Pages

19 October 2014

Home VLAN Trunking with OpenWRT and DDWRT




My edge router is a Netgear WNDR3800 running OpenWRT which creates four VLANs for my domicile.  I use Linksys e3000s running DD-WRT as managed switches distributing LANs where I want them to go.  I will show how I use the remaining Linksys e3000 units to send all four VLANs into one trunk line.  The DD-WRT and the OpenWRT projects have this well documented in a TL;DR manner showing all the command line steps.  I did the whole thing using the GUI interfaces and I will show the wiring as well.  I use VLAN trunking since my office has only one ethernet connection but I have multiple LANs and I want the ability to change the wiring without running physical wires.  Re-wiring is done with software changes!  Of course, you can buy managed switches but many of you might have collected these consumer routers over the years or would like to save some money on the used market since managed switches can be pricey. The short video above contains a demo toward the end.

To start, lets look at the diagram below showing the Netgear WNDR3800 serving the connection to the WAN.
Netgear WNDR3800 uses each port as a distinct VLAN with Port 2 as a VLAN Trunk
Netgear WNDR3800 as VLAN Distributor

The Internet goes into the WNDR3800's WAN port.  This router supports my guest wireless LAN 192.168.2.0/24 and the primary LAN 192.168.1.0/24.  Additionally, it supports a server control LAN 192.168.5.0/24 and the DMZ LAN 192.168.4.0/24.  The server LAN has only one PC-BSD based ATOM server running my IPv6 blog using ports 3 and 4 on the device.  Port 1 on the WNDR3800 goes into a power line adaptor, but isn't really used.  Port 1's main purpose is to be open in case of an emergency requiring a cable connection to VLAN1,which is the administrative LAN.

On the right, you see I have a Linksys e3000 in the basement which receives the trunk output from the WNDR3800 into its own WAN port. The settings are pictured below.

Linksys e3000 VLAN Trunk Setup with DD-WRT using WAN port and Physical Port 1
DD-WRT Trunking with Linksys e3000
The WAN port is used for input from the WNDR3800 physical port 2.  Port W in the picture above is the WAN port and it is tagged with VLANs 1 through 5 selected.  VLAN2 must be included per the DD-WRT wiki.  The middle ports serve the main network VLAN1 but these can be switched to different VLANs as needed.  Port 4 pictured above is tagged and contains all the same VLANs as the intake port, or "WAN" port as it is labelled.  Port 4 is actually physical port 1 on the Linksys e3000.  The DD-WRT switch guide identifies that the numbering is reversed from the GUI so port 4 in the GUI is labelled as port 1 on the device.

Port 1 is the trunk port sending everything upstairs to my office.  I prefer building servers in the comfort of the office rather than cold and cramped basement so I use the VLAN tagging to make the switch ports on the upstairs Linksys e3000 VLANs 4 and 5, but as you see I switched them to VLAN3 (GUEST) for the demo and the other port is still VLAN1.  For server building, I bring both VLAN4 and VLAN5 upstairs for DMZ and server control allowing me to easily configure the server with the proper IPs the first time without needing to change IPs once placed into the server area downstairs.

Below is the configuration of the upstairs DD-WRT using VLAN5 (SERVER) into physical port 1. DHCP/WAN and other features that make the e3000s a primary router are disabled but not depicted in any of the pictures below.

One port is switched to VLAN 5 on the Linksys e3000
Linksys e3000 with VLAN Trunking and VLAN5

As you can see from the above steps, VLAN trunking is pretty easy and OpenWRT/DD-WRT make virtual wiring quite easy.  Of course, with just about everything wireless nowadays, I suspect this article will get few hits.  You can assign wireless networks to VLANs just as my guest network is bridged to VLAN3.

You can see the devices in their real world setup below.  The basement e3000 should have two orange cables but the house is wired with blue so I put a white label with orange text around it on the right but the photo isn't very sharp around the cable nor is the label's text visible in the picture.

The far right is the trunk upstairs and is a blue cable with an white label with orange text
Linksys e3000 Basement VLAN Trunk Orange
I should use a blue VLAN1 colored cable for the gaming PC instead of the gray one in the picture.
VLAN Trunk in on orange cable into WAN port with remaining ports on VLAN1
Office e3000 with trunk in WAN port and AnyLAN port in Yellow

Netgear WNDR3800 backplane with separate VLANs
Netgear WNDR3800 running OpenWRT as Gateway Router

Netgear WNDR3800 Backplane VLAN Connections 

Intel ATOM Server with PC-BSD
Intel ATOM Server running PC-BSD





2 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Hey I need your help i have 2 ISP I want to put to a Unifi AP via 1 cable and then broadcast with 2 SSID using vlan tag..
    I need help getting the vlan setup on a Linksys E2500 using DD-WRT

    ReplyDelete