This wiki page was created to summarise the steps discussed at: https://forum.openwrt.org/t/solved-need-help-configuring-a-separate-lan-using-the-wan-port/125538

You want to configure a separate (sub-)LAN using the WAN ethernet port (normally used as a regular ethernet LAN port) of your OpenWRT router.

OpenWRT version 21.02

An Archer C7 was used but this will work with any other router.

This is the configuration to apply to the secondary router (the one where the separate LAN exists).

1. setup the VLAN for the WAN ethernet port; make sure that you have a VLAN row (`2` for example) where one CPU core (`eth0` for example) is `tagged` and the `WAN` port is `untagged`; both must be `off` in any other VLAN row
2. under Network → Interfaces, select Devices tab and click “Add device configuration”
3. select “Bridge device” as type and name it `br-lan2` (you probably already have a `br-lan`)
4. under bridge ports select `eth0.2` (or whichever is your WAN port); save
5. go to Network → Interfaces and add a new interface (e.g. `LAN2`) using `br-lan2`
6. under Protocol specify “Static address” and in IPv4 address specify your sub-LAN router IP e.g. `192.168.2.1`; use a `/24` subnet mask
7. select the Firewall Settings tab and create a new zone by typing there `LAN2`; save
8. configure DHCP for this new network

Configuration for the main router:

1. add a static route for `192.168.2.0/24` routing through the router with the secondary router WAN port's IP address on the main LAN (`192.168.2.1` in this example)

LAN2 → reject: accept, accept, reject

LAN → LAN2: accept, accept, accept

Add a forwarding rule to allow internet access: From LAN2 To Any zone, `!192.168.1.0/24` (your main LAN network) Make sure you select 'Any` for traffic.

If your main router does not send extra routes you must configure your LAN clients with the custom route to reach LAN2 IPs.