Assigning ports to WAN vs LAN

Xenophon · July 20, 2021, 4:36pm

I have a fresh install of OpenWRT on a NetGear GS308T; it has no dedicated WAN port. The default configuration seems to have the LAN and WAN devices backwards: all of the ports are in the WAN, and the first port is alone in the LAN.

I've had a look around the forums, but I don't think this question has been answered before in a way that makes sense for this setup:

In the post explaining how to assign WAN port to the LAN, the referenced link is broken.

There is a post on mapping ethernet ports to the LAN, but the menu structure it describes:

Network > Interfaces > WAN > Edit > Physical Settings

does not exist; in the interface edit dialog there are only "General Settings", "Advanced Settings", "Firewall Settings" and "DHCP Server".

Under "Network" I do not have a "Switch" entry, so other posts referencing that make no sense.

My `/etc/config/network' looks (default) like this:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdbb:d8a2:5357::/48'

config device 'switch'
	option name 'switch'
	option type 'bridge'
	option macaddr '9c:c9:eb:d6:de:c6'

config bridge-vlan 'wan_vlan'
	option device 'switch'
	option vlan '1'
	option ports 'lan1 lan2 lan3 lan4 lan5 lan6 lan7 lan8'

config device
	option name 'switch.1'
	option macaddr '9c:c9:eb:d6:de:c6'

config interface 'wan'
	option device 'switch.1'
	option proto 'dhcp'

config interface 'wan6'
	option device 'switch.1'
	option proto 'dhcpv6'

config bridge-vlan 'lan_vlan'
	option device 'switch'
	option vlan '100'
	option ports 'lan1:t'

config device
	option name 'switch.100'
	option macaddr '9e:c9:eb:d6:de:c6'

config interface 'lan'
	option device 'switch.100'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

I'd like to reverse this, so that all the ports except port 1 are LAN, and 1 is the WAN.

Xenophon · July 20, 2021, 4:47pm

More specifically, I'd like to be able to connect to Luci and SSH on any of the ports 2-8 without needing to fiddle with the VLAN on the client.

anomeome · July 20, 2021, 4:59pm

See tutorial, plus the threads regarding your switch.

Xenophon · July 21, 2021, 6:47am

Thanks for the link, though I had indeed read that; it looks like the default configuration is just completely broken (WAN ports bridged with LAN ports, admin VLAN on the WAN switch).

I still don't see how to get ssh and LUCI listening on the default (untagged) LAN side, unless I missed something in the tutorial/forums.

I'll post the answer when I can get a working configuration. Meanwhile, it's not mounting the overlay FS, despite flashing the squashfs-sysupgrade image. I'll open a different thread for that.

Xenophon · July 21, 2021, 7:34am

Note for anyone looking at this thread: the stripped-down config on the GS108T page probably works, but doesn't explain how to SSH and LUCI are configured to read from the LAN.

trendy · July 21, 2021, 8:46am

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdbb:d8a2:5357::/48'

config device 'switch'
	option name 'switch'
	option type 'bridge'
	option macaddr '9c:c9:eb:d6:de:c6'

config bridge-vlan 'wan_vlan'
	option device 'switch'
	option vlan '1'
	option ports 'lan1'

config device
	option name 'switch.1'
	option macaddr '9c:c9:eb:d6:de:c6'

config interface 'wan'
	option device 'switch.1'
	option proto 'dhcp'

config interface 'wan6'
	option device 'switch.1'
	option proto 'dhcpv6'

config bridge-vlan 'lan_vlan'
	option device 'switch'
	option vlan '100'
	option ports 'lan2 lan3 lan4 lan5 lan6 lan7 lan8'

config device
	option name 'switch.100'
	option macaddr '9e:c9:eb:d6:de:c6'

config interface 'lan'
	option device 'switch.100'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

This should do the work. lan1 port is assigned to vlan1, which is wan. The rest of the ports are assigned to vlan100 untagged, which is the lan.
Just in case something doesn't work as expected, be prepared to reset the device to defaults or login with serial/failsafe.

Xenophon · July 21, 2021, 8:51am

Thanks, I'll give that a try and mark it a solution if it works once I fix Netgear GS308T not mounting /overlay.

system · July 31, 2021, 8:51am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.