I currently own the Buffalo WZR 600DHP, but due to a hardware limitation in the chipset (https://dev.openwrt.org/ticket/14312) it cannot mix tagged and untagged VLANs, which is a feature I need. So my question is this - what is the best router I can buy that supports OpenWrt 12.09 and supports ports with mixed traffic (tagged and untagged)? Honestly, if it is a router/AP and the radio isn't supported I'm fine with that. I don't currently use the radio on my Buffalo either -- I've got two Airport Extremes (one N, one AC) and an N-express providing roaming coverage of my house.

I also have a perfectly good Netgear WNR5300L/U, but despite every single guide out there, all attempts to flash it with the "supported" 3500L firmware (chk) or the generic mtr writeable (trx) results in a brick that requires a 30/30/30 to even bring it back to a state where I can shortcut the jumpers and induce it into TFTP-ready mode. I even used the way-back machine to find the generic trx for brcm2708 from last March '13 and August '12, but even those do not work.

Anyway, my primary concern is getting a router I can put OpenWrt on that supports mixed traffic. I'd like it to be as powerful as possible. Cost wise anything under $250 is fine since the Cisco SMB line sucks in comparison to OpenWrt and the enterprisey 1900s start close to $700.

Thanks for your help!

Unfortunately, I don't have an answer for you. However, I am not familiar with a tag VLAN feature. Can you please explain its benefit(s)? A link to this feature will certainly be helpful. Thanks.

Hi Mazi,

Tagging is best described at http://wiki.openwrt.org/doc/uci/network/switch. It's the ability for a port to participate in a VLAN using a technology called 802.1q where some space is used in an ethernet frame to indicate to which virtual LAN (VLAN) a frame belongs. Mixed traffic is when Port X is untagged for VLAN 1 and tagged for one or more VLANs. This means that any ethernet frames inbound to Port X that are untagged will be treated as if they belong to VLAN 1 on the switch. And any frame that is tagged for Port X will be handled by the VLAN configured on the switch that has the same configured tag.

Does that make sense?

I have a http://wiki.openwrt.org/toh/netgear/wndr3800 which seems to work properly with tagged vlans except for vlan1 which only works untagged or not at all. Is there a specific test you'd like me to run? It might take me a while to get to testing it though.

Hi Halstead,

I looked at the WNDR3800, but it uses an ar71xx chipset just like the 600DHP, so it will have the same limitation. That chipset works fine with tagged VLANs as long as when you mark as port as tagged, it is *always* tagged. The "exception" you list is actually the crux of the problem. OpenWrt's switch documentation indicates that all ports are able to be tagged *and* untagged if they are untagged on a single, default VLAN. Thus Ports 1-4 could all be untagged on VLAN 1 and tagged on all other VLANs. What that says is "any frames received by the switch without a VLAN tag should be directed to VLAN 1." Except the moment you mark any of those ports as tagged for another VLAN, their untagged status is removed since a port is untagged or tagged without respect to its VLAN membership on this chipset. See the remarks by an OpenWrt developer on my bug notice - https://dev.openwrt.org/ticket/14312.

Hi All,

FWIW, I think I know what hardware I'm going to use. After loading OpenWrt x86 inside a VM and being thoroughly impressed with it, I'm going to opt for an Alix board. Specifically http://www.pcengines.ch/alix2d13.htm. And since one of the popular, online resellers of Alix is literally two miles from my house, I'm going to buy this one from them today - http://store.netgate.com/Netgate-m1n1wa … 6C83.aspx.

Interestingly though, something to which I have not paid much consideration, is throughput on the router. I'm in Austin, TX, and we're getting Google Fiber next year. According to Netgate, here are the performance metrics for the Alix 2D13 board:

So while this hardware will do me for now, next year it looks like I may be building my own little x86 box with an i5 and a few gig of RAM to ensure I can take advantage of the new line coming to my house because PFsense has a nice sizing guide for hardware/throughput.

Now obviously this sizing guide is incredibly generic and doesn't take into account multiple CPUs/cores, RAM, or software. However, without real-world tests, I'm betting to achieve sustained, wired gigabit speeds it will take more than an Alix.

First of all, you want to use a device running OpenWRT purely as a router even if the radio doesn't work? That wouldn't be very high-speed, so to speak.

The only way to come close to wire-speed packet forwarding with a computer is via usage of netmap and a netmap supported ethernet card. Netmap only runs on FreeBSD. True, PFSense is based on FreeBSD but netmap won't be there for some years still.

Finally, do you need wire-speed gigabit? I had gigabit fibre to my apartment for 2 years, and 1 year ago I moved to a house where I am back to 20/1 ADSL. I honestly cannot tell the difference - most content distribution networks are heavily throttled nowadays, anyway.

I got it all figured out for you :-)

Low cost solution:
Intel NUC Forest Canyon - NUC DN2810FYK
Available Q1: 2014
139 USD
It is rumored that it already contains a 802.11n module.
If not +29 USD intel 802.11ac mini pci-e

Lowest power usage. Idle: ~10W
Can/is most likely be passively cooled.

Limitations:
1 NIC
no AES-NI support (requires more expensive server boards with new Exxx atoms/celerons)

But I'm not worrying much about AES, the bottleneck is with 802.11ac.

I'm not recommending pfsense. Their stable version is years behind the current technology (no 802.11n, ac years away etc).

(Last edited by euclid on 17 Dec 2013, 10:04)