OpenWrt Forum Archive

Topic: How to set up multiple LANs

The content of this topic has been archived on 30 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
lange.ludo
20 Apr 2013, 15:29

I consider myself as a beginner in networking even-thought I am able to set up VPN using ZyWall, Fritz Box, OS X.
I have written this guide because I thought, I would ask the help of OpenWRT community. After many hours to understand how to set up :
— Multiple VLANs => LAN ;
— Multiple DHCP ;
— Reject or allow connections from some LANs to others ;
I am not sure every settings I have made are useful. Neither am I about the security perspective (don’t think my WiFi isn’t secure). If you’d like to point out stuff I should consider to help myself and others you’re welcome to do so using this post or me.com email : lange.ludo+openwrt

You may find the guide (sorry for the dirty screenshots they are readable) at : http://idisk.jumparound.be/public/OpenWrt.pdf
And the configuration at : http://idisk.jumparound.be/public/OpenWrt.tar.gz (root/root)

Post #2
jeremy.moschner
22 Apr 2013, 02:43

Hi Lange.ludo

This is really good documentation.  I'd make a few suggestions on your content though:

1. It'd probably be good to document your network's design needs from the start (eg. certain networks should not be reachable from others, only certain hosts should receive DHCP assignments etc). Doesn't have to be long, but would help in someone trying to follow the setup.

2. Deal with Layer 2 stuff first (ie. VLANs and Switchports) - would allow someone to easily adapt your guide later to use their own VLAN ids. Right now, the switch configuration is built up progressively which makes sense for a growing network, but could confuse someone who assumes that this section will vary per network / VLAN. On the other hand, you'd have to get the user to make this decision up front, so this might require some extra explanation.  However, port numbers on the switch would help a lot here, as this is never clear from the web interface

3. Maybe consider improving the resolution of the screenshots, as they are a little hard to read.

4. It's hard to include everything in a single diagram - maybe L2/L3 and L4+/firewalling diagrams could help? I would however make the division between your wired and wireless clients a bit clearer though (ie. split by networks, not by physical location) and show where individual VLANs are by coloured areas.

Did you have any plans to add a separate manageable switch later?  This would be a good follow up as it would expand on how the openwrt handles vlan tagging across trunks.

The discussion might have continued from here.