My understanding of VLANs is thin. My ALIX 2d13 does not have a switch, but has 3 Ethernet ports. One is WAN and the other 2 are bridged for LAN. I'm looking at IoT devices, and it's been suggested to put them on a seperate VLAN, which I do not think I can do.
Is moving one Ethernet port to another interface "IoT" a valid approach for this hardware?
Yes, you need to add a new firewall zone, a new firewall forward entry as the LAN to WAN and duplicate needed firewall rules too, and add the dhcp section too.
Then I added lan1 and lan2 to the lan firewall zone.
The problem is that I am not completely sure how eth0, eth1 and eth2 are assigned physically on boot. After rebooting, eth0, eth1 and eth2 are at the same "place" but I am not sure how it done internally.
Other issues:
I don't know how to set up ALIX 2D13 LEDs. In OpenWRT and Debian, there used to be a kmod-leds-alix package for ALIX2D13.
Hardware acceleration is not available for OpenSSL:
opkg install kmod-crypto-core kmod-crypto-aes kmod-crypto-hw-geode kmod-crypto-ocf
Unknown package 'kmod-crypto-core'.
Unknown package 'kmod-crypto-aes'.
Package kmod-crypto-hw-geode (4.4.71-1) installed in root is up to date.
Unknown package 'kmod-crypto-ocf'.
Collected errors:
I have not yet tried this on my router so can not help. Please let me know if you get it working.
While I know the geode image contained the crypto drivers I am not sure they are actually working.
I assume you have seen this page: https://wiki.openwrt.org/toh/pcengines/alix
I bought a crypto card at one point, but it required building my own, and I was not that motivated.
Regarding the LEDS, here is the config from my OpenWrt config file (system)
config led
option name 'LAN'
option sysfs 'alix:1'
option default '1'
option trigger 'netdev'
option dev 'br-lan'
option mode 'tx rx'
config led
option default '0'
option name 'WiFi'
option sysfs 'alix:2'
option trigger 'none'
config led
option default '0'
option name 'Heartbeat'
option sysfs 'alix:3'
option trigger 'heartbeat'