Hello everyone, I'm really new to this Openwrt router setup.
I'm currently using firmware 18.06 (ver 2.1 br) and I'm having problem connecting to the internet with Openwrt. I've done some reading on the documentation how to configure Openwrt. Technically the PPPoe connection to my router was successful, but my LAN and wifi have no access to the internet. For your information, I'm using a VLAN setup for PPPoe which connected into one of LAN trunk ports. I will dump all the necessary information that I have saved . Hopefully someone could help me troubleshoot this.
config defaults
option syn_flood '1'
option output 'ACCEPT'
option input 'DROP'
option forward 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option input 'DROP'
option forward 'ACCEPT'
option output 'ACCEPT'
option name 'wan_only'
option conntrack '1'
option network 'wan'
config zone
option forward 'ACCEPT'
option output 'ACCEPT'
option input 'ACCEPT'
option masq '1'
option name 'wan_to_lan'
option network ' '
config zone
option forward 'ACCEPT'
option output 'ACCEPT'
option name 'lan'
option input 'ACCEPT'
option masq '1'
option network 'lan'
config redirect
option target 'DNAT'
option proto 'tcp'
option src_dport '80'
option dest_ip '192.168.1.1'
option dest_port '80'
option name 'HTTP'
option src 'wan_only'
list src_mac '54:E6:FC:C0:AD:73'
option dest 'lan'
config redirect
option target 'DNAT'
option proto 'tcp'
option src_dport '443'
option dest_ip '192.168.1.1'
option dest_port '443'
option name 'HTTPS'
option src 'wan_only'
list src_mac '54:E6:FC:C0:AD:73'
option dest 'lan'
config forwarding
option dest 'wan_to_lan'
option src 'lan'
config forwarding
option dest 'lan'
option src 'wan_to_lan'
Before someone ask regarding the setup, I actually tried to tweak the VLAN value below 15 and that didn't work for pppoe connection. I tried to set up a bridge between wifi and eth0.500 which is the actual WAN, that also made the pppoe failed. Only the current setup that works for pppoe but unfortunately no LAN and wifi connection get to share internet from WAN. Any idea how to fix this?
The "gateway" option informs of a gateway accesible to the router on that network, not that clients in that network should use the router as a gateway. You should remove that option.
The same goes for the "dns" option.
You do not need to add interface eth0 to this bridge.
Wed Nov 11 22:32:48 2020 daemon.info dnsmasq[1575]: read /etc/hosts - 4 addresses
Wed Nov 11 22:32:48 2020 daemon.info dnsmasq[1575]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Wed Nov 11 22:32:48 2020 daemon.info dnsmasq-dhcp[1575]: read /etc/ethers - 0 addresses
Wed Nov 11 22:32:49 2020 daemon.info dnsmasq[1575]: read /etc/hosts - 4 addresses
Wed Nov 11 22:32:49 2020 daemon.info dnsmasq[1575]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Wed Nov 11 22:32:49 2020 daemon.info dnsmasq-dhcp[1575]: read /etc/ethers - 0 addresses
Wed Nov 11 22:33:14 2020 daemon.info hostapd: wlan0: STA c4:17:fe:2f:dc:fa IEEE 802.11: authenticated
Wed Nov 11 22:33:14 2020 daemon.info hostapd: wlan0: STA c4:17:fe:2f:dc:fa IEEE 802.11: associated (aid 1)
Wed Nov 11 22:33:14 2020 daemon.notice hostapd: wlan0: AP-STA-CONNECTED c4:17:fe:2f:dc:fa
Wed Nov 11 22:33:14 2020 daemon.info hostapd: wlan0: STA c4:17:fe:2f:dc:fa WPA: pairwise key handshake completed (RSN)
Wed Nov 11 22:33:22 2020 daemon.info dnsmasq-dhcp[1575]: DHCPDISCOVER(br-lan) c4:17:fe:2f:dc:fa
Wed Nov 11 22:33:22 2020 daemon.info dnsmasq-dhcp[1575]: DHCPOFFER(br-lan) 192.168.1.123 c4:17:fe:2f:dc:fa
Wed Nov 11 22:33:22 2020 daemon.info dnsmasq-dhcp[1575]: DHCPREQUEST(br-lan) 192.168.1.123 c4:17:fe:2f:dc:fa
Wed Nov 11 22:33:22 2020 daemon.info dnsmasq-dhcp[1575]: DHCPACK(br-lan) 192.168.1.123 c4:17:fe:2f:dc:fa Ruru
Wed Nov 11 22:33:23 2020 kern.notice kernel: [ 76.436113] random: crng init done
Wed Nov 11 22:36:01 2020 daemon.err uhttpd[906]: luci: accepted login on / for root from 192.168.1.123
Wed Nov 11 22:37:19 2020 authpriv.info dropbear[1620]: Child connection from 192.168.1.123:123456
Wed Nov 11 22:37:35 2020 authpriv.notice dropbear[1620]: Password auth succeeded for 'root' from 192.168.1.123:123456
Wed Nov 11 22:42:43 2020 daemon.info hostapd: wlan0: STA c4:17:fe:2f:dc:fa WPA: group key handshake completed (RSN)
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.062208] br-lan: port 1(eth0) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.075894] device eth0.1 left promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.081088] device eth0 left promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.085794] br-lan: port 2(eth0.1) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.159517] IPv6: ADDRCONF(NETDEV_UP): eth0.1: link is not ready
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.220015] br-lan: port 1(eth0.1) entered blocking state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.225450] br-lan: port 1(eth0.1) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.231668] device eth0.1 entered promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.236481] device eth0 entered promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.241497] br-lan: port 1(eth0.1) entered blocking state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.246950] br-lan: port 1(eth0.1) entered forwarding state
Wed Nov 11 22:50:03 2020 daemon.notice netifd: Interface 'lan' is now down
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.393842] br-lan: port 1(eth0.1) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.399523] br-lan: port 3(wlan0) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.567066] eth0: link down
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.617722] device eth0.1 left promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.622287] device eth0 left promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.626909] br-lan: port 1(eth0.1) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.710497] IPv6: ADDRCONF(NETDEV_UP): eth0.1: link is not ready
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.732732] device wlan0 left promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.737395] br-lan: port 3(wlan0) entered disabled state
Wed Nov 11 22:50:03 2020 daemon.notice netifd: Interface 'lan' is disabled
Wed Nov 11 22:50:03 2020 daemon.notice netifd: Interface 'lan' has link connectivity loss
Wed Nov 11 22:50:03 2020 daemon.notice netifd: Interface 'lan' has link connectivity
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.816698] br-lan: port 1(eth0.1) entered blocking state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.822266] br-lan: port 1(eth0.1) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.894978] device eth0.1 entered promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.900066] device eth0 entered promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.939748] br-lan: port 2(wlan0) entered blocking state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.945097] br-lan: port 2(wlan0) entered disabled state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.967576] device wlan0 entered promiscuous mode
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.985102] br-lan: port 2(wlan0) entered blocking state
Wed Nov 11 22:50:03 2020 kern.info kernel: [ 1076.990559] br-lan: port 2(wlan0) entered forwarding state
Wed Nov 11 22:50:03 2020 daemon.notice netifd: Interface 'lan' is enabled
Wed Nov 11 22:50:03 2020 daemon.warn dnsmasq[1575]: no servers found in /tmp/resolv.conf.auto, will retry
Wed Nov 11 22:50:03 2020 daemon.notice netifd: Interface 'lan' is setting up now
Wed Nov 11 22:50:03 2020 daemon.notice netifd: Interface 'lan' is now up
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Interface 'wan_6' is now down
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Interface 'wan_6' is disabled
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Network alias '' link is down
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Interface 'wan_6' has link connectivity loss
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Network device 'eth0' link is down
Wed Nov 11 22:50:04 2020 daemon.notice netifd: VLAN 'eth0.1' link is down
Wed Nov 11 22:50:04 2020 daemon.notice netifd: VLAN 'eth0.500' link is down
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Interface 'wan' has link connectivity loss
Wed Nov 11 22:50:04 2020 daemon.info pppd[1230]: Terminating on signal 15
Wed Nov 11 22:50:04 2020 daemon.info pppd[1230]: Connect time 17.4 minutes.
Wed Nov 11 22:50:04 2020 daemon.info pppd[1230]: Sent 122719 bytes, received 2154 bytes.
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Network device 'pppoe-wan' link is down
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Network device 'eth0' link is up
Wed Nov 11 22:50:04 2020 kern.info kernel: [ 1077.588881] eth0: link up (1000Mbps/Full duplex)
Wed Nov 11 22:50:04 2020 kern.info kernel: [ 1077.646623] br-lan: port 1(eth0.1) entered blocking state
Wed Nov 11 22:50:04 2020 kern.info kernel: [ 1077.652170] br-lan: port 1(eth0.1) entered forwarding state
Wed Nov 11 22:50:04 2020 daemon.notice netifd: VLAN 'eth0.1' link is up
Wed Nov 11 22:50:04 2020 daemon.notice netifd: VLAN 'eth0.500' link is up
Wed Nov 11 22:50:04 2020 daemon.notice netifd: Interface 'wan' has link connectivity
Wed Nov 11 22:50:05 2020 daemon.info dnsmasq[1575]: read /etc/hosts - 4 addresses
Wed Nov 11 22:50:05 2020 daemon.info dnsmasq[1575]: read /tmp/hosts/odhcpd - 0 addresses
Wed Nov 11 22:50:05 2020 daemon.info dnsmasq[1575]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Wed Nov 11 22:50:05 2020 daemon.info dnsmasq-dhcp[1575]: read /etc/ethers - 0 addresses
Wed Nov 11 22:50:05 2020 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Wed Nov 11 22:50:07 2020 daemon.notice pppd[1230]: Connection terminated.
Wed Nov 11 22:50:07 2020 daemon.info pppd[1230]: Connect time 17.4 minutes.
Wed Nov 11 22:50:07 2020 daemon.info pppd[1230]: Sent 122719 bytes, received 2154 bytes.
Wed Nov 11 22:50:07 2020 daemon.info pppd[1230]: Sent PADT
Wed Nov 11 22:50:07 2020 daemon.info pppd[1230]: Exit.
Wed Nov 11 22:50:07 2020 daemon.notice netifd: Interface 'wan' is now down
Wed Nov 11 22:50:07 2020 daemon.notice netifd: Interface 'wan' is disabled
Wed Nov 11 22:50:07 2020 daemon.notice netifd: Interface 'wan' is enabled
Wed Nov 11 22:50:07 2020 daemon.notice netifd: Interface 'wan' is setting up now
Wed Nov 11 22:50:07 2020 daemon.err insmod: module is already loaded - slhc
Wed Nov 11 22:50:07 2020 daemon.err insmod: module is already loaded - ppp_generic
Wed Nov 11 22:50:07 2020 daemon.err insmod: module is already loaded - pppox
Wed Nov 11 22:50:07 2020 daemon.err insmod: module is already loaded - pppoe
Wed Nov 11 22:50:07 2020 daemon.info dnsmasq[1575]: exiting on receipt of SIGTERM
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: started, version 2.80 cachesize 150
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: DNS service limited to local subnets
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrac
k no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq-dhcp[2092]: DHCP, IP range 192.168.1.100 -- 192.168.1.367, lease time 12h
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: using local addresses only for domain test
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: using local addresses only for domain onion
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: using local addresses only for domain localhost
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: using local addresses only for domain local
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: using local addresses only for domain invalid
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: using local addresses only for domain bind
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: using local addresses only for domain lan
Wed Nov 11 22:50:08 2020 daemon.warn dnsmasq[2092]: no servers found in /tmp/resolv.conf.auto, will retry
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: read /etc/hosts - 4 addresses
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: read /tmp/hosts/odhcpd - 0 addresses
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq-dhcp[2092]: read /etc/ethers - 0 addresses
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: read /etc/hosts - 4 addresses
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: read /tmp/hosts/odhcpd - 0 addresses
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq[2092]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Wed Nov 11 22:50:08 2020 daemon.info dnsmasq-dhcp[2092]: read /etc/ethers - 0 addresses
Wed Nov 11 22:50:08 2020 daemon.info pppd[2115]: Plugin rp-pppoe.so loaded.
Wed Nov 11 22:50:08 2020 daemon.info pppd[2115]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.7
Wed Nov 11 22:50:08 2020 daemon.notice pppd[2115]: pppd 2.4.7 started by root, uid 0
Wed Nov 11 22:50:08 2020 daemon.info pppd[2115]: PPP session is 45610
Wed Nov 11 22:50:08 2020 daemon.warn pppd[2115]: Connected to 00:00:5e:00:01:38 via interface eth0.500
Wed Nov 11 22:50:08 2020 kern.info kernel: [ 1081.664213] pppoe-wan: renamed from ppp0
Wed Nov 11 22:50:08 2020 daemon.info pppd[2115]: Using interface pppoe-wan
Wed Nov 11 22:50:08 2020 daemon.notice pppd[2115]: Connect: pppoe-wan <--> eth0.500
Wed Nov 11 22:50:11 2020 daemon.info pppd[2115]: Remote message: Authentication success,Welcome!
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: PAP authentication succeeded
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: peer from calling number 00:00:5E:00:01:38 authorized
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: local LL address fe30::e1ab:b014:3cff:b4dc
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: remote LL address fe30::0200:5eff:fe00:0138
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: local IP address 123.88.33.8
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: remote IP address 123.88.34.254
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: primary DNS address 10.54.126.1
Wed Nov 11 22:50:11 2020 daemon.notice pppd[2115]: secondary DNS address 1.9.1.9
Wed Nov 11 22:50:11 2020 daemon.notice netifd: Network device 'pppoe-wan' link is up
Wed Nov 11 22:50:11 2020 daemon.notice netifd: Interface 'wan' is now up
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: reading /tmp/resolv.conf.auto
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using local addresses only for domain test
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using local addresses only for domain onion
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using local addresses only for domain localhost
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using local addresses only for domain local
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using local addresses only for domain invalid
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using local addresses only for domain bind
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using local addresses only for domain lan
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using nameserver 12.123.12.34#53
Wed Nov 11 22:50:11 2020 daemon.info dnsmasq[2092]: using nameserver 12.321.21.34#53
Wed Nov 11 22:50:12 2020 daemon.notice netifd: Network alias 'pppoe-wan' link is up
Wed Nov 11 22:50:12 2020 daemon.notice netifd: Interface 'wan_6' is enabled
Wed Nov 11 22:50:12 2020 daemon.notice netifd: Interface 'wan_6' has link connectivity
Wed Nov 11 22:50:12 2020 daemon.notice netifd: Interface 'wan_6' is setting up now
Wed Nov 11 22:50:12 2020 user.notice firewall: Reloading firewall due to ifup of wan (pppoe-wan)
Wed Nov 11 22:50:13 2020 user.notice firewall: Reloading firewall due to ifupdate of wan (pppoe-wan)
When I tried to ping to ip address, it always network unreachable. I even tried disable ipv6, but didn't fix anything. I don't know what's going on anymore
When that happens, reset the router to defaults and start over.
Do not change anything about the LAN network or the firewall. The default settings are suitable for this use case.
Note that on this model, eth0 is a direct path from the CPU to the blue WAN port on the back. The notation eth0.500 in your wan section will directly cause packets tagged with 500 to go out the WAN port. It does not involve the switch. The switch is used only for the 4 yellow LAN ports. In keeping with the point above, don't change anything in the switch.
Enter only your pppoe credentials when setting up wan. The ISP should auto configure a working DNS for you.
After you have a basic working Internet connection you can then try to break it again.
What is different about your intended use to mean that you need to make changes? Most people set a password, select a way to connect to ISP, ensure wifi is enabled and go with that.
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option syn_flood '1'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option network 'wan'
option input 'REJECT'
option forward 'REJECT'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config forwarding
option dest 'wan'
option src 'lan'
Looking back at the firewall status page, as you can see it looks damn weird
Note that on this model, eth0 is a direct path from the CPU to the blue WAN
before I even configured eth0.500 as VLAN wan switch. The original port for wan belongs to eth1 interface which is the blue wan port. eth0 is probably the whole yellow LAN trunk ports. My pppoe connection will not work without eth0.500 configuration setup.