2 WAN interfaces same vlan

julian · March 26, 2025, 3:09pm

Hi all,

I have two wan interfaces and put them on the same vlan, albeit the first wan is on eth0.2000 wth pppoe and the second on eth1.2000 with dhcpc.

Is that how you usually do it? I thought it might make sense but have the feeling that it somehow broke my vlan 2000 network.

network.wan=interface
network.wan.proto='pppoe'
network.wan.ipv6='auto'
network.wan.peerdns='0'
network.wan.dns='9.9.9.9' '149.112.112.112'
network.wan.username='550320642718'
network.wan.password='29412544'
network.wan.device='eth0.2000'
network.wan.metric='10'

network.wan_mobile=interface
network.wan_mobile.proto='dhcp'
network.wan_mobile.device='eth1.2000'
network.wan_mobile.metric='20'

network.iso_modem=interface
network.iso_modem.proto='static'
network.iso_modem.netmask='255.255.255.0'
network.iso_modem.ipaddr='192.168.200.2'
network.iso_modem.ifname='eth0.2000'
network.iso_modem.device='eth0.2000'

I think what I am missing is the difference between eth0.2000 and eth1.2000. It seems to deal with them as separate networks, however, I'd expect the same vlan to be same network even if physical devices are different.

lleachii · March 27, 2025, 5:35am

Your expectation is incorrect. As you noted, they're two different devices (not e.g. a switch). If it's your desire to somehow connect them, you'll have to include them in a bridge. Although it's unclear why you desire this.

eduperez · March 27, 2025, 8:32am

I think you are confused about how VLANs work...

VLANs are used to simulate independent physical networks on a shared physical medium. It's like having several ethernet wires bundled together, when in reality you only have one.

When you use VLANs on one end of the wire, all other devices have to use the same VLANs; otherwise, the devices cannot communicate with each other.

Finally, VLANs only have an effect on the traffic between nodes, not on the traffic inside the router.

So, eth0.2000 and eth1.2000 are not the same VLAN, because they are on different interfaces. However, you have two networks defined on eth0.2000, and I cannot understand why.

julian · March 27, 2025, 8:46am

Okay I see. Thank you VERY much for the answers so far.

As for the desire and that matter:

So, eth0.2000 and eth1.2000 are not the same VLAN, because they are on different interfaces. However, you have two networks defined on eth0.2000, and I cannot understand why.

So I think my misunderstanding comes from the switch / vlan configuration on my r7800 in openwrt. Because I have multiple APs, each with multiple ssids, each "ssid on a separate vlan" on a single physical link, to a managed switch and then to my router. So I think I have a basic idea on how vlans work.

Now to my switch config on my router:

Status Quo is that I have WAN on eth0.2000. And I have that iso_modem network also on eth0.2000. The WAN is for pppoe, the iso_modem network is to be able to access the modem webui via http. That works but I don't know whether it is done the right way.

Now, the yellow highlighted lan2 is a new modem (5g mobile internet) which is in bridge mode and I get a public IP via dhcp from it. I wanted to add it to the WAN firewall zone and I thought it made sense to put it "in the same vlan". And I have to put it into a certain vlan because my router's (netgear r7800) switch operates in that way, that's what I thought.

uci show network

network.globals=globals
network.globals.ula_prefix='aidontstealmyula_prefix::/48'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.br_lan=device
network.br_lan.name='br-lan'
network.br_lan.type='bridge'
network.br_lan.ports='eth1.10'
network.br_management=device
network.br_management.name='br-management'
network.br_management.type='bridge'
network.br_management.ports='eth1.1000'
network.loopback=interface
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.loopback.device='lo'
network.wan=interface
network.wan.proto='pppoe'
network.wan.ipv6='auto'
network.wan.peerdns='0'
network.wan.dns='9.9.9.9' '149.112.112.112'
network.wan.username=''
network.wan.password=''
network.wan.device='eth0.2000'
network.wan.metric='10'
network.lan=interface
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.device='br-lan'
network.lan.ip6hint='10'
network.external=interface
network.external.proto='static'
network.external.ipaddr='192.168.2.1'
network.external.netmask='255.255.255.0'
network.external.ip6assign='60'
network.external.ip6hint='20'
network.external.device='br-external'
network.dmz=interface
network.dmz.proto='static'
network.dmz.ipaddr='192.168.3.1'
network.dmz.netmask='255.255.255.0'
network.dmz.ip6assign='60'
network.dmz.ip6hint='30'
network.dmz.device='eth1.30'
network.management=interface
network.management.proto='static'
network.management.ipaddr='192.168.0.1'
network.management.netmask='255.255.255.0'
network.management.ip6assign='60'
network.management.device='br-management'
network.management.ip6hint='1000'
network.offline=interface
network.offline.proto='static'
network.offline.ipaddr='192.168.4.1'
network.offline.netmask='255.255.255.0'
network.offline.ip6assign='60'
network.offline.ip6hint='40'
network.offline.device='br-offline'
network.iso_modem=interface
network.iso_modem.proto='static'
network.iso_modem.netmask='255.255.255.0'
network.iso_modem.ipaddr='192.168.200.2'
network.iso_modem.ifname='eth0.2000'
network.iso_modem.device='eth0.2000'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].description='lan'
network.@switch_vlan[0].ports='2 4t 6t'
network.@switch_vlan[0].vid='10'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0t 5'
network.@switch_vlan[1].description='wan'
network.@switch_vlan[1].vid='2000'
network.@switch_vlan[2]=switch_vlan
network.@switch_vlan[2].device='switch0'
network.@switch_vlan[2].vlan='3'
network.@switch_vlan[2].description='dmz'
network.@switch_vlan[2].ports='4t 6t'
network.@switch_vlan[2].vid='30'
network.@switch_vlan[3]=switch_vlan
network.@switch_vlan[3].device='switch0'
network.@switch_vlan[3].vlan='4'
network.@switch_vlan[3].description='management'
network.@switch_vlan[3].ports='4t 6t'
network.@switch_vlan[3].vid='1000'
network.@switch_vlan[4]=switch_vlan
network.@switch_vlan[4].device='switch0'
network.@switch_vlan[4].vlan='5'
network.@switch_vlan[4].description='external'
network.@switch_vlan[4].ports='4t 6t'
network.@switch_vlan[4].vid='20'
network.@device[2]=device
network.@device[2].type='bridge'
network.@device[2].name='br-external'
network.@device[2].ports='eth1.20'
network.@device[3]=device
network.@device[3].type='bridge'
network.@device[3].name='br-offline'
network.@device[3].ports='eth1.40'
network.@switch_vlan[5]=switch_vlan
network.@switch_vlan[5].device='switch0'
network.@switch_vlan[5].vlan='6'
network.@switch_vlan[5].ports='4t 6t'
network.@switch_vlan[5].vid='40'
network.@switch_vlan[5].description='offline'
network.@switch_vlan[6]=switch_vlan
network.@switch_vlan[6].device='switch0'
network.@switch_vlan[6].vlan='7'
network.@switch_vlan[6].ports='4t 6t'
network.@switch_vlan[6].vid='50'
network.@switch_vlan[6].description='iso_1'
network.@switch_vlan[7]=switch_vlan
network.@switch_vlan[7].device='switch0'
network.@switch_vlan[7].vlan='8'
network.@switch_vlan[7].vid='60'
network.@switch_vlan[7].description='iso_2'
network.@switch_vlan[7].ports='1 6t'
network.iso_1=interface
network.iso_1.proto='static'
network.iso_1.ipaddr='192.168.5.1'
network.iso_1.netmask='255.255.255.0'
network.iso_1.ip6assign='60'
network.iso_1.device='eth1.50'
network.iso_1.ip6hint='50'
network.iso_2=interface
network.iso_2.proto='static'
network.iso_2.ipaddr='192.168.6.1'
network.iso_2.netmask='255.255.255.0'
network.iso_2.ip6assign='60'
network.iso_2.device='eth1.60'
network.iso_2.ip6hint='60'
network.@switch_vlan[8]=switch_vlan
network.@switch_vlan[8].device='switch0'
network.@switch_vlan[8].vlan='9'
network.@switch_vlan[8].ports='4t 6t'
network.@switch_vlan[8].vid='70'
network.@switch_vlan[8].description='iso_ap'
network.iso_ap=interface
network.iso_ap.proto='static'
network.iso_ap.device='eth1.70'
network.iso_ap.ipaddr='192.168.7.1'
network.iso_ap.netmask='255.255.255.0'
network.iso_ap.ip6assign='60'
network.iso_ap.ip6hint='70'
network.wan_mobile=interface
network.wan_mobile.proto='dhcp'
network.wan_mobile.device='eth1.2000'
network.wan_mobile.metric='20'

Edit: And this is how r7800 openwrt factory defaults are, isn't it? Separate vlan for lan and wan. The more I think about it the more I am confused. I have two cpus, cpu0 for wan cpu1 for switch. Or cpu0 for eth0 and cpu1 for eth1. Thus the cpu implies the physical interface? So I could put the new modem on eth0.2000 instead of eth1.2000. Does that work? pppoe being layer 2 and the other modem being the only dhcpd on that network.

julian · April 1, 2025, 7:40am

So I got it working. Take everything with a grain of salt, there might be some don'ts in my configuration, however....IT WORKS!

Without fully understanding the difference it makes to have eth0.2000 and eth1.2000 (basically, what would you do to puth eth0 and eth1 on the same vlan.....tag both of them 2000, right?) I created a separate vlan for the second modem because I decided that its indeed a separate network and not just a third static ip in the old modems network. Whatever.

Then, because of mwan3 and because of the new modem (modem_mob) only getting a /64 prefix I had to change everything to ipv6 masquerading / nat66.

This is the shortened config / network:

/etc/config/network

network.globals=globals
network.globals.ula_prefix=''

network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'

network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].description='lan'
network.@switch_vlan[0].ports='4t 6t'
network.@switch_vlan[0].vid='10'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0t 5'
network.@switch_vlan[1].description='wan'
network.@switch_vlan[1].vid='2000'

network.@switch_vlan[9]=switch_vlan
network.@switch_vlan[9].device='switch0'
network.@switch_vlan[9].vlan='10'
network.@switch_vlan[9].ports='3 6t'
network.@switch_vlan[9].vid='2010'
network.@switch_vlan[9].description='wan_mobile'

network.loopback=interface
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.loopback.device='lo'

network.br_lan=device
network.br_lan.name='br-lan'
network.br_lan.type='bridge'
network.br_lan.ports='eth1.10'

network.lan=interface
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.device='br-lan'
network.lan.ip6hint='10'

network.iso_modem=interface
network.iso_modem.proto='static'
network.iso_modem.netmask='255.255.255.0'
network.iso_modem.ipaddr='192.168.200.1'
network.iso_modem.ifname='eth0.2000'
network.iso_modem.device='eth0.2000'

network.iso_modem_mob=interface
network.iso_modem_mob.proto='static'
network.iso_modem_mob.device='eth1.2010'
network.iso_modem_mob.ipaddr='192.168.201.1'
network.iso_modem_mob.netmask='255.255.255.0'

network.wan=interface
network.wan.proto='pppoe'
network.wan.ipv6='1'
network.wan.peerdns='0'
network.wan.dns='9.9.9.9' '149.112.112.112'
network.wan.username=''
network.wan.password=''
network.wan.device='eth0.2000'
network.wan.metric='10'

network.wan_6=interface
network.wan_6.proto='dhcpv6'
network.wan_6.device='pppoe-wan'
network.wan_6.reqaddress='try'
network.wan_6.reqprefix='auto'
network.wan_6.peerdns='0'
network.wan_6.dns='2620:fe::fe' '2620:fe::9'
network.wan_6.sourcefilter='0'
network.wan_6.delegate='0'
network.wan_6.metric='10'

network.wan_mob=interface
network.wan_mob.proto='dhcp'
network.wan_mob.device='eth1.2010'
network.wan_mob.metric='20'
network.wan_mob.peerdns='0'
network.wan_mob.dns='9.9.9.9' '149.112.112.112'

network.wan_mob_6=interface
network.wan_mob_6.proto='dhcpv6'
network.wan_mob_6.device='eth1.2010'
network.wan_mob_6.reqaddress='try'
network.wan_mob_6.reqprefix='auto'
network.wan_mob_6.peerdns='0'
network.wan_mob_6.metric='20'
network.wan_mob_6.dns='2620:fe::fe' '2620:fe::9'
network.wan_mob_6.delegate='0'
network.wan_mob_6.sourcefilter='0'

And as you can see, what I am doing is having a corresponding interface on the wan device for management purposes with a static ip. So iso_modem_mob is for accessing wan_mob modem ui and iso_modem is for accessinc wan modem ui.

system · April 11, 2025, 7:41am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.