This wiki page was created to summarise the steps discussed at: https://forum.openwrt.org/t/solved-need-help-configuring-a-separate-lan-using-the-wan-port/125538

You want to configure a separate (sub-)LAN using the WAN ethernet port (normally used as a regular ethernet LAN port) of your OpenWRT router.

OpenWRT version 21.02

An Archer C7 was used but this will work with any other router.

1. setup the VLAN for the WAN ethernet port; make sure that you have a VLAN row (`2` for example) where one CPU core (`eth0` for example) is `tagged` and the `WAN` port is `untagged`; both must be `off` in any other VLAN row
2. under Network → Interfaces, select Devices tab and click “Add device configuration”
3. select “Bridge device” as type and name it `br-lan2` (you probably already have a `br-lan`)
4. under bridge ports select `eth0.2` (or whichever is your WAN port); save
5. go to Network → Interfaces and add a new interface (e.g. `LAN2`) using `br-lan2`
6. under Protocol specify “Static address” and in IPv4 address specify your sub-LAN router IP e.g. `192.168.2.1`; use a `/24` subnet mask
7. select the Firewall Settings tab and create a new zone by typing there `LAN2`; save
8. configure DHCP for this new network
9. on the main router (which might not be the one your are currently configuring) add a static route for `192.168.2.0/24` routing through the router with the WAN port's IP address on the main LAN

LAN → LAN2: accept, accept, accept LAN2 → reject: accept, accept, reject

Add a forwarding rule to allow internet access: From LAN2 To Any zone, `!192.168.1.0/24` (your main LAN network) Make sure you select 'Any` for traffic.