extend a guest wifi on second access point with OpenWrt using VLANs

  Рет қаралды 76,750

OneMarcFifty

OneMarcFifty

Күн бұрын

Пікірлер: 258
@NicolasBaudoin-i1d
@NicolasBaudoin-i1d Жыл бұрын
Hi Marc, The interface has changed a little bit inbetween, and also, now in Network > Interfaces, when I edit an interface, there is no more Physical tab, and it's changed in a Device selector in the General tab. The problem is, there I can not assigned more than one item. So I don't really get how to do it the same as you did.
@almightyura
@almightyura 2 жыл бұрын
For over a year I have been browsing the internet for this information. You have put it into several short and understandable videos. Bravo, and thank you.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hey Mirek, many thanks ! Glad you found what you were looking for finally ;-)
@heraldreichel1971
@heraldreichel1971 2 жыл бұрын
This video is exactly what I have been looking for and explains the problems and solutions really well. Recently my mobility was more limited than I had planned for, and although all of my home setup had "guest" connectivity, getting to the physical "engine room" was absurdly difficult. This solution is great for a home environment, where physical access to infrastructure is easily monitored. As a side note: On higher levels all traffic should be encrypted anyway. If DHCP were compromised (MAC spoofing isn't unheard of, after all) or DNS was poisoned, all an intruder would get for their trouble is an unviable connection attempt on the data channel. Most importantly: In your setup wireless connections are as secure as the endpoint configuration allows them to be. Love it. Simple and does everything you need at a home setting.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Awesome feedback- many thanks!
@darthkielbasa
@darthkielbasa 2 жыл бұрын
@@OneMarcFifty OpenWRT guidance with the voice of a soothing, reassuring eastern European therapist. This channel has it all.
@suxen6116
@suxen6116 3 жыл бұрын
Thanks Marc. I find your video the easiest way to understand VLAN. Please consider making new video about VLAN config on openwrt version 21 where it uses DSA
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Hi, many thanks for the feedback. I will put it on the list ;-)
@sigler19744
@sigler19744 2 жыл бұрын
Thank You! I did this very thing.... but the access point I'm using is a Unifi access point with a TP-Link router with OpenWrt and it's working perfectly. Thanks sooo much!
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Awesome - many thanks for the feedback!
@tomcheng76
@tomcheng76 4 ай бұрын
awesome! i always find myself not touching the openwrt vlan function, your guide is clear and easy to follow, thank you!
@jaromanda
@jaromanda 3 жыл бұрын
I find your videos so simple to follow, thank you One thing to note is that with the release of OpenWRT 21.02 many devices now use DSA instead of sw_config - so, some of the configuration methods have changed a bit! However, your simple explanations still work
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Many thanks for the feedback ;-) Yes, DSA / Bridge VLAN filtering etc. will be covered in one of the next videos (planning it before end of december actually)
@cattivello
@cattivello 2 жыл бұрын
@@OneMarcFifty Looking forward to it.
@cattivello
@cattivello 2 жыл бұрын
if possible mention also a mix of system: I have all version 21.02 but one uses switch and the oter uses DSA! (one is a netgrear and the other is a Linksys WRT1900AC v1). thanks
@peterb8647
@peterb8647 3 жыл бұрын
Thanks for the instructions!It took me sometime to figure out how to enable a guest network on a second router (dumb AP) with vlan running openwrt 21.02 as there is no “bridge” checkbox anymore: in the interface tab there is a tab called Devices and I had to create a br-Guest bridge device similar to br-lan and assign br-guest to the Guest interface. Now it’s working smoothly on the dumb AP as well!
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Awesome, glad you got it working - yes, the way VLANs are handled has changed in OpenErt 21 or rather in Linux Kernel 5 - we are now talking about Distributed Switch Architecture /DSA - I'll see if I can make a video on that.
@Andrew-by5yo
@Andrew-by5yo 3 жыл бұрын
Peter B, thank you so much for your suggestion, you saved me a great deal of time and frustration. I'm sharing the steps I took, as it may help out someone else. To get things working with OpenWrt 21.x I performed the same procedure on both my router (Linksys WRT3200ACM) and my access point (D-LInk DIR-2660) as follows: The first step is to setup the guest vlan: - On the top menu, navigate to "Network"/"Interfaces" and click the "Devices" tab. - Click the "Add device configuration..." button. - Change "Device Type" to "VLAN (802.1q)". - Enter "VLAN ID" (in my case 10) - Select "Base device". In my case I wanted to use ethernet port 1, so I chose lan1 on my router, it may differ on yours. - The "Device Name" will auto populate to be "Base device"."VLAN ID". So in my case lan1.10 - Click "Save" and then click "Save & Apply". - For the lan and iot vlans, repeat the same steps with a different "VLAN ID" for each. The next step is to setup a guest bridge and link the guest vlan to it: - On the top menu, navigate to "Network"/"Interfaces" and click the "Devices" tab. - Click the "Add device configuration..." button. - Enter "Device name" (say "br-guest"). - For "Bridge ports" select the "VLAN ID" you created for your guest vlan above (lan1.10 in my case) - Click "Save" and then click "Save & Apply". - For the iot bridge, repeat the same steps selecting the iot "VLAN ID" in the "Bridge ports" step and a different "Device name". - The lan bridge previously existed by default, so you just have to start with the "Bridge ports" step and select the lan "VLAN ID". In addition, I deselected the "lan1" port in the "Bridge ports" step, as I did not want untagged traffic on this ethernet port. The final step is to link the guest bridge to the guest interface. - On the top menu, navigate to "Network"/"Interfaces" and stay on the "Interfaces" tab. - Click "Edit" for the guest interface. - Change "Device" to the guest bridge name you created earlier (br-guest in my case). - Click "Save" and then click "Save & Apply". - Do the same for the iot interface using the iot bridge name. - The lan interface should already be linked to br-lan by default, so no need to change anything there. One final reboot and I was able to successfully connect the two devices with an ethernet cable on the lan1 port. I hope that helps someone else.
@alwanosuarez9022
@alwanosuarez9022 3 жыл бұрын
@@Andrew-by5yo Hey can you help me out?
@TheTommyPT
@TheTommyPT 2 жыл бұрын
Man this is real service! Thanks for your knowledge sharing. I've just added a second "dumb ap" (via powerline) to my network. I do not yet have network segmentation (only a single network) but this will probably resolve my issues when I add the IoT and Guest networks.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Awesome - let us know how things go !
@nosoupformecom
@nosoupformecom Жыл бұрын
Your videos and commentary are fantastic and as an IT pro, I normally have no trouble understanding, but this time I'll add that VLAN configuration (tagging/untagging) about 4 min in flew way over my head.
@farayman100
@farayman100 3 жыл бұрын
Thank you very much for these tutorials, they are excellent! For me the roaming (tested on iPhone) only started working when I changed the WPA2-PSK cipher to "Force CCMP (AES)" on both the router and AP. I still have the DTIM interval set to default (2).
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Thanks a lot for the feedback and sharing! That's interesting - I have however seen different behavior with different hardware w/r to encrytpion algorithms. Never had issues with the iphone though. What IOS version is it on ?
@0ChAnTi
@0ChAnTi 3 жыл бұрын
Don´t know why I never stumbled over one of your videos before, 10 of 10 points.I will spend the next days to see al others.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Brilliant, many thanks for your nice feedback!
@damianthomson6402
@damianthomson6402 3 жыл бұрын
Awesome I’ve been looking forward to this second video, I have 2x OpenWRT access points connected over power line adaptors but didn’t know how to get vlans setup - I use my isps router with a static ip as my internet connection (it doesn’t support modem mode)
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Awesome, many thanks for sharing, let me know how things go!
@henning7801
@henning7801 3 жыл бұрын
Perfect I have build nearly exact this configuration with TP-Link AC7150v5 and WDR4900. These models allow using untagged and tagged on one port. This enables me to use an old unmaged switch. No problems so far. Wonderful.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Many thanks Henning, this is great feedback (again) and I am glad that you can use it!
@henning7801
@henning7801 3 жыл бұрын
@@OneMarcFifty What is the desired solution to make communication work between IoT devices and the services (mqtt, homegear, nextcloud, postres, webdav,.. ) running on my single machine server? Since the IoT devices are in another subnet now, they can't reach some services (MQTT & Homegear) anymore. Should I drill holes into the firewall, so an IoT device can send a message to MQTT? Should I spend the server an additional (virtual) Interface, that is able to communicate with devices in VLAN 3? Do I have to change my server to a virtual environment like XCP-NG? Please give me a hint 1. best solution 2. good solution 3. worth solution
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
I am running mqtt with mosquitto on the router.
@henning7801
@henning7801 3 жыл бұрын
@@OneMarcFifty Ok, mosquitto may be ok. But for homegear there is no OpenWrt package. And homegear is using MQTT to control heating devices (MAX!) via an LAN based 866MHz radio gateway on one side and stores log informations in the postgresql database on the other side. So I will need both networks for homeautomation. Remote access to all devices in my lan is done via OpenVPN only. I plan to replace it by wireguard. But I definitely don't want a internet based cloud solution.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
But can‘t you send messages to mqtt on the iot side (172.xxx) and subscribe to the mqtt server on the lan side (192.xxx), i.e. use the mqtt server as a kind of gateway? The 866 Mhz should work independently of the ip network
@Andrew-by5yo
@Andrew-by5yo 3 жыл бұрын
Marc, firstly thank you for all your effort in making these videos, they are outstanding. I'm echoing the call for companion videos for setting up the LAN/Guest/IOT setup using OpenWrt 21.x for both the router and an access point (Isn't it time to upgrade your own home network? :-)). In one of your other videos you reviewed the D-Link DIR-2660, which is only supported by OpenWrt 21.x (the other two routers you reviewed the TP-Link Archer C7 and Linksys WRT3200ACM are supported by OpenWrt 19.x and 21.x). So anyone following your lead will have trouble setting up the VLANs on the DIR-2660. I think you should spell out in the title, and in the pin, that these instructions are for OpenWrt 19.x only so viewers don't get confused. Ditto for the router video also. I have been trying in vain to set this up using DD-WRT for some time and successfully switched to OpenWrt after finding your channel. I have not regrets, it's all up-side. Thanks again.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Hi Andrew, this is awesome feed-back, many thanks ! The OpenWrt 21 video is in the making - should come out in December.
@anilgargsfo
@anilgargsfo 2 жыл бұрын
Marc: I have said before and I will say it again. You have an amazing gift to make complex things simple. Great service. As an aside, how about creating a video with one wifi to connect with openVPN and other wifi to connect with regular non-vpn network. Perfect recipe for WFH guys. I think you can do this once without using VLAN and another with VLAN.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi, great suggestion many thanks - I'll have a look into that
@Anonymouzee
@Anonymouzee 2 жыл бұрын
I'll have to test/learn all this... I think i'll start adding 1 admin vlan to my network... and test trunking and visibility... hope my Netgear managed switches do not give much trouble (I was happy to change the old HPs 19xx,,, but already repent changing the previous TPL-Jetstreams) thanks Marc!
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hey, you're welcome - let me know how it goes ;-)
@brightplastik
@brightplastik 2 жыл бұрын
Suuuuuuper! I think this is just what I was looking for, Marc! Not 100% sure, but I feel like you really read your subscribers' mind. So I'll try to follow your steps, and report back! Thank you very, very much. You seem the guru I needed to find. 😋
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi Gabriel - no, I am not a guru at all :-) Just some guy from Germany who loves to share his learnings ;-) And - I don't have to read anyone's minds - it's totally sufficient to read the comments under my videos ;-)
@brightplastik
@brightplastik 2 жыл бұрын
@@OneMarcFifty help! Would you mind sharing (here, or somewhere else) the content of the two /etc/config/network files in the router and access point? On some devices (namely those with IPQxxxx SoC) the only way to set tagged and untagged is with SSH, as there are bugs with DSA and VLANs. It should be viable to connect with only one cable, but I have to be super scrupolous the way I do it. Hope I'm not bothering you too much.
@ddifranc
@ddifranc 3 жыл бұрын
Any plans to update this for DSA/21.02.0? That'd be fantastic for a novice such as myself. Thanks!
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
I am working on it - it should come out in December ! Next episode Xiaomi 4A, then OpenWrt 21 / DSA etc.
@joelguittet4807
@joelguittet4807 Жыл бұрын
Hello Marc! Good video as usual. Seems the interface of OpenWRT has changed since a while now regarding VLANS. Any new tutorial to come on this topic to achieve this with the latest OpenWRT ? 🙂
@germas369
@germas369 Жыл бұрын
This is fantastic. I understand VLANs so much better now, and its really quite simple! Very useful stuff
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi, I am glad you could use it - thanks for the feedback.
@joaopedrogodinho
@joaopedrogodinho 2 жыл бұрын
Hi Marc thank you for your time producing this precious material 😊 I'll try to create a small network in my home replacing de ISP router by a custom solution with a raspberry pi as main router connected to a dumb access point to provide wifi to my devices and your videos are exactly what I need to move forward with my plan. Kind regards
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Awesome - many thanks for your feedback !
@glitchy_weasel
@glitchy_weasel 3 жыл бұрын
Such an interesting episode! And so informative too! I've heard about VLAN but I never understood the concept, this video sure helped ;)
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Many thanks again - glad that it helped!
@yellowfeat
@yellowfeat 3 жыл бұрын
Incredibly informative, many thanks :) I am wondering about the following though, in the name of attempting to minimize the number or devices running 24/7: Rather than using the LAN switch port 1 on the Dumb AP to connect the upstream Router (or in your example, the bigger Switch) and leaving the WAN port unused, would I not simply be able to tag the WAN port for my VLAN purposes instead? Or are there hardware limitations I am not seeing? (Perhaps this is limited to certain hardware, I am using the C7 myself).
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
No - there is nothing special about the wan port - you can use it like any other port - you could even give them other names like "Fritz" or "Hans" - it doesn't matter.
@mortenlund1418
@mortenlund1418 2 жыл бұрын
Thank you for sharing. Great video - very explanatory in an understandably way for newcomers!
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi Morten, many thanks for the feedback ;-)
@igormoeller
@igormoeller Жыл бұрын
Great videoes. Luci is not always intuitive. Your firewall video and this one clarified many issues :)
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Igor, thank you very much - glad you liked them ;-)
@collectionfiles2691
@collectionfiles2691 2 жыл бұрын
You are a good teacher in my life about openwrt..^_^ thak you very much sir.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Thank you
@m3rryw34th3r
@m3rryw34th3r 5 ай бұрын
Thank you very much Marc! My VLANs are working but I am in trouble getting my access points to work as well. My access points should offer wired and wireless connection to my network. So I need to configure the access point without firewall rules and dhcp or dns and only provide this by setting gateway and dns to the mainrouter? I thank everyone for support!
@rodjohn01
@rodjohn01 Жыл бұрын
Great tutorial, only thing you missed were the firewall rules on the router / firewall side.
@johnbayly6996
@johnbayly6996 2 жыл бұрын
Hi Mark, how do I add a wired device to my access point? I've set this up in my house, and it works perfectly. The only issue is that I have a smart thermostat for my boiler, but it won't get an Ip address when plugged into the access point. Shall I assign a static IP address by plugging in to the Router, then plug into the access point, or do I need to tag a different port?
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi John, you would just have to bridge an available Ethernet port to any of the devices (IOT, Guest etc.) on the access point and then plug the device into that port. The port would need to be untagged ("Port VLAN")
@1over137
@1over137 3 жыл бұрын
Thought I'd update you that I have got this working with OpenWRT v21. Quite a few changes there. Not always apparent on how to configure. Basically VLANs are handled differently if they are hardware or software, but ultimately you need an interface (unmanaged is fine) on the VLAN to give it a "network name" like GUEST, then you set that as the Wifi's network. It will go to that interface and thus be VLAN tagged by the interface underneath. When you have a hardware (single interface) switch, is the only time you will have "Switch" in the menu. Software VLANs are kept inside v21's bridges, modified under the bridge device's "VLAN Filtering" tab. Hardware VLANs are still on the "Switch" tab and then present themselves as sub-interfaces, eg, eth0.1, eth0.100 Ping me if you are trying OpenWRT and get stuck.
@1over137
@1over137 3 жыл бұрын
Oh yea. While fiddling with it, DO NOT let it put both your hardware VLAN interfaces into it's default br-lan. This literally bridges the VLANs, so all traffic from each goes out both and hardware switches and STP will put ports into blocked state. Not that easy to recover from.
@alwanosuarez9022
@alwanosuarez9022 2 жыл бұрын
have you figured out how to do this in openwrt 21? i stuck
@1over137
@1over137 2 жыл бұрын
@@alwanosuarez9022 Did you get the original router working with the 3 networks/firewall?
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Next video will show this on OpenWrt 21 - before the end of this year
@mzielik
@mzielik 3 жыл бұрын
Your videos are very helpful! Tell me please what I need to do to create 2 separate networks on an openwrt router ? LAN1 would speak with WAN1 and LAN2 would speak to WAN2 only ?
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Hi Michal, you would first set up the 4 zones LAN1, LAN2, WAN1, WAN2 and then setup zone forwarding LAN1->WAN1 and LAN2 ->WAN2
@pm71241
@pm71241 2 жыл бұрын
Any routing between the networks at the access-point will require the traffic to go over the "trunk" and then back. I guess that if your 2nd router is fast enough you could allow it to route locally too.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi Peter, yes you could have the AP route locally. The reason why I configured it centrally was that I did not want to repeat firewall rules on every single device.
@mr-jack
@mr-jack 2 жыл бұрын
That was awesome! So much info in one video. Now I have to try to map it to my own network :( :) Be prepared for your viewing stats to go up significantly, I am going to have to rewatch it quite a few times.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Awesome - looking forward to it ;-)
@greatestunknown
@greatestunknown 3 жыл бұрын
I followed your lessons but ran into some problems. First I recently purchased a D-Link Dir 2660 following your video on the best OpenWrt routers for 2021 as it was stated to be well supported of OpenWrt. I followed your flashing instructions for this router going to the firmware selector and got the latest OpenWrt. I then followed episode one setting up three LAN's, an IOT, Guest and private LAN and this is where I ran into my first obstacle. When adding a new interface, there is no check box for "Bridge Interfaces". Figuring I could sort that out later I moved on ahead until I got to episode two. Now in episode two, I ran into a problem that my LuCi has no option for "Switch" configurations in the Network drop down menu or anywhere else. I am migrating over from DDWRT and iptables and this is EXACTLY what I was looking to do. That is, access my camera web interfaces from the private LAN whilst they are on an IOT, and set up VLAN'S with tagging and trunking. I am using a D-Link Dir 2660 and OpenWrt 21.02. Now I'm hoping, is there is a way to make this happen? Second question; why would OpenWrt not have switch configs? This has always been a part of DDWRT, some more crude than others, but it has always been there. I thought OpenWrt was a bit more advanced than DDWRT. What's up with that?
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
OpenWrt 21 uses distributed switch architecture (DSA) - video to follow soon ;-)
@greatestunknown
@greatestunknown 3 жыл бұрын
@@OneMarcFifty Thanks Marc - DSA. Following your video still works, it's not hard to extrapolate. But the real reason I am replying again is to tell you sir, you have the best tutorial's on all of youtube, in fact all of the Internet for that matter. Another thumb's UP!!!
@bambaclart4592
@bambaclart4592 3 жыл бұрын
I haven’t got the “Switch” tab under network, I’m using a raspberry pi CM4 and have 2 Ethernet ports, I want to enable vlans on eth1 and can’t figure out how to!
@bambaclart4592
@bambaclart4592 3 жыл бұрын
I have connected eth1 to an HP2530 managed switch and setup VLAN there
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
@@bambaclart4592 Hi, your Pi doesn't have a switch. You might be able to use Distributed Switch Architecture (DSA) with OpenWRT 21 (Kernel 5.4) though.
@bambaclart4592
@bambaclart4592 3 жыл бұрын
Thanks for the fast reply! I am using the CM4 with the “IOT router” io board from dfrobot, I’ve seen people on KZbin using the single Ethernet port on a normal pi with vlans so I thought it would work
@bambaclart4592
@bambaclart4592 3 жыл бұрын
@@OneMarcFifty also, I will have a look into your recommendation, I just managed to upgrade my kernel today, thanks
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
You can use vlans by defining eth0.xxx devices (xxx being the id of your vlan). Just the switch page is not there.
@horizon_heroes
@horizon_heroes 2 жыл бұрын
Hi Marc, your videos are just fantastic. I think I have a common problem for "standard users", and I din't manage to set it up with your videos, because unfortunatly I do not have vlans in place. Problem: Setting up a separated guest WLAN without Vlans. My ISP provides a router with no capability for bridge mode and I don't want to do double NAT, etc. After that router there are several unmanaged switches and one big Network e.g. 192.168.1.0/24 Where the router has 192.168.1.1. The OpenWrt Router (e.g. 192.168.1.2) is the access point for the general WLAN as well as the Guest Wlan. Unfortunatly the Guest Wlan can acess all IP adresses in the network, even if I have a separate Guest network e.g. 10.20.30.0/24. It didn't work with firewall settings as described in your videos. The guest network should only find it's way to the internet via 192.168.1.1.If this is in principle possible, maybe it would be worth a video? Keep up the excellent work! Heiko
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi Heiko. Many thanks for your comment. You could set up firewall rules based on IP addresses - that's perfectly possible. Alternatively based on MAC addresses which is a bit better security-wise. You would however set up rules for each known client. Furthermore, using DHCP will be a challenge as clients would not have an IP address at the moment that they request an address. Also, if a guest changed his/her IP address manually then they would get access to everything..... VLANs is really the way to go here .... UNLESS your clients would connect via Wi-Fi only - then you would only have firewall zones and allow WAN access to the zone. In a nutshell, set up a guest and LAN interface and bridge the LAN/Guest Wifi to them.
@ciybe
@ciybe 3 жыл бұрын
Love your videos 😍 great explanations for all things i ever wanted to hear about 👍
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Awesome - glad you like them ;-)
@cattivello
@cattivello 2 жыл бұрын
hi. teim 5:35. when you bridge interfaces and wifi, you need physical settings tab. In V. 21.02 we dont have that option. Can you help on that please?
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi Cattivello, please see the latest video - that should clear things up ;-)
@cattivello
@cattivello 2 жыл бұрын
@@OneMarcFifty it appear that the Netgear Nighthawk X4S R7800 that I am use, runs version 21.02.1 but is not DSA router enabled. From forum, still has Switch and therefore not DSA. If it happen you can spare a video for how to manage VLANs on 21.02.x but still switched, would be great. Thanks
@RodrigoPolo
@RodrigoPolo 4 ай бұрын
@@OneMarcFifty Can you provide the URL here :S
@nicksmith4507
@nicksmith4507 2 жыл бұрын
Cool! I thought my network couldn't get more complex but you gave me new ideas 😀
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Haha - yeah ;-) I thought the same before I discovered VLANs, Proxies, VPN, LTE, SQM and policy based routing ;-)
@geoffhalsey2184
@geoffhalsey2184 3 жыл бұрын
Just out of interest, Openwrt can run in a lightweight LXC container downloaded from Images. However, by default access to the Luci web ui is blocked by the Openwrt firewall? You can modify the firewall settings to address this issue: lxc exec sh # vi /etc/config/firewall [Add the following to the end of the file.] config rule option target 'ACCEPT' option src 'wan' option proto 'tcp' option dest_port '80' option name 'ext_web' [Save the file and then restart.] lxc restart
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Thanks Geoff, just need to be aware that this opens port 80 from the WAN zone - if you are clear of the implications, then go for it ;-) In a test environment this is definitely an easy way to get around 192.168.1.1 setup and limitations ;-)
@geoffhalsey2184
@geoffhalsey2184 3 жыл бұрын
@@OneMarcFifty Thanks for your reply. I agree port 80 isn't ideal, but as it's the bridged IP of the container, known only to the local to the machine it's running on, it's fairly safe. It's a bit like running it with Host-Only Networking in Virtualbox, but it's much lighter on resources than a full VM. If I find a better more secure way I'll let you know.
@cattivello
@cattivello 3 жыл бұрын
Hi Marc, again a great video, thank you. would it be possible to make a parallel video where openwrt is version 21.02? Thank you anyway.
@cattivello
@cattivello 3 жыл бұрын
I believe i figure it out. Is under devices lan configuration. There you can set VLANs I have not yet put it live but the all tagging and untagging is ready. Will soon test live. I also run a VPN client to commercial provider. I hope it will not break things. Tip: if you enable software and hardware offload, you loose the ability to work out iptable that are set (in my case) from the VPNbypass service . Hance, dont turn that on if you need iptables.
@alwanosuarez9022
@alwanosuarez9022 3 жыл бұрын
Thanksss
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Many thanks for sharing ;-)
@Anonymouzee
@Anonymouzee 2 жыл бұрын
Reviewing the video... ?should I deduce that the main purpose of "Tagging" is to make trunks?? and if a "tagged" packet passes though a not configured/aware managed switch is dropped? and that "tagged" packets are always dropped by unmanaged switches? Thanks again Marc ;-)
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi again, yes - in Cisco terms Tagging is called Trunking - and the promoted use case is to link a router/switch to another one. Unmanaged switches do not necessarily drop tagged packets. The ones I have tested just forward them.
@589nm6
@589nm6 3 жыл бұрын
Thanks for the vids, the firewall rules were helpful! I have one difference on my router since it doesn't have an integrated switch I don't have that preference pane so I cannot create vlans that way. I'm still trying to figure that out.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Two update videos will come very soon. One about OpenWrt 21 and the DSA (Distributed Switch architecture) and possibly another one about devices without switch at all (e.g. Raspberry Pi or VM) - what type of device do you have ?
@589nm6
@589nm6 3 жыл бұрын
@@OneMarcFifty Im running it on an dell sff pc with an intel 4 port gigabit pcie card, therefore each port is an interface itself. I’ve skimmed around a bit and think there might be something to putting a . in the interface number creates a VL on that interface, for example: ETH0.2 would be VL 2 on ETH0, I really haven’t had the time to really dive into this yet though.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Oh I see - that‘s a scenario I would have to look at.
@1over137
@1over137 3 жыл бұрын
I got this far, but I am unable to translate what you did here into a working OpenWRT V21 config. There are some fundamental changes in DSA and I cannot seem to find a way to bridge a wlan interface at layer 2 to a VLAN. It seems to steer me only to allow "Network zone" control.... thus routing.... I can't see how to extend that to the other access points.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Hi Paul, the next video will cover that - people keep asking about OpenWrt 21 update ;-)
@jpnaraujo
@jpnaraujo 2 жыл бұрын
Great video, as always! I'd like your feedback on roaming the secondary networks (guest and IOT). I've read on an older forum post that it only works well on one network for each wireless interface, as in roaming between different APs doesn't quite work for secondary guest network. What's your experience on this matter?
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hmmm... I haven't experienced that really. But I would need to trace it - presumably has to do with "deauth on low Ack" setting as well ? Might be safer to disable that...
@alexatdeineroehre
@alexatdeineroehre 2 жыл бұрын
Hi Marc, thx for the great content. Just a Short question from my Side, maybe i dont get it either, but why are you using LAN1 port for the tagged Connection instead of the WAN Port? In this configuration Set Up the WAN Port ist unsed? And would fit better or Not? Regards
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi, many thanks for your feedback - yes, you could use any port really. It doesn't matter. I just had to pick one.
@_11
@_11 5 ай бұрын
Hey Marc, this assumes the access point is running openwrt as well right? What if I have original tp-link firmware on an EAP245 access point? Would VLAN tagging on the access point be impossible?
@bieneratschool
@bieneratschool 2 жыл бұрын
Very good video, but one flaw bugs me: How do you do the config on the Access Point so that it also can't be accessed from the Guest Network?
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Either set the protocol of the guest interface to „unmanaged“ - it then does not get an IP address at all - or bind the relevant processes such as dropbear and uhttpd to a specific ip so that they don’t listen on all interfaces
@nilob1854
@nilob1854 3 жыл бұрын
Hi Marc, your Videos are really high quality contetnt and helped a lot for the first time using openWRT. Do you have any experience with OpenWISP2, and can you make some great Videos dealing with it. Would be a really great addition if you have deployed more than two Accesspoints.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Hi NiLo - I have no experience with it so far, but I still have the idea to make a video on real Wi-Fi mesh with 802.11s or the like - I might actually dig into it as it seams to be quite easy (as you say, if you have more than one or two it really eases configuration). Many thanks for the hint!
@pittashen2010
@pittashen2010 3 жыл бұрын
Hi, Thanks for providing such detailed and professional video information. I have a question want to ask. If my home primary route is an X86 OpenWrt router, and there are two APs behind the router, how do I configure the OpenWrt VLAN in this case? In particular, is it possible to tag AP's 2.4G and 5G WiFi client devices?
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Hi Peter, is your x86 router an OpenWrt Router or a Linux machine ? Maybe - because this discussion can get longer - it would be best to hop on the discord server for discussion discord.com/invite/DXnfBUG
@Andrew-by5yo
@Andrew-by5yo 3 жыл бұрын
Thank you for your suggestion, it saved me a great deal of timefrustration. I'm sharing the steps I took, as it may help out someone else. To get things working with OpenWrt 21.x I performed the same procedure on both my router (Linksys WRT3200ACM) and my access point (D-LInk DIR-2660) as follows: The first step is to setup the guest vlan: - On the top menu, navigate to "Network"/"Interfaces" and click the "Devices" tab. - Click the "Add device configuration..." button. - Change "Device Type" to "VLAN (802.1q)". - Enter "VLAN ID" (in my case 10) - Select "Base device". In my case I wanted to use ethernet port 1, so I chose lan1 on my router, it may differ on yours. - The "Device Name" will auto populate to be "Base device"."VLAN ID". So in my case lan1.10 - Click "Save" and then click "Save & Apply". - For the lan and iot vlans, repeat the same steps with a different "VLAN ID" for each. The next step is to setup a guest bridge and link the guest vlan to it: - On the top menu, navigate to "Network"/"Interfaces" and click the "Devices" tab. - Click the "Add device configuration..." button. - Enter "Device name" (say "br-guest"). - For "Bridge ports" select the "VLAN ID" you created for your guest vlan above (lan1.10 in my case) - Click "Save" and then click "Save & Apply". - For the iot bridge, repeat the same steps selecting the iot "VLAN ID" in the "Bridge ports" step and a different "Device name". - The lan bridge previously existed by default, so you just have to start with the "Bridge ports" step and select the lan "VLAN ID". In addition, I deselected the "lan1" port in the "Bridge ports" step, as I did not want untagged traffic on this ethernet port. The final step is to link the guest bridge to the guest interface. - On the top menu, navigate to "Network"/"Interfaces" and stay on the "Interfaces" tab. - Click "Edit" for the guest interface. - Change "Device" to the guest bridge name you created earlier (br-guest in my case). - Click "Save" and then click "Save & Apply". - Do the same for the iot interface using the iot bridge name. - The lan interface should already be linked to br-lan by default, so no need to change anything there. One final reboot and I was able to successfully connect the two devices with an ethernet cable on the lan1 port. I hope that helps.
@Cheney261
@Cheney261 3 жыл бұрын
Thank you, very good episode, I followed this video success to config on the V19. but I tried many times on V21, can't figure out how to achieve the same goal. Don't known how to trans the VLAN tag between two openwrt route on one trunk cable.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Hi Cheney - things have changed in OpenWrt 21 - I am currently working on a follow up video.
@Cheney261
@Cheney261 3 жыл бұрын
@@OneMarcFifty Good to hear, Looking forward to it, Tks.
@wkipo
@wkipo 3 жыл бұрын
This is so educational… Thank you!
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Thank you very much ;-)
@HaCkOrNccs
@HaCkOrNccs 3 жыл бұрын
Where have you been all these years master?
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
I’m here - and so are you. That’s all that counts ;-)
@ruudmickers1093
@ruudmickers1093 2 жыл бұрын
Good afternoon Marc, great video for me as newbie. I do have a question: in the last part of the video you state that for a managed switch the vlans (Id 1,3,4) need to be tagged on the outgoing port, the incoming port needs to be untagged. Does the switch outgoing port pvid's need to have the same vlan id as the router vlan id's(e.g. 1,3,4)? Or must this be fixed with a trunk configuration?
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi Ruud, on a trunk port (i.e. a port with tagged VLANs e.g. 3,4,99) you can and should set the PVID to something else, e.g. 55. On a VLAN untagged port you need to set PVID=VLAN ID
@ruudmickers1093
@ruudmickers1093 2 жыл бұрын
@@OneMarcFifty thank you for the clarification
@YM-xz6xt
@YM-xz6xt 3 жыл бұрын
Things are a bit different on recent versions of openwrt (21.02), especially setting up the vlan's. I looked on the internet and if there are no recent video's to get clear explanations but with no luck. Do you know where I can find how to setup vlan's on the ap with new version of openwrt? Other than that, great tutorial! I could setup on version 19 but now I'm stuck.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Video is in the making - it will come this month.
@matthiasfranck1797
@matthiasfranck1797 2 жыл бұрын
Hi Marc, Your videos are simply awesome. There are no other videos outside which actually explain how to use and work with openwrt. One small remark: didn't we forget to prevent access to the luci interface of the access point when we are on the guest/iot network? (the access point now also has an ip adress on the guest/iot network)
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Oh - fair point! Actually, if you wanted to get around this then you would presumably have to do a couple of things. Of course you need one interface with an IP address in order to access luci, but you could set all other interfaces to "unmanaged". If you wanted to secure this further, then you could spawn up a separate out of band (OOB) Management VLAN and disable IPV4 forwarding on the access point in order to prevent rogue access by people who change their default gateway to the AP's address.
@stefanelgan3756
@stefanelgan3756 2 жыл бұрын
@@OneMarcFifty Hi Marc Like everyone else I've got to say your video explanations are brilliant. I'm just getting into networking with OpenWrt and there's no way I could do it without your input. Regards the DHCP client vs unmanaged interface, I'm not sure if it's because I've done anything else wrong, but when I had all of my VLANs (LAN, Guest and IoT) on the AP set as DHCP client, the main router kept failing and it appeared to be something to do with it constantly updating the lease to the AP. I've changed it now so that Guest and IoT are both unmanaged, and the issue seems to have disappeared which is great. Thanks and keep up the good work.
@silverismoney
@silverismoney Жыл бұрын
I'm trying to do tagged and untagged across the bridge. But I'm failing hard. My lan is native untagged, but I also have an "IoT" VLAN that is tagged. I set up the 802.1q vlan, I set the bridge as the master device, I then tell it in filtering that VLAN100 (the tagged IoT VLAN) is tagged on the port. But it just doesn't work, and I can't figure out why. Can you do tagged and untagged on the same port? It seems to work fine if I exclude one port from the bridge and use that other port. Just not tagged and untagged on the same port.
@wilk36
@wilk36 3 жыл бұрын
Hi, the latest build v21.02.0-rc4 does not has the "switch" tab anymore, is there a possibility to add the "switch" tab to "network", vlans is hidden in "interfaces" - "device" - config instead... Is itpossible to do another video with the newer Luci interface? Thank you so much
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Yes, the distributed switch architecture DSA has different interfaces. I might pick that subject up in a future video
@richf7148
@richf7148 3 жыл бұрын
If I already had a 2nd router setup as Access point from a LAN port on the parent router(192.168.2.1) linked to the WAN port on the child router(192.168.2.2) with ethernet cable, can I use this line or do I have to add an additional cable between the two?
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Hi Rich, you could use this line. You would not need an additional cable.
@daytrader66
@daytrader66 3 жыл бұрын
I get all of that but what is bridge VLAN filtering used for? (Third tab on any bridge device within OpenWrt)
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
That's new in OpenWrt 21 - video to follow in December 2021!
@jaredjaskoviak1452
@jaredjaskoviak1452 2 жыл бұрын
Will you have more bandwidth if you run one cable for each VLAN vs one trunk cable?
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Yes - if the CPU can handle it. The total bandwidth of the one wire will be the hard limit. But also CPU of the device is a limiting factor.
@AresROC
@AresROC 3 жыл бұрын
Thank you Marc another great video! as of Oct/Nov 2021 OpenWRT have moved the VLAN settings to Network-Interfaces-Devices... Any chance for an updated video ;-)
@alwanosuarez9022
@alwanosuarez9022 3 жыл бұрын
Bro i was looking for this
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
It will come this month !
@ramblinman7153
@ramblinman7153 26 күн бұрын
I have a pfsense box connected to my main router that provides dhcp. When I connect a second cable to the main router, every device that is in tagged vlan attempts to get an IP all over again. And it finally knocks those devices offline
@MrBrownpotato
@MrBrownpotato 2 жыл бұрын
Thank you for another excellent video! Currently I'm struggling to understand how routing should work in this kind of setup. With default routing settings, if I ping an IoT device from a laptop connected to the main router VLAN1 (LAN), the main router will route this ping request through its VLAN3 (IoT) interface to the Access Point, because the IoT device is in VLAN3. The reply however will be routed by the Access Point to the main router through VLAN1 because the recipient (laptop) is in VLAN1. So we have "asymmetric routing" situation. Is that an expected and correct behavior? Do I need some custom routing settings on the Access Point or on the main Router to ensure that request and reply take the same path?
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
The reply will not be routed by the access point as it has no ip routes other than the main router. That’s basically the trick. Adding one AP with two VLANs is as if you added two APs - the routing will be perfectly symmetrical as the AP only acts on layer2
@MrBrownpotato
@MrBrownpotato 2 жыл бұрын
@@OneMarcFifty ok I think I finally understand what "bridging WiFI and Ethernet" means and now everything makes perfect sense - with AP's Wi-FI and Ethernet ports bridged, IoT device talks directly to the main router as they are essentially both connected to the same L2 switch 😅Thank you!
@xtremeallstar
@xtremeallstar 3 жыл бұрын
Hi Marc, can you update this one, as of 21.02 the network>switches has been changed and moved
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Hi Dan, it's in the making. I am currently cutting the next episode which is about the Xiaomi Mi 4A Gigabit Edition. The following episode will be about OpenWrt 21 VLANs and DSA / Bridge VLAN filtering. If nothing goes wron then it should be published this year.
@ABCAndroid
@ABCAndroid 6 ай бұрын
Thank you from Bangladesh
@igormoeller
@igormoeller Жыл бұрын
Update. Had issues (like many others) on dumb ap's iot and guest network. Devices didnt get IP . Sollotion was to restart network 60sec after boot (wich is annoying). Sollution is enable dnsmasq daemon on dump ap! I had this suspected before. I've made DHCP interfaces on dump ap and none advanced parameters from dhcp's main router were passed to clients on dump ap. (like dns, ntp etc) Its also nessesary to make rules to allow guest and iot to see ntp server etc. (assuming they are blocked from lan)
@richf7148
@richf7148 3 жыл бұрын
2 questions: 1. Do I need to have to have a second router to use the VLAN for my wired and Wireless IOT devices. They are currently defined thru out my 192.168.2.x network. 2. Do I need to dedicate a ouput LAN port on the router strictly for wired IOT devices? Or, is that a virtual port?
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
You don’t necessarily need a 2nd router. The solution is made so that you can extend the coverage of the Wifi. The port is not needed. It’s just to show how VLAN tagging works.
@richf7148
@richf7148 3 жыл бұрын
@@OneMarcFifty I currently use 192.168.2.x for my LAN. Considering my IOT devices are both wired and wireless, is it OK to convert them use 192.168.3.x and will that require 2 VLANS?
@andreamicelotta7232
@andreamicelotta7232 3 жыл бұрын
Thank you Mark for your very instructive videos. I have just a couple of questions: Q #1: can I interface ports such as eth0.3, eth0.4 (I have hardware acting as main router with 1 CPU eth0) with ports eth1.3, eth1.4 (on the dumb access point I have another hardware with 2 CPUs eth0 and eth1, with consequently setup ports. eth0.2 is for wan )? Will such ports dialogue correctly? Q #2: what happens if I have a third hardware (cable connected to the main router) which does not implement OWrt but is originating the main WiFi network? Can I setup the same SSID with the same pwd and expect correct working of the Wlan? Many thanks in advance.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Hi Andrea, I will have to thoroughly investigate on the first point - and I will do so in the lights of migrating my Archer C7's to Version V21 - so please be patient on this one - w/r to your second question - If you set up same SSIDs and passwords, then roaming will work - it might not be fast but should work. You might need to change the power settings and positioning of the APs (actually avoid overlaps of the served Wifi zones) for this to work better. If the other hardware can do 802.11r (which most non-open software doesn't expose) then it would presumably not give you fast roaming capabilities unless you could read out the mobility domain from the 1st router.
@zyghom
@zyghom 3 жыл бұрын
very nice but now I have an issue: 1- all IoT devices in IoT network 2- home assistant, mqtt server, etc - they all are needed for IoT devices - shall be in secure part of the LAN (these servers are LAN not wifi) 3- so how to make sure: a- IoT devices can see and talk to home assistant (etc) b- HA can see IoT (this was easy already because you said: "home devices can see IoT network") c- HA can autodiscover devices that are on IoT segment thank you for help
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Presumably the easiest would be to either put home assistant into the IOT and allow firewall rules for web access etc. Alternatively give the home assistant device two network interfaces, one in LAN, one in IOT
@damianthomson6402
@damianthomson6402 3 жыл бұрын
Brilliant second part to this video and I now have working vlans on my second router/AP, thank you. I have one query in your video when configuring the interfaces on the second AP I notice you have added a suffix to the host name for dhcp requests (9:10) please could you expand on what this does it looks like you've added .guest
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Many thanks for the feedback! I am adding the .guest so that the different interfaces have different.names, i.e. I can ping them separately with different names.
@damianthomson6402
@damianthomson6402 3 жыл бұрын
@@OneMarcFifty Thanks that makes sense, I found it didn't work for me with using a period (.) so I used hyphen. I also discovered a bug with my homehub5a, I'm using for a dumb AP with openwrt flashed on it and seems it cannot handle multiple 5ghz networks, as soon as I add more than one it errors and disables the adaptor, I'm going to look into this more but for now have my LAN WiFi on 5 and 2.4ghz with fast roaming and vlans for LAN, IOT and GUEST working beautify- seems the homehub5a is happy with multiple 2.4ghz so for now my faster WiFi is only for LAN :-) which is not necessarily a bad thing. My tplink Archer C7 v5 running openwrt has no problems handling multiple 5ghz networks. I've also had ISP issues recently and configured mwan3 on the tplink, I have a 4g mifi unit which I couldn't (yet) get to work on USB so it's connected via wireless to it (I named it WWAN) the mwan3 is configured for failover to both WAN and WWAN it pings google and if that fails for a defined number of attempts it knows my ISP is down it and swaps to the 4g mifi, as soon as the ISP is back up it switches back. Your videos are a great help and OpenWrt is so configurable with some help I don't need to buy mesh as a monthly cost nor 4g backup, and can upcycle my old routers (Homehub5a) which I have another to flash now :-) I like the tplink it was cheap and flashable to openwrt through the stock firmware upload page I can see me wanting to buy another in future
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
@@damianthomson6402 Many many thanks for your comprehensive feedback! I do love the Archer C7 too - it was - or rather is - a great device ;-)
@damianthomson6402
@damianthomson6402 3 жыл бұрын
@@OneMarcFifty I've now fixed my issue on the 5ghz, system log showed an error on one of the WiFi logs so I deleted my older wireless networks and started again - solved the issue, I checked and both the homehub5a and TpLink Archer c7 were using the same Qualcomm software / driver - slight variant on chipset but made me think ok must be a corrupt config. The TP Link Archer C7 can still be picked up at cheap price in the U.K., I am wondering what's a good new device to go for perhaps you've covered in another video ?
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Actually, currently I am looking into the D-Link DIR-2660 - looks quite promising - but still waiting for OpenWrt 21 here to see if hte switch part shows up correctly ;-)
@coisasnatv
@coisasnatv 2 жыл бұрын
On a busy network like a home with kids playing videogame online or watching streaming, "trunking" is the worst option as it will increase processing, hence adding delays/lag on the network. Better to get a better router and use a cable each, instead of a one cable for all. Not to say that these cheap routers doesn't have the CPU power to handle all this, plus the 5+ people over wireless. Try to set a party and let 10+ people connect to your router to see the performance go down as more and more people join your network.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
I'd be curious to hear what you base that observation (lag) on. Have you seen this using Software VLAN or driver/ hardware level VLAN ? Also - you can't assume that everyone has the possibility to put in as many wires as they like plus just buy more expensive hardware. I do entirely agree that putting in more cables and juicy hardware increases the performance - still you need to encounter a performance bottleneck before you try to fix it. The targeted audience is most likely not people who run network parties with 10+ people over wifi ;-)
@coisasnatv
@coisasnatv 2 жыл бұрын
@@OneMarcFifty My base are routers people by on "7-eleven", they are not fit for the task, the processos is too weak for that. In today world people call over more than 10 people that you share the wifi with. Using a regular router already causes the bandwidth to drop (you can test yourself, no need to believe me), using this complex configuration, makes things worse. You can do this with true routers and switches, however, is really a bad idea to do the same with a "7-eleven" router.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
@@coisasnatv OK but then the issue is rather with Wi-Fi performance on weak CPUs than with trunking being a bad option. In my experience, trunking/tagging uses roughly 1% of CPU. On offloading configurations there is no CPU impact at all. If you have issues with the number of people on one Wi-fi then there are multiple solutions, such as adding more APs or use powerful hardware with MU/MIMO.
@coisasnatv
@coisasnatv 2 жыл бұрын
@@OneMarcFifty Again, trunking is a bad option when you use a cheap hardware with 10+ clients *with intense tasks.* For a regular use it might not cause any impact at all, however, if people start to share files or stream videos (uploading or downloading) you'll see the performance of your network drop drastically, a few disconnections, etc.
@danihe
@danihe 3 жыл бұрын
Hi, I know that it isn't the best solution, but since my spare router is only 100Mbps, I want to use as a repeater for my 4 wireless LAN (2 local network SSIDs and 2 guest network, one per frequency, e.g. one guest and one local at 2.4 and the same for 5Ghz). Any ideas on how I could do this? Each SSID must connect to the same in the main router. Repeater SSID1 (2.4Ghz) connected to the router SSID1, Repeater SSID1 (the same name, but at 5Ghz) connected to the same network. Repeater Guest SSID (at 2.4 and 5Ghz) connected to the Guest SSID at the main router.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
There is a way of achieving this with relayd openwrt.org/docs/guide-user/network/wifi/relay_configuration but I could never get this to work - I'd rather go for 802.11s mesh in this case...
@smug_slime
@smug_slime 3 жыл бұрын
Ah so you can use vlan with unmanaged switch then? I have a vlan capable access point but only have unmanaged switch so I'll try it in the near future.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Yes, absolutely. There is no guarantee that it works with all switches, but the ones I have tested worked well. Let us know how it goes.
@adoraquodincendisti
@adoraquodincendisti 2 жыл бұрын
Hello. I want to realize that as well. But my main router has no openwrt on it and I don't want that. Would it still be possible with several access points that have openwrt? Kind regards
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Yes. If your main router can do VLANs then it should not be a problem
@TheMercifulKnight
@TheMercifulKnight 3 жыл бұрын
Amazing sir! I would like to buy you a coffee! Your network scenario is exactly mine. But I have a question please. What happens when two devices connected to your Guest WiFi network on your Access Point say Mobile 1 , Mobile 2 try to communicate with each other? Because they both belong to the same subnet and mask, will the switch route traffic directly between them without going back to the routers? What if I want to isolate each device so they cannot talk to each other?
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Thanks for your kind feedback! In this scenario the traffic should not go to the router unless it's broadcast packets as the local switch has the MAC address of both devices. OpenWrt has an Option to isolate clients on the Wifi though.
@TheMercifulKnight
@TheMercifulKnight 3 жыл бұрын
@@OneMarcFifty thank you
@KNOWLEDGEHUNTERboy
@KNOWLEDGEHUNTERboy 2 жыл бұрын
Please , I need this tutorial for version 21 of openwrt.I cant follow using version 21 because in ver 21, there is no more switch.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Check this video kzbin.info/www/bejne/p5bYi6SIpq1gq8k
@chrima758
@chrima758 3 жыл бұрын
And I have another one, if I might: I can't change my br-lan protocol from static to dhcp in my AP using Openwrt 21.02 on a TP-link Archer C7v2 router. I always get timed out. I tried it with disabled firewall and dnsmasq and vice versa. No change. Any ideas?
@chrima758
@chrima758 3 жыл бұрын
I guess it is working with a static address as well
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
So - when you say you can't change it - is that because the menu option doesn't show or does it not apply the changes ? for the later try reconnecting to the new address within 90 seconds in order to commit or alternatively use uci set network.lan.proto='dhcp' && uci commit && reboot from the commandline (ssh)
@chrima758
@chrima758 3 жыл бұрын
@@OneMarcFifty well that is pretty embarrassing. This time it worked right out of the box. One thing I changed is... I had already set a static address for my "dumb" AP on my "controllling" router.
@leaolp
@leaolp 3 жыл бұрын
Marc, I use an ASUS Router as gateway and a OpenWRT device as an AP. Is there a way to extend the ASUS Guest Network to the OpenWRT device? Thanks in advance and congrats on your channel.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Hi Luiz, I am sure there is a way, but I just don't know if and how ASUS maps it out to ports (VLAN etc.) - and I don't have any ASUS device here to test - sorry ;-(
@michaelb.7610
@michaelb.7610 7 ай бұрын
i want to open the iot network for mqtt at port 1883 for the lan network, so that my iot devices can send packages to a mqtt broker which is in lan. I dont know how to handle it.
@pikkons
@pikkons Жыл бұрын
One thing I can't understand or you dont seem to cover is why is your lan a vlan? I guess trying to understand these old videos with new interface and DSA function makes it hard.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi, the reason is that I only have one wire going from the Router to the Access Point (AP) but I want to connect three LANs (Guest, IOT, LAN). The chosen way to do this is to tag each one of these as a VLAN over one wire. I could of course let one of those be untagged (e.g. the LAN). Just a design choice really.
@daytrader66
@daytrader66 9 ай бұрын
I'm not clear why you're setting port 67 and 68 inbound for DHCP. Port 68 is for the response to the client from the server isn't it? Only 67 is inbound?
@ariovaldorodrigues8731
@ariovaldorodrigues8731 3 жыл бұрын
Awesome! Simple and Objective. I was finally able to learn VLAN and Firewall Zone with your video. Could you make a video about implementing a VPN with a dedicated wireless SSID? Thanks a lot!
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Hi Ariovaldo, that question has come up a couple of times already - I might do that in the foreseeable future.
@emmanueljaramba5325
@emmanueljaramba5325 5 ай бұрын
Hi, I have a TP link Archer with Openwrt 23.05. Also a newbie to Vlans - would appreciate a step by step account of setting up vlans so far I have tried and failed for days
@designer.346
@designer.346 5 ай бұрын
You got it working?
@mohammadfahimuddin2212
@mohammadfahimuddin2212 3 жыл бұрын
After installing factory.bin internet is ok when but when I install sysupgrade.bin internet gets slow and unresponsive. I have tried 19 to 20.01 all openwrt versions. Please help. blocking brlan port then ready then forward. then blocking again. please help
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Presumably the config in OpenWrt 21 is wrong - next video will cover DSA and Bridge VLAN filtering!
@mohammadfahimuddin2212
@mohammadfahimuddin2212 2 жыл бұрын
@@OneMarcFifty interested
@GLHerzberg
@GLHerzberg 3 жыл бұрын
Main router and dumb AP both running OpenWrt successfully. Now adding Guest WiFi capability. I have the main router's Guest WiFi setup and configured per your instructions but have a question about the Guest capability on the dumb AP. In service I will have Guest WiFi normally Disabled because I see no need to broadcast its presence when it is not expected to be used. My question is about how to be able to enable Guest on the main router and have the dumb AP enable/disable its presence in sync with the main router's Guest presence. This sounds to me like a triggered macro type of solution but my knowledge of OpenWrt is limited at present. Can this type of triggered event be done? BTW, I had tried the various Guest WiFi instructions on OpenWrt several times and each failed whether it was using UCI, LUCI, or their script. Found your channel, reset the box, followed your setup video and bingo, it just worked. Go figure.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
First off - many thanks for your comment and feedback. I am glad you got it working with the help of the video. With regards to your question, you could in fact run a watchdog script that scans for the other SSID and then switch Wifi on / off. However - I would not really advise doing so - it might be helpful to have two APs if one goes down etc... what is the main reason why you would want to disable the Guest Wifi at all ?
@allezvenga7617
@allezvenga7617 4 күн бұрын
Thanks for your sharing
@iamrage4753
@iamrage4753 2 жыл бұрын
quick question, would settingup pppoe be setup under wan? ty
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
You'd add an interface just like any other and just use PPPOE as the protocol.
@iamrage4753
@iamrage4753 2 жыл бұрын
@@OneMarcFifty so you wouldn't edit WAN?
@peacepeaceful7448
@peacepeaceful7448 2 жыл бұрын
Has guest wifi two ways, one is by fireware, other is by vlan? thanks
@OneMarcFifty
@OneMarcFifty Жыл бұрын
It will always end on the same VLAN and firewall, regardless which AP you connect to
@KNOWLEDGEHUNTERboy
@KNOWLEDGEHUNTERboy 2 жыл бұрын
can you create same tutorial of this for ver 21 of openwrt?
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi, many thanks for the feedback - there's newer videos on OpenWrt 21 on my channel https:/kzbin.info
@user-zr7kz4vs7c
@user-zr7kz4vs7c 3 жыл бұрын
Would you mind making a video about Open WRT on Xiaomi Router 4A?
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Hey, I am really sorry but I don't own a Xiaomi 4A... sorry.
@charlesbenjo
@charlesbenjo 2 жыл бұрын
@9:40 is this Another Router with OPENWRT???
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi, yes it's all OpenWrt here ;-)
@miriamramstudio3982
@miriamramstudio3982 2 жыл бұрын
Great, thanks.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Thank you
@dongleberry4397
@dongleberry4397 3 жыл бұрын
And now do that with a MikroTik as the primary router and OpenWRt as secondary AP 🙂
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
I'll think it over ;-)
@dongleberry4397
@dongleberry4397 3 жыл бұрын
@@OneMarcFifty Judging by the fast answer, I might check that situation before you. And I am a (THE) lazy person... I tried that set-up a month ago, and lost the will (to live and try), when the Wi-Fi didn't untag. The ethernet VLANs worked just fine.
@Beatleman91
@Beatleman91 8 ай бұрын
Nice, my router and openwrt doesn't have switch
@IoanMariusRedean
@IoanMariusRedean 3 жыл бұрын
Ok. So i watched this video and part one for more then 10 times.In my network something is wrong. I have openwrt on raspberrypi4 a managed switch (D-link dgs1100-08) and an ap(TL-WA1201) capable of multi ssid with vlan's. I created 2 vlan's IoT (20) and Home (30) in openwrt the same.On cable everything works well but when i connect to wifi i have a lot of lost packets. Can you help me with an advice ?
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Sure-I‘ll try ;-) first off, how do you determine ‚lost packets‘? Also, did you put the wifis on different channels, i.e. one channel on the router, another one on the access point? They do have different bssids right? What hardware?
@IoanMariusRedean
@IoanMariusRedean 3 жыл бұрын
@@OneMarcFifty Thanks , and sorry for my English.So, openwrt has wan eth1( wan usb to lan adapter) and eth0(lan) and 2 vlans home eth0.30(10.0.30.1) and iot eth0.20(192.168.0.1) , lan port eth0 is conected to managed switch port 1 vlan 1 untagged , vlan 20 port 2,3,4 untagged and port 1 tagged, vlan 30 port 6,7,8 untagged port 1 tagged.In this situation if i connect a pc in port 2,3 or 4 i receive ip from dhcp 192.168.0.x , if i connect in 6,7,or 8 i receive ip from dhcp 10.0.30.x.Internet is ok on both networks and with the help of firewall zones i can stop iot devices to acces home devices.My problem is that i need that separation on wirelless, so i have an ap that can manage 4 ssid's with vlan tagging.If i set port 5 from switch tagged on both vlans (20,30) and untagged on vlan 1 ,on ap ssid 1 named "home' vlan 30 and ssid named 'iot' vlan 20, devices connected to wirelless receives coresponding ip adress and can ping devices from same vlan without loss of packets , but if i ping to internet i have lots of "request time out".
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
@@IoanMariusRedean Why do you set VLAN 1 to untagged in your config ? It looks like you only need VLAN 20 and 30. The VLAN1 untagged solution is really for people who have an unmanaged switch. You have a managed switch, hence I would NOT set vlan 1 to untagged. All you want really is bridge either to home or to IOT, so VLAN 20 or 30. Routeing and firewall will be done on the router. So - on the access point you only bridge ethx.30 to home Wifi and ethx.20 to iot wifi, then on the switch part VLAN 20 and 30 tagged, nothing else, all others to off or do you have more stuff going on on other VLANs ?
@IoanMariusRedean
@IoanMariusRedean 3 жыл бұрын
@@OneMarcFifty Thanks again for your answer.Belive me that i am struggling with this for more than 2 weeks.So on ap i set ssid 'Iot' to vlan 20 and ssid "home" to vlan 30.On the switch vlan 1(default) zero members, on vlan 20 port 1 (from router) tagged and port 2(from ap) tagged(vlan 20 -> port 1,2 tagged) .in this moment if i connect to ssid iot i receive the coresponding ip (192.168.0.xxx) and ping to the internet is flawless.The problem comes now.If i set port 1 and 2 tagged on vlan 30(vlan 30-> port 1,2 tagged) , i receive coresponding ip on both ssid's ,but ping to the internet has lots of 'request time out' no matter what ssid i selet.My concern is that something is wrong on the router, or i need to do some setting.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
@@IoanMariusRedean First step to troubleshoot this would be to eliminate the switch, i.e. connect the two routers with a cable. If problem persists, then switch is not the problem. Second step would be to check arp cache on the second AP (arp -a) and look for irregularities with/without Wifi. Then try traceroute -n to e.g. 8.8.8.8 to see where the route gets confused. Maybe you still got routing congifured somewhere on the AP ?
@chrima758
@chrima758 3 жыл бұрын
Somehow I can not browse devices in IOT zone from my LAN zone. I thought this is possible.
@OneMarcFifty
@OneMarcFifty 3 жыл бұрын
Hi, what exactly do you mean by "browsing" - wht software / protocol are you using to do this ?
@user-il6dq7kh5k
@user-il6dq7kh5k Жыл бұрын
2:15 How to use routing for this ? Just curious.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
I wouldn’t bother - I mean - you could set up two different IP ranges and give your well-known devices an IP address in a “trusted” IP range (i.e. have two interfaces on the same wire and then have two DHCP ranges, one primary/authoritative with static leases and the LAN range and one with untrusted range dynamically for everyone else). The two SSIDs would hence connect you to the same network, but give you a different IP range. A guest could however give themselves an IP in that range manually. It’s definitely better to separate in OSI layer 2.
@user-il6dq7kh5k
@user-il6dq7kh5k Жыл бұрын
@@OneMarcFifty 1. client can communicate to router/other-clients over layer 2 if blocked by layer 3 (IP) when using this method ? 2. Isn't is true for devices on same subnet/zone, How to block communication over layer 2 ? 3. How to IP-MAC bind ie only give x IP to y mac Address or have some captive portal to authenticate the client ?
@MarekR-ir1ut
@MarekR-ir1ut Жыл бұрын
Unfortunately, this video is no longer valid, version 22.03 no longer has such a thing as a switch, and as I understand it, everything has to be done using vlan filtering.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Marek, Version 22.03 can do VLAN filtering on bridges, but you don't have to. You can still create bridges with interface VLANs. However it is true that the representation of DSA (Distributed Switch Architecture) changes how the VLANs are mapped to the interfaces. The basic idea however of mapping VLANs to SSIDs remains the same. Many thanks for your feedback !
@daytrader66
@daytrader66 9 ай бұрын
It depends on your hardware. Certain hardware retains the switch in later (and current) versions. Although these devices also have options for vlan stuff on the bridge which really shouldn't also need there and make it really confusing at first.
VLANs in OpenWrt 21
28:27
OneMarcFifty
Рет қаралды 182 М.
快乐总是短暂的!😂 #搞笑夫妻 #爱美食爱生活 #搞笑达人
00:14
朱大帅and依美姐
Рет қаралды 12 МЛН
VLAN в Mikrotik
21:20
Mikrotik Training
Рет қаралды 64 М.
Guest Wi-Fi over Mesh with VLAN tunneling
17:13
OneMarcFifty
Рет қаралды 24 М.
DO NOT design your network like this!! // FREE CCNA // EP 6
19:36
NetworkChuck
Рет қаралды 3,3 МЛН
Layer 2 vs Layer 3 Switches
6:02
PowerCert Animated Videos
Рет қаралды 824 М.