Project I'm planning - curious if I'm on the right track

Hi I'm looking for advice. Would dd-wrt / open wrt on a router acting as my gateway allow me to segment my home network like so:

  1. Wifi (for family / guests)
  2. IoT network [wifi and hardwired devices]
  3. Lab [publicly accessible from internet - connected to lab by wifi]

So that none of them could to talk to each other?

If so, I'll start with number one - get that set up, and then move to number 2 and then finally do number 3 - and then start adding appliances in front of 3 until it's total overkill and I think what the hell have I done???

But really, can I do this with dd-wrt?

Please let me know if there's anymore details needed - I'd be happy to reply.

Short answer is yes, VLan to segment ports (best option but limited on the router), subnet to segment IP addresses.

You may be better off getting a managed switch. I'll let the net gurus answer to that.

1 Like

I picture it like this so far - prepare for ASCII art

| = physical connection
/\ = wireless connction
WAP = Wireless Access Point

                                       The Internets
                                         **Router**  (dd-wrt)
                                           | | |
                  (Lab Network) WAP________| | |________ WAP (Family / Guest Network)
                                /\           |            /\                          
                               /  \          |           /  \ 
                              /    \         |          /    \
                         Wireless extender   |    Ipads / laptops / etc 
                                 |           |
                                 |           |
                               Server        |
                                           Switch  (IoT Network)
                          __________________| |________________
                         |                                     |
                         |                                     |
                 Wired IoT Device                             WAP 
                                                             /  \
                                                       Wireless IoT devices

I don't really like all the WAPs - that's going to add up in cost - I wonder if I could use the on board wireless on the router for a couple of the wireless networks.

Yeah that will work fine so long as the hardware supports VLANs (nosy do but I know that openwrt has a table which tells you for each router)

You can do it by using multiple ssids on the router and assign each to a different network.

Essentially you'd use VLANs to make each port on the switch a different interface that you can use for each of the networks, then you can just plug a regular switch in and it will be on whatever network you assigned the port to. Or if you don't need a lot of ports you can split up the built k switch however you like.

I'm fairly sure (been a while since I've played with openwrt) that by default each network will have internet access but won be able to talk to each other, but either way you can set the firewall up however you like.

Performance is going to be limited because all the router will have, at best two real interfaces but maybe only one, so your total bandwidth will be limited to the speed of that interface.

If you want something better get something like a ubiquiti edge router with enough interfaces for the number of networks you plan on using.

1 Like