from async_amuro@lemmy.zip to homelab@lemmy.ml on 12 Sep 21:02
https://lemmy.zip/post/48531679
Hey everybody!
I’ll try my best to explain the situation and I’m hoping someone here has some advice or another recommendation on where to post to get answers. I’ve been smashing my head against my desk for weeks trying to understand VLANs across these 2 systems and I’m burnt out!
I’ve got a GL.iNet Flint 2 that I’ve flashed with OpenWRT and I’ve bought 2 MikroTik switches (CSS610-8G-2S+IN & CRS310-8G+2S+IN). The goal is to replace my TP-Link AX3000 router and unmanaged switches (entertainment center and desk). Right now all the old equipment is still in place and I’m trying to setup a little lab for testing at my desk. At first I’d like a Main VLAN (ID 10) for all my regular devices (server, work laptop, personal Mac) and setup an IoT VLAN (ID 20) for my TV, light bulbs, AC etc.
At this point, I might factory reset both devices, because I worry I’ve tweaked with shit so much that I might have some settings misconfigured.
Based on what I’ve seen in YouTube tutorials and documentation (neither OpenWRT or MikroTik docs are particularly user friendly!) it looks like I need to take these steps for setting up VLANs correctly, key part is that OpenWRT now uses DSA
OpenWRT settings
- Using LuCI
- Interfaces > Devices > Bridged LAN > Configure > Bridge VLAN filtering enabled
- Add VLAN IDs 10 (Main) and 20 (IoT)
- Port 1 and 2 (not WAN) is Tagged on 10 and 20, these ports will be plugged into the switch
- Port 5 is Untagged and set to Primary for VLAN ID 10 (this is my admin port in case I get locked out)
- This creates br-lan.10 and br-lan.20 VLAN devices
- I then go back to Interfaces and edit the LAN interface to device br-lan.10, it has an IP of 192.168.10.1 and has DHCP setup
- I created the IoT interface with the br-lan.20, IP 192.168.20.1 and has DHCP turned on
MikroTik SwOS Lite
- Setup IP address to 192.168.10.200, this is the CSS610-8G-2S+IN that’ll I will use for my entertainment center with mostly IoT devices
- Go to VLAN tab, to setup each port
- Port 1 is my trunk to my router, VLAN mode strict, only tagged, ID 1
- Port 2 to my test laptop which should be IoT .20 IP range, VLAN mode strict, only untagged, ID 20
- Port 8 is my admin/management port, should get a Main .10 IP, VLAN mode strict, only untagged, ID 10
- On the VLANs tab, added VLAN IDs for 10 and 20, for 10 it’s a member of port 1 and port 8, and for 20 it’s a member of port 1 and port 2
Here’s the kicker, when I connect the laptop to port 2 of the switch, I’m always getting a self-assigned IP. It appears I’m not getting a DHCP address from the OpenWRT router.
Can anyone provide any advice/guidance or share any guides? Is there a better community to post this message?
Happy to share exports of my configs and any screenshots. Like I said earlier, I might factory reset both them and go through these steps again.
My gut is telling me something is incorrect with how I’ve setup the interfaces in OpenWRT and I could do with a clear guide on how to set this up. The problem is that a lot of articles/forums online are older and not DSA specific. Also feel like I’m missing a step in either the DHCP settings in OpenWRT or I’m missing something with Firewall rules.
Any help is appreciated!
threaded - newest
I use a Netgear managed switch, so i don’t know anything about MikroTiks, but if it has an option to set PVIDs (Port VLAN IDs), make sure each port is set to the VLAN you want devices behind it to be on (so, port 2 has untagged ID 20 & its PVID set to 20). This caused issues for me cuz Netgear’s WebUI didn’t make the PVID table obvious (and I had no idea what PVIDs are when setting up my network, lol).
If it helps, I used this guide when setting up VLANs for my network w/OpenWRT: https://wiki.opensourceisawesome.com/books/vlans-and-advanced-setup-on-open-source/page/setup-a-router-firewall-with-vlans-in-openwrt (PDF version here).