Out of the box, the current OpenWRT build (18.06.1 at the time of writing) for the TP-Link TL-WR810N does not include VLANs. It defines three interfaces, eth0, eth1, and radio0.
The network controller in the device is VLAN-capable, so adding VLAN support is not difficult (he wrote, after spending a lot of time working out how difficult it isn't...)
Only two files need to be modified: /etc/config/network
and /etc/config/firewall
. The below examples will create two VLANs, 4 and 5, and assign them as sub-interfaces of eth1, the TL-WR810N's LAN interface. The steps can be easily adapted for additional VLANs and different VLAN numbers.
The TL;DR bit...
The default OpenWRT configuration on a TL-WR810N:
/etc/config/network
config interface 'lan'
option type 'bridge'
option ifname 'eth1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
/etc/config/firewall
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
The modified VLAN-aware configuration:
/etc/config/network
config interface 'lan1'
option ifname 'eth1.4'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
config interface 'lan2'
option ifname 'eth1.5'
option proto 'static'
option ipaddr '172.17.0.2'
option netmask '255.255.255.0'
[...]
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan 'eth1_4'
option device 'switch0'
option vlan '4'
option ports '0t 4t'
config switch_vlan 'eth1_5'
option device 'switch0'
option vlan '5'
option ports '0t 4t'
/etc/config/firewall
config zone
option name 'lan'
list network 'lan1'
list network 'lan2'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
The above example does not apply any filters to inter-VLAN traffic. If I wanted to use the firewall I could create a separate zone for each VLAN and set up appropriate traffic rules to suit my needs. But for this example I'm happy for both VLANs to sit in the same zone.
And that's it! VLANs on a single Ethernet port on a TL-WR810N. Making the above changes will add a Switch entry to the LuCI Network menu, but you can ignore it. Just do everything on the command line.
Keep on reading for a more detailed explanation.
Finding out the details of the network controller:
root@OpenWrt:~# swconfig list
Found: switch0 - eth1
root@OpenWrt:~# swconfig dev switch0 help
switch0: eth1(AR934X built-in switch), ports: 5 (cpu @ 0), vlans: 16
--switch
Attribute 1 (int): enable_vlan (Enable VLAN mode)
Attribute 2 (int): mirror_monitor_port (Mirror monitor port)
Attribute 3 (none): apply (Activate changes in the hardware)
Attribute 4 (none): reset (Reset the switch)
--vlan
Attribute 1 (int): vid (VLAN ID)
Attribute 2 (ports): ports (VLAN port mapping)
--port
Attribute 1 (int): enable_mirror_rx (Enable mirroring of RX packets)
Attribute 2 (int): enable_mirror_tx (Enable mirroring of TX packets)
Attribute 3 (int): pvid (Primary VLAN ID)
Attribute 4 (unknown): link (Get port link information)
The CPU is on port 0, but which port is used by eth1?
root@OpenWrt:~# swconfig dev switch0 show
Global attributes:
enable_vlan: 0
mirror_monitor_port: 15
Port 0:
enable_mirror_rx: 0
enable_mirror_tx: 0
pvid: 0
link: port:0 link:up speed:1000baseT full-duplex txflow rxflow
Port 1:
enable_mirror_rx: 0
enable_mirror_tx: 0
pvid: 0
link: port:1 link:down
Port 2:
enable_mirror_rx: 0
enable_mirror_tx: 0
pvid: 0
link: port:2 link:down
Port 3:
enable_mirror_rx: 0
enable_mirror_tx: 0
pvid: 0
link: port:3 link:down
Port 4:
enable_mirror_rx: 0
enable_mirror_tx: 0
pvid: 0
link: port:4 link:up speed:100baseT full-duplex auto
VLAN 0:
vid: 0
ports: 0 1 2 3 4
Port 4 is the only other active port (nothing is plugged into the WAN port), so ports 0 and 4 need to participate in the VLANs.
Then it's just a matter of tagging every desired VLAN for both the CPU and the Ethernet port, to make the Ethernet port a trunk to carry those VLANs.