Use DD-WRT to set up a VLAN and Virtual Wifi for IoT devices

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey friends chris again what we're doing today is we're going to configure ddwrt so it has a virtual lan and the reason i'm doing a virtual lan is so i can put some untrusted devices on my network so very briefly here's the concept i have an older router a linksys e4200 on which i have ddwrt firmware installed it has four lan ports i want to have the first three lan ports set up so that these represent my main network so they're going to be running on subnet 192.1681x this is where i'm going to put all my trusted devices like my laptop my iphones everything on my network basically is going to go on this network but then of course we all have these devices that we don't really trust you know like security cameras from who knows what manufacturer devices that never get any security updates so what i'm going to do i'm going to devote lan port number four to a new subnet called 192.168.107x and i have a switch that i attached to that network so that i can distribute that iot network hardwired out if i need to but i'm also going to set up an iot wi-fi signal so that my untrusted devices have something to connect to now here's the thing i don't trust these devices so i don't want them to be able to communicate with anything on this side of the picture of course everything on this side of the picture is trusted and should be able to communicate with things in the iot network but really the only thing the iot network should be able to do is make it out to the internet that's what we're going to do alright so let's get started so the first thing i want to point out is i am connected to the ddwrt wi-fi this is the default wi-fi that the router is configured with right after a factory reset now the reason i'm connected to the wi-fi and not hardwired into the router is because i'm about to configure the ports on my router i might lose connectivity to the router if i screw something up so i'm just connected to the default wi-fi all right i'm just going to pop over to setup just so you can see the basic settings on this router so notice that the main router's address is 192-16811 of course that's where i am right now and then as i mentioned we're going to set up a secondary lan on 192.168.1071. so how do we go about doing that if you go over to switch config now this is a little bit of a confusing screen what this is trying to show is this is all the ports on my router okay so this is my my wan or internet port and these are my four lan ports and right now i've got nothing connected to any of them but on the side here these are the vlans or virtual lands and right now all of these lan ports are all on the same virtual lan or they're on the same network now i want to take port 4 i'm going to unclick that and i'm going to put it on its own vlan so it's going to be on vlan 2. okay this is not the only configuration we need to do here i'm going to go to the bottom save bottom again apply settings all right so i created vlan 2 but that's not enough i need to be able to configure it so that's in the networking tab and what we're going to do is we're going to create a new bridge and we will call it br1 the rest of the settings you can just leave alone so we'll scroll to the bottom save and then we will apply the settings all right so we have a bridge what we need to do is we need to go to this assigned to bridge section say add and okay this has happened to me a few times if this happens to you you might just need to force it to reload back to one nine two one six eight one one i've navigated back to network remember assigned to bridge i'm gonna click add okay so now i can take my new bridge bridge one and i can assign it to vlan 2. so basically these bridges are a way to configure things connected to them we're connecting vlan 2 to our bridge 1 that's going to allow me to introduce my iot configuration for my second vlan i've done that i'll go down to the bottom and save and then apply settings all right and after i've applied the settings you should see in your bridging table br1 should say interface vlan 2. if it doesn't you might want to go and reload this screen all right so i had to refresh it i come down and look br1 is set up for vlan 2. if you remember vlan 2 has my fourth lan port on it now we have to actually configure this br1 so that it's on the subnet that we want so what we do is we scroll down a little ways and in this network configuration section you should see network configuration br one and we're going to give this a label iot network and then right here is where we get to say what the subnet address is so we'll call this 192 168 107 1 and the subnet mask is 255 255 255 0. okay so we'll save that and apply settings okay now what we have to do is we have to make sure that we have a dhcp server that can actually hand out addresses on the 107 network so what you do is down here there's this multiple dhcp server thing click add and this is fine this is dhcp on br0 which is the default bridge we can just leave that alone let that exist we need to add a second one so here you see i'm going to set up a dhcp server on the iot network i'll save that and apply my settings okay so right now my iot network should be working i could verify that by plugging a network cable into port 4. before i do that there is one thing i have to do for this particular router as i mentioned i have a linksys e4200 and i have not had to do this with other routers but for this one for some reason as soon as i create a vlan these other lan ports stop working one two and three and what i found i actually have to do is i have to move these from vlan 0 to a new vlan so i'm going to move them to vlan 3. so as i said you may not need to do this okay and once i've moved them to vlan 3 we have to go back to the networking tab go to the assign to bridge section and we just need to select br0 and say i want vlan 3 on my br0 so i want that third vlan on the default bridge save and apply all right so right now my port configuration should be set up let's test that theory so i'm going to plug my laptop into port 4. if we go back to the diagram we should see that anything i plug in port 4 should be on the 192 168 107 subnet all right i am apparently connected to a wired network now i'm going to i'm going to verify this from my terminal ifconfig is what you can use if you're on linux or on on a mac on windows you can use ipconfig [Music] so i'm looking for my ethernet connection and if you notice it has been assigned 192.168.107.131 so that's pretty good news that means that i actually am on the 107 subnet now what about my other lan ports they need to be handing out addresses to 192.168.1 something so i'm going to try connecting to port 2. i'll run ifconfig again all right and i'm on 192.168.1.131 so that's great it looks like my port configuration is working now as we mentioned back in the diagram i want everything from the one subnet to be able to see stuff on the 107 but i don't want 107 to be able to see anything back on the one subnet the only thing 107 should be able to do is get out to the internet so how do i do that in order to ensure that we need to configure the firewall so that's done in administration commands now i happen to have these instructions that i got off a very helpful person on a forum these are the magic words that i will paste into the video description but essentially what's happening here this is the key item that we are going to drop connections from bridge 1 to any other bridge so that means bridge one or the iot network cannot see anything on any other bridge so what you do is you say save startup so that's gonna run on startup so i'm plugged into port four i'm just gonna double check that i have a correct port assignment and i should have full disclosure here i rebooted my router just to make sure the firewall settings would take effect so as you see i'm on the 107 network if i try and ping the one network look at that i get no response and that's because communication from my iot network to my main network is completely shut down i'm gonna go and reconnect to one of my other lan ports like lan port one so that i'm on the main network and i will double check yes i'm on the main network so the only thing left to do is set up the iot wi-fi so that anything connecting to my special iot wi-fi will end up on this iot subnet it's actually pretty easy to do if you go to the wireless section of the router if you scroll down a little ways there's this add virtual ap add virtual access point so click that and what i'm going to do i'm going to call this ddwrt iot and i just want to point out that this specifically is on the 2.4 gigahertz radio i can go and do this again on the 5 gigahertz radio i'd add another virtual ap but i'm just going to do this one just so you see how it works the thing you need to pay attention to is this this virtual ap is assigned a name it's wl0.1 okay yours might be different you need to pay attention to it so i've created this thing save apply settings and then what we do is we go back to setup and back to the networking section and all it is is just another bridge assignment so we want to put something new on the iot network we click add i'll select bridge1 and now notice wl0.1 is in my list so that's the new virtual access point that i created select that scroll the bottom save apply settings now of course if you're doing this for real you're probably going to want to go into wireless security and of course you can set the security mode on your new iot network and you probably want to add a password to it that's how you set up a vlan on ddwrt i found it kind of difficult to figure this out i hope i helped you in some way if i did please give me a like that's going to help me a lot with a youtube algorithm so thanks everybody for watching i'll see on the next one you
Info
Channel: DevbaseMedia
Views: 17,249
Rating: undefined out of 5
Keywords: dd-wrt, tutorial, iot, vlan, virtual ap, guest wifi, how to, router, firewall, security, internet of things
Id: 0ds4o2RxHAc
Channel Id: undefined
Length: 11min 5sec (665 seconds)
Published: Fri Jan 15 2021
Related Videos
How to configure OpenWrt as Firewall for your home network and Guest Wifi and IPTables explained
OneMarcFifty
34K
Set up an OpenVPN Server on your DD-WRT Router
DevbaseMedia
10K
Secure IoT Network Configuration
Crosstalk Solutions
319K
2020 Getting started with pfsense 2.4 Tutorial: Network Setup, VLANs, Features & Packages
Lawrence Systems
586K
DD WRT Router Configuration Part 1
HelpfulTechVids
162K
Inexpensive Budget Switch: TP Link TL-SG108E HW Rev. 3.0 With VLANS & pfsense Review
Lawrence Systems
325K
FortiGate 60F HA Cluster Build
Fortinet Guru
1.1K
extend a guest wifi on second access point with OpenWrt using VLANs
OneMarcFifty
16K
How To Setup VLANS With pfsense & UniFI. Also how to build for firewall rules for VLANS in pfsense
Lawrence Systems
336K
Extend your WiFi range using an Old Wireless Router (DD-WRT Repeater Bridge)
Behfor
490K
Best Home Network 2021 - A Guide to the Best Available Network Equipment
Crosstalk Solutions
115K
Which Router is best for OpenWrt in 2021?
OneMarcFifty
36K
Solid State Batteries - Autumn 2021 mass production in Japan. Is it FINALLY happening?
Just Have a Think
1.2M
my SUPER secure Raspberry Pi Router (wifi VPN travel router)
NetworkChuck
368K
Are VLANs Worth It for a Home Network?
Home Network Geek
13K
VLAN Explained
PowerCert Animated Videos
977K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.