more comfortable with OpenWrt. For learning purposes, it can be a really inexpensive router on the used market or even new. But you will want it to be a router (which may or may not include wifi and a built-in switch). The Raspberry Pi/Orange Pi/Banana Pi devices are also really popular choices (depending on availability and price, of course).
rtl838x however peaks out around 15-20 MBit/s total, it's a switch (L2), not a router (L3). These are quite different use cases, L2 switching just needs a 'stupid' but massively parallel switch fabric, L3 routing needs (a lot of) CPU power to make decisions dynamically.
I have a RaspberryPi 3 laying around and I could use it to make some tests and learn how to use OpenWrt. I didn’t assumed I could use a non « network based » device to do routing. Is it very powerful !
After, I could by a more robust router or mini-PC. I hope I will be able to use it with my Orbi mesh wireless AP (which was quite expensive) and do the segregation I want on the wireless device connected.
I have another question for my learning : in a lot of OpenWRT example I see a LAN interface and a WAN interface. In my use case, I assume I will never have a WAN interface because my OpenWRT device will be after my ISP router. So this device will always be on the LAN part.
Am I right ?
The RPi3 and its predecessors are bottlenecked by its USB2 system bus, connecting its onboard ethernet port and any USB ethernet card you're going to connect for WAN. This is a severe performance limit. Only the RPi4 has added PCIe and USB3 support, getting rid of this bottleneck.
While you can certainly experiment with a RPi3, it's not good for router use.
