wiki:qclug_presentations:openwrt_vlan_howto
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
wiki:qclug_presentations:openwrt_vlan_howto [2015/03/24 00:20] Aaron Johnson created |
wiki:qclug_presentations:openwrt_vlan_howto [2015/04/09 05:19] (current) Aaron Johnson |
||
|---|---|---|---|
| Line 9: | Line 9: | ||
| The final configuration will resemble this simple network diagram: | The final configuration will resemble this simple network diagram: | ||
| + | {{openwrtvlan1.png}} | ||
| ==== Configure VLAN tagging/untagging ==== | ==== Configure VLAN tagging/untagging ==== | ||
| - | Note: When configuring your OpenWRT router for VLAN support it is important to remember that once you configure a VLAN tag on a switch port you must use VLAN tags on all switch ports which will require you to reconfiguring the br-lan bridge to bridge directly to the primary VLAN rather than to the physical interface. | + | **//Note: When configuring your OpenWRT router for VLAN support it is important to remember that once you configure a VLAN tag on a switch port you must use VLAN tags on all switch ports which will require you to reconfigure the br-lan bridge to bridge directly to the primary VLAN rather than to the physical interface. You can still use an "untagged" switch port, but the br-lan bridge must be bridged with a VLAN interface in order to function properly.//** |
| Login to the OpenWRT router: | Login to the OpenWRT router: | ||
| Line 19: | Line 19: | ||
| * Enable the wireless connection (recommended so that you don't get locked out of your router as the wireless LAN will continue to function even if you mess up your switch port configuration). | * Enable the wireless connection (recommended so that you don't get locked out of your router as the wireless LAN will continue to function even if you mess up your switch port configuration). | ||
| + | {{openwrtvlan2.png}} | ||
| ==== Change the primary interface for br-lan to bridge to VLAN 1 ==== | ==== Change the primary interface for br-lan to bridge to VLAN 1 ==== | ||
| Line 45: | Line 46: | ||
| * Click 'Save & Apply' | * Click 'Save & Apply' | ||
| - | + | ==== Create VLAN interface(s) ==== | |
| - | Create VLAN interface(s) | + | |
| Now that you have configured VLAN tagging/untagging on your switch ports you must create a new interface for each new VLAN if you plan to route between them. | Now that you have configured VLAN tagging/untagging on your switch ports you must create a new interface for each new VLAN if you plan to route between them. | ||
| - | Click the 'Network menu -> Click 'Interfaces' | + | * Click the 'Network menu -> Click 'Interfaces' |
| - | Click 'Add new interface' | + | * Click 'Add new interface' |
| - | Enter 'VLAN101' as the name of the interface | + | * Enter 'VLAN101' as the name of the interface |
| - | Leave the protocol drop down box set to 'Static address' | + | * Leave the protocol drop down box set to 'Static address' |
| - | Click the radio button next to 'VLAN Interface: "eth0.101" (could also be eth1.101 depending on device) | + | * Click the radio button next to 'VLAN Interface: "eth0.101" (could also be eth1.101 depending on device) |
| - | Click 'Submit' | + | * Click 'Submit' |
| - | Enter an IPv4 address such as: 192.168.101.1 | + | * Enter an IPv4 address such as: 192.168.101.1 |
| - | Select an IPv4 netmask such as: 255.255.255.0 | + | * Select an IPv4 netmask such as: 255.255.255.0 |
| - | If you want your router to handle DHCP leases for the new VLAN click the 'Setup DHCP server' button | + | * If you want your router to handle DHCP leases for the new VLAN click the 'Setup DHCP server' button |
| - | Click 'Save & Apply' | + | * Click 'Save & Apply' |
| - | Configure Firewall | + | {{openwrtvlan3.png}} |
| + | ==== Configure Firewall ==== | ||
| The final step to configuring your routed VLANs is to create firewall rules that will allow traffic to be forwarded between the virtual interfaces on the router | The final step to configuring your routed VLANs is to create firewall rules that will allow traffic to be forwarded between the virtual interfaces on the router | ||
| - | Click the 'Network menu' -> Click 'Firewall' | + | * Click the 'Network menu' -> Click 'Firewall' |
| - | Under 'Zones' click the 'Add' button | + | * Under 'Zones' click the 'Add' button |
| - | Enter 'VLAN101' in the 'Name' box | + | * Enter 'VLAN101' in the 'Name' box |
| - | Set the 'Input', 'Output', and 'Forward' drop down menus to 'accept' | + | * Set the 'Input', 'Output', and 'Forward' drop down menus to 'accept' |
| - | In the 'Covered networks' section check the box next to 'VLAN101' | + | * In the 'Covered networks' section check the box next to 'VLAN101' |
| - | Next to 'Allow forward to destination zones' check the 'lan' and 'wan' boxes | + | * Next to 'Allow forward to destination zones' check the 'lan' and 'wan' boxes |
| - | Next to 'Allow forward from source zones' check the 'lan' box | + | * Next to 'Allow forward from source zones' check the 'lan' box |
| - | Click 'Save & Apply' | + | * Click 'Save & Apply' |
| That's it, the router should now be configured to route between both VLANs! | That's it, the router should now be configured to route between both VLANs! | ||
wiki/qclug_presentations/openwrt_vlan_howto.1427156403.txt.gz · Last modified: 2015/03/24 00:20 by Aaron Johnson
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
