extend a guest wifi on second access point with OpenWrt using VLANs

For over a year I have been browsing the internet for this information. You have put it into several short and understandable videos. Bravo, and thank you.

almightyura

This video is exactly what I have been looking for and explains the problems and solutions really well.

Recently my mobility was more limited than I had planned for, and although all of my home setup had "guest" connectivity, getting to the physical "engine room" was absurdly difficult.

This solution is great for a home environment, where physical access to infrastructure is easily monitored.

As a side note: On higher levels all traffic should be encrypted anyway. If DHCP were compromised (MAC spoofing isn't unheard of, after all) or DNS was poisoned, all an intruder would get for their trouble is an unviable connection attempt on the data channel.

Most importantly: In your setup wireless connections are as secure as the endpoint configuration allows them to be.

Love it. Simple and does everything you need at a home setting.

heraldreichel

Thanks Marc. I find your video the easiest way to understand VLAN. Please consider making new video about VLAN config on openwrt version 21 where it uses DSA

suxen

Don´t know why I never stumbled over one of your videos before, 10 of 10 points.I will spend the next days to see al others.

ChAnTi

Hi Marc,
The interface has changed a little bit inbetween, and also, now in Network > Interfaces, when I edit an interface, there is no more Physical tab, and it's changed in a Device selector in the General tab. The problem is, there I can not assigned more than one item. So I don't really get how to do it the same as you did.

NicolasBaudoin-id

Your videos and commentary are fantastic and as an IT pro, I normally have no trouble understanding, but this time I'll add that VLAN configuration (tagging/untagging) about 4 min in flew way over my head.

nosoupformecom

I find your videos so simple to follow, thank you

One thing to note is that with the release of OpenWRT 21.02 many devices now use DSA instead of sw_config - so, some of the configuration methods have changed a bit! However, your simple explanations still work

jaromanda

awesome! i always find myself not touching the openwrt vlan function, your guide is clear and easy to follow, thank you!

tomcheng

Man this is real service! Thanks for your knowledge sharing. I've just added a second "dumb ap" (via powerline) to my network. I do not yet have network segmentation (only a single network) but this will probably resolve my issues when I add the IoT and Guest networks.

TheTommyPT

I think this is just what I was looking for, Marc! Not 100% sure, but I feel like you really read your subscribers' mind. So I'll try to follow your steps, and report back! Thank you very, very much. You seem the guru I needed to find. 😋

brightplastik

Marc: I have said before and I will say it again. You have an amazing gift to make complex things simple. Great service. As an aside, how about creating a video with one wifi to connect with openVPN and other wifi to connect with regular non-vpn network. Perfect recipe for WFH guys. I think you can do this once without using VLAN and another with VLAN.

anilgargsfo

Marc, firstly thank you for all your effort in making these videos, they are outstanding.

I'm echoing the call for companion videos for setting up the LAN/Guest/IOT setup using OpenWrt 21.x for both the router and an access point (Isn't it time to upgrade your own home network? :-)).

In one of your other videos you reviewed the D-Link DIR-2660, which is only supported by OpenWrt 21.x (the other two routers you reviewed the TP-Link Archer C7 and Linksys WRT3200ACM are supported by OpenWrt 19.x and 21.x). So anyone following your lead will have trouble setting up the VLANs on the DIR-2660.

I think you should spell out in the title, and in the pin, that these instructions are for OpenWrt 19.x only so viewers don't get confused. Ditto for the router video also.

I have been trying in vain to set this up using DD-WRT for some time and successfully switched to OpenWrt after finding your channel. I have not regrets, it's all up-side.

Thanks again.

Andrew-byyo

Thank You! I did this very thing.... but the access point I'm using is a Unifi access point with a TP-Link router with OpenWrt and it's working perfectly. Thanks sooo much!

sigler

This is fantastic. I understand VLANs so much better now, and its really quite simple! Very useful stuff

germas

Such an interesting episode! And so informative too! I've heard about VLAN but I never understood the concept, this video sure helped ;)

glitchy_weasel

Perfect
I have build nearly exact this configuration with TP-Link AC7150v5 and WDR4900. These models allow using untagged and tagged on one port. This enables me to use an old unmaged switch.
No problems so far. Wonderful.

henning

Awesome I’ve been looking forward to this second video, I have 2x OpenWRT access points connected over power line adaptors but didn’t know how to get vlans setup - I use my isps router with a static ip as my internet connection (it doesn’t support modem mode)

damianthomson

Thanks for the instructions!It took me sometime to figure out how to enable a guest network on a second router (dumb AP) with vlan running openwrt 21.02 as there is no “bridge” checkbox anymore: in the interface tab there is a tab called Devices and I had to create a br-Guest bridge device similar to br-lan and assign br-guest to the Guest interface. Now it’s working smoothly on the dumb AP as well!

peterb

Great videoes. Luci is not always intuitive. Your firewall video and this one clarified many issues :)

igormoeller

Thank you very much for these tutorials, they are excellent! For me the roaming (tested on iPhone) only started working when I changed the WPA2-PSK cipher to "Force CCMP (AES)" on both the router and AP. I still have the DTIM interval set to default (2).

farayman