Hi folks!
My lan-bridge contains a RTL8153 Ethernet adapter (eth1) and a WiFi adapter. I would like to add a VLAN to the eth1, leaving the lan-bridge untouched. Is it possible to have one "physical" LAN + VLAN on one (physical) device, or do I have to split the eth1 into 2 VLANs?
You'll simply create a new 'device' with the VLAN ID appended to eth1 as follows:
VLAN 10 --> eth1.10
Then tie the new network interface to that 'device' and you're good to go.
This will make a trunk where a network associated with eth1 is untagged, and then the VLANs running on that port (i.e. eth1.10) will be tagged. You'll need a smart/managed switch or other VLAN aware device connected to eth1 in order to take advantage of the VLAN you are creating.
@psherman Thank you! So that means, having the eth1 inside the lan bridge and an additional interface with eth1.10 (VLAN) is not an issue!? I wasn't sure about that.
Yes, the reason I ask is to decide which switch I should get.
Correct. They are tested as different logical interfaces.
Any switch that has VLAN support (802.1q) and meets your requirements for all other aspects (price, number of ports, physical size/form factor, poe if applicable, etc). I don’t like the TP-Link TL-SG1xxE series switches. - they work but they have a few quirks and issues. Otherwise, any smart/managed/plus switch (which should say something about VLANs) should work.
I chose a Mikrotik RB260G, which supports VLAN. Hope I get all to work...if not, the forum is just a click away 
Thank you! And happy Christmas off course!
More detailed what I have planned: I like to have 2 sub nets "lan" (wifi + vlan100) and "lan2" (vlan200) separated from each other, but in the same firewall zone (lan), using same traffic rules. So I will set up as following:
.Create 2 vlan devices, eth1.100 and eth1.200
.Add wifi and eth.100 to a bridge (br-lan)
.Create interface "lan" with static 192.168.1.1
.Add br-lan to "lan"
.Create interface "lan2" with static 192.168.2.1
,Add eth.200 to "lan2"
.Add "lan" and "lan2" to firewall zone "lan"
What is unclear:
Will I get DHCP and can I reach Luci Interface on both vlan subnets? Can I block access to Luci but keep DHCP on "lan2"?
Can the 2 subnets reach each other, because they are in the same firewall zone? Will set forward rule to "reject" on lan zone stop that?
You would need to set up a DHCP server on lan2 for those users to have DHCP. Then they would be served IPs in the .2.0 range. This /etc/config/dhcp server config could be a copy of the default lan server except the network is lan2.
Yes because they are both in the same zone, and that zone doesn't block LuCI.
Yes that is exactly how it works.
OK, last question for the moment...will the vlan2 get DNS, if not, how do I need to modify the dnsmasq section in /etc/config/dhcp?
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.