Show pagesourceOld revisionsBacklinksBack to top × Table of Contents Splitting VLANs Introduction Web interface instructions Default configuration Modified configuration Splitting VLANs This article relies on the following: Accessing web interface / command-line interface Managing configs / packages / services / logs This article may contain network configuration that is version dependent post 2021-06 ifname@interface has been moved to device and device sections while legacy ifname syntax may work on 21.02 or recent master it is recommended that you migrate to device usage More Information DSA Wiki 21.02 Release Notes Mini tutorial for DSA network config Introduction This how-to virtually splits off one of your devices Ethernet ports to be used for non-LAN purposes. E.g. you could provide this Ethernet port for your guests or for a secured extra zone used for an office work computer separated from your LAN zone. This how-to just demonstrates how to create the additional VLAN switch. The VLAN switch created by this how-to needs to be linked to a dedicated interface and a dedicated firewall zone in subsequent steps. Web interface instructions Default configuration A typical default LEDE configuration on a home router with 5 LAN ports looks like this, when going to the “switch” menu of LuCI: VLAN ID Upstream side: HW switch ↔ eth0 driver Downstream side: HW switch ↔ physical ports CPU (eth0) LAN 1 LAN 2 LAN 3 LAN 4 WAN 1 tagged untagged untagged untagged untagged off 2 tagged off off off off untagged This default configuration provides 2 VLAN switches by default: VLAN ID 1: the VLAN switch for the 4 ports (that are mapped to the LAN interface) VLAN ID 2: the VLAN switch mapped to the 1 WAN port Modified configuration As we can't magically add new physical ports to the existing device, we will simply reassign LAN 1 to make up a new virtual switch: VLAN ID Upstream side: HW switch ↔ eth0 driver Downstream side: HW switch ↔ physical ports CPU (eth0) LAN 1 LAN 2 LAN 3 LAN 4 WAN 1 tagged off untagged untagged untagged off 2 tagged off off off off untagged 3 tagged untagged off off off off Note the new third line and the change in the intersection of VLAN 1 and LAN 1. This updated configuration means that you will now have 3 VLAN switches: VLAN ID 1: the VLAN switch for the remaining 3 ports (that are still mapped to the LAN interface) VLAN ID 2: the VLAN switch mapped to the 1 WAN port VLAN ID 3: the newly created VLAN switch for the 1 port LAN 1. This port is currently without function. You first have to assign it to an interface (in the “physical settings” tab of an existing or newly created interface) Notes: LAN 1 in this example can no longer be used for SSH or LuCI administration, unless you link the existing LAN interface to this newly created VLAN switch eth0.3 (But usually you will want to assign this new VLAN to a newly created interface, which then has to be put into a new firewall zone). As long as one last LAN port remains in VLAN switch 1, you will still have access to LuCI and SSH over that port. In case you have accidentally or purposely set all ports to “off” in switch VLAN 1, in most cases you can still use your WiFi for LEDE admin access. The LAN IDs as used in the switch section of LuCI or in config files of UCI may not reflect the same numbering scheme used on the printed labels on the outside of your router. Due to decisions of the manufacturer, it could be inverted on some devices (4→1, 3→2, 2→3, 1→4). This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.OKMore information about cookies Last modified: 2023/05/16 14:09by badulesia