I'm newbie in regards with OpenWRT using WRT3200ACM
Then, I would like to reproduce this example with OpenWrt:
... who is dedicated for an RT-AC3200 and not developed for Marvel chipset for WRT3200ACM
I also tried with DD-WRT without success.
Someone believe that is possible to realize this with OpenWrt?
Regards
Yes, that looks quite similar to what I have at home, using this WRT3200ACM.
Hi Mister,
Thanks for your quick response!!
Are you willing to share what you do such as provide me your configuration file or show me step-by-step? 
Regards
This is a "router on a stick"
First, setup your switch ports for a trunk to your layer 2 switch. Port 4 is the trunk.
The layer 2 switch needs to match this.
to be continued...
Continued...
Second, create your vlan interfaces. i.e. vlan40 on switch = vlan40 on interface
Third, create firewall forwarding rules
input and forward are set to REJECT
change for your needs
Fourth, open firewall to allow services to the router. i.e. sample from my config
config rule
option target 'ACCEPT'
option dest_port '53'
option proto 'udp'
option src 'vlan20'
option name 'Allow-DNS-20'
config rule (note this allows both ipv4 and ipv6)
option target 'ACCEPT'
option proto 'icmp'
option src 'vlan20'
option name 'Allow-ICMP-20'
config rule
option target 'ACCEPT'
option proto 'udp'
option dest_port '67'
option name 'Allow-DHCP-20'
option family 'ipv4'
option src 'vlan20'
config rule
option target 'ACCEPT'
option proto 'udp'
option dest_port '547'
option name 'Allow-DHCPv6-20'
option family 'ipv6'
option src 'vlan20'
config rule
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '5351'
option name 'Allow-NAT-PMP-20'
option family 'ipv4'
option src 'vlan20'
option enabled '0'
Hi Andrew,
Let me know show you my network configuration:
I believe that I need to set up the router as a switch before
Please, let me know if I'm right with this configuration.
Also, don't hesitate to give me the requirement in order to set it up
Regards
192.32.x.x is not a private network.
anyways, please see this post
substitute you vlan1 values
Hi Andrew!!
Hope you had a nice WE!!
I tried to setup my router with your instruction and unfortunately, isn't working 
Then, I probably misunderstanding a setup that cause the issues.
you wrote :
System/Startup/Firewall (disable)
Network/Interfaces/LAN (disable DHCP and all DHCPv6 services)
(assign IP address i.e. 192.168.1.253)
(assign gateway i.e. 192.168.1.1)
(assign DNS i.e. 192.168.1.1)
... not sure I did correctly those things......
So, I decided to create a procedure if you agree to collaborate with me and I believe that procedure will be useful for others WRT 3200ACM users using OpenWrt as I did.
There is the link:
http://www.revolutek.ca/engineering/Linksys/OpenWrt%20Network%20Switch%20And%20Router.pdf
The procedure isn't complete because, I loose the router at the end. In others words, I'm unable to continue after Save & Apply because I can't reach the router via 192.32.206.253 ( need to RESET)
Let me know where I'm wrong.
Once the problem will fixed, I continue the procedure with others stuff to complete VLAN through wireless
Regards
First, the use of the 192.32.x.x subnet should not be used on the LAN side of the router.
Use the private networks as described by RFC 1918. i.e. 192.168.x.x, 172.(16-31).x.x, 10.x.x.x.
Most routers running OpenWRT can run VLANs on separate ports, with port1/vlan1, port2/vlan20, port3/vlan30, port4/vlan40.
The use of a "router on a stick" is required if there are more than 4 VLANS and/or more than one port is required for each vlan. i.e. one of my alternate setups is an 8 port managed switch, one trunk, 2 ports for vlan1, 3 ports for vlan20, 1 port each for vlan 30 and 40.
In any case, I believe you do not need the LRT-214.
What are your needs? The configuration needs to be done in a specific order. If you change it, sometimes it's easier to start from a reset.
Regarding if the router is unreachable, make sure you are connected to port 1, otherwise the firewall rules on the other ports will block you. Managing the router can only be done on VLAN1, this is called a management VLAN. This will minimize the risk to your router if anything infected on the other VLANs.
The wireless interface is bridged to a vlan interface. By default, it is LAN/vlan1.
Hi Andrew,
I would like to make it simple, but there is the final setup :
As you mentioned, I changed the IP address in order to meet RFC 1918
Now, using this configuration, the LRT-214 is necessary because WRT 3200ACM and LGS-318 aren't in the same room.
So, did you take a look on my documentation I wrote?
http://www.revolutek.ca/engineering/Linksys/OpenWrt%20Network%20Switch%20And%20Router.pdf
Once the reset is performing on the router, my computer is connected to LAN Port#1 with internet access, so everything is going well!
As I told you, I executed step-by-step (see document) what you intentioned to me without success...
At the moment I click on Save & Apply button, the router is totally lost and unable to pursue the configuration via WAN port.
Please, confirm me if I did the good things according my documentation
Also, I'm surprised that we do not disable the WLAN interface ?
Regards
Hi Andrew,
OK, it work now!!
I got each vlan 1,20,30 and 40 through Port#1@#4 and the trunk is the WAN port!!
I added another step, WE NEED TO SET WAN PORT AS UNMANAGED!!!
http://www.revolutek.ca/engineering/Linksys/OpenWrt%20Network%20Switch%20And%20Router.pdf
Now, I only need to know the next step to attach VLAN (20,30 and 40) through Wireless Radio0, Radio1 and Radio2 respectively
I expect a bridge.... ????
I'm very happy!! I work on it since 3 weeks!!! (attempt with LinkSys default software, DD-WRT and OpenWrt....)
Once finish, I would like to share the procedure to OpenWrt!!
Thanks
Regards
What you want is an access point with multiple SSID/VLANs.
First, configure as a dumb AP (vlan1)
System/Startup, disable firewall
Network/Interfaces, disable DHCP and IPv6 RA and DHCPv6
Network/Interfaces, change ip address to 192.168.206.3, set gateway and dns to 192.168.206.1 (if the GUI fails and reverts, use SSH shell to edit "/etc/config/network")
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.206.3'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.206.1'
option dns '192.168.206.1'
save and reboot
edit and enable your wireless interfaces, verify that the AP works on vlan1
save your configuration.
Second
Network/Switch, create additional VLANS, for each line, tag the CPU and port1 (or any other LAN port) (do not use WAN port)
(the CPU tag must be the same as VLAN1)
(edited)
Network/Firewall, create zones to match VLANS, settings should be duplicated same as LAN zone. (edit, the covered networks should match the VLAN)
Network/Interfaces, create interfaces, new name to match VLAN, use protocol UNMANAGED, assign firewall zone of the same name, assign physical interface with VLAN (note, the AP can only be managed on VLAN1)
Third
Network/Wireless, create additional wireless interfaces.
Fourth
Network/Interfaces, physical interfaces, create a bridged interface.
Select a network VLAN interface and a wireless interface
you beat me to it...
Hi,
As explained previously, I'm unable to use my wireless Radio0, Radio1 and Radio2 with VLAN20, VLAN30 and VLAN40 respectively
In other words, I see the wireless ID and I can connect to them but it written : Limited Access!
Then no IP Address given and unable to go on internet.
Maybe, some bridge parameters are probably missing?
Therefore, Port1(VLAN1), Port2(VLAN20), Port3(VLAN30), Port4(VLAN40) using ethernet cable are working as expected and I can go through the WEB. IP address are provided according each VLAN network and work fine.
Everything you wrote to me in order to help me are in this document (my interpretation)
http://www.revolutek.ca/engineering/Linksys/OpenWrt%20Network%20Switch%20And%20Router.pdf
Please, let me know where I'm wrong!!
Regards
Try 5b below first.
Going through your latest write up.
I find that running all-in-one configurations are too difficult to manage, so I prefer to set each device as a separate function. I have running configs for separate routers, managed switch, and multi SSID/vlan APs
Hi Andrew,
Everything's working perfectly!!
Honestly, I don't understand why you said the WAN port isn't used, because I use WAN port as trunk port??
Please, check again what I wrote in order to be suitable with everything!!
http://www.revolutek.ca/engineering/Linksys/OpenWrt%20Network%20Switch%20And%20Router.pdf
Let me know if this DOC can be permanently available from OpenWrt web site
Thank you!!
Good to hear.
With so many different ways to configure, makes for so many different ways to screw it up.
Basically , I setup the device ip adress of the router which is on VLAN 1
Since, I want to use the same ip address on VLAN50 instead VLAN1 , do we need to do something on the router administrative when moving ip address through VLAN50 instead VLAN1?
Into linksys software I see Ë‹Management VLAN' option to allow to define which VLAN is used for device ip address
You found an outdated thread:
For practical reason, I am suggesting to close this thread: The original thread is 2 years old and addresses mvebu on OpenWRT at a time when it was swconfig-based. OpenWRT for mvebu is now DSA-based since 2021, so config is now different, so this outdated thread content is only applicable to people, who have not updated OpenWRT on their mvebu for more than 3 years.
Sounds like you found the wrong forum. If you are interested in official linksys firmware, you should consider one of the linksys forum.
