Hi to everyone. I’m owning a Zyxel GS1900-24E A1 and decided to flash it with OpenWRT 25.12 convinced that the setup was a “piece-of-cake”. Unfortunately I’m stopped with the configuration below, that I derived from this post https://forum.openwrt.org/t/zyxel-gs1900-vlan-config/222963/6.
This is my actual configuration:
[...]
config device 'switch'
option name 'switch'
option type 'bridge'
option macaddr 'edited'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
list ports 'lan8'
list ports 'lan9'
list ports 'lan10'
list ports 'lan11'
list ports 'lan12'
list ports 'lan13'
list ports 'lan14'
list ports 'lan15'
list ports 'lan16'
list ports 'lan17'
list ports 'lan18'
list ports 'lan19'
list ports 'lan20'
list ports 'lan21'
list ports 'lan22'
list ports 'lan23'
list ports 'lan24'
config bridge-vlan 'lan_vlan'
option device 'switch'
option vlan '1'
option ports 'lan1 lan2 lan3 lan4 lan5 lan6 lan7 lan8 lan9 lan10 lan11 lan12 lan13 lan14 lan15 lan16 lan17 lan18 lan19 lan20 lan21 lan22 lan23 lan24'
config device
option name 'switch.1'
option macaddr 'edited'
config interface 'lan'
option device 'switch.1'
option proto 'static'
list ipaddr '192.168.3.2/24'
option ip6assign '60'
config bridge-vlan
option device 'switch'
option vlan '10'
list ports 'lan21:t'
list ports 'lan22:t'
list ports 'lan23:t'
list ports 'lan24:t'
config interface 'vlan10'
option device 'switch.10'
option proto 'none'
option delegate '0'
The switch is working for all the untagged ports. I didn’t find a way to have working ports with tagged vlan10.
Hi, can you clarify what devices are connected to ports lan21–lan24?
Are those ports connected to:
another managed switch (trunk)?
a router?
or end devices (like PCs, NAS, etc.)?
Right now they are configured as tagged ports for VLAN 10, so they will only work if the connected device understands VLAN tagging.
Also, do you expect VLAN 10 to be accessible from a specific port as untagged?
One more suggestion: you may want to avoid using VLAN 1 for your main traffic.
Some switches, routers, and devices treat VLAN 1 as a special/default VLAN, and this can sometimes lead to unexpected behavior (especially with tagging/untagging or trunk ports).
It’s often safer to:
keep VLAN 1 unused (or only for management, if needed)
use another VLAN (e.g. VLAN 20, 99 or 100) as your primary LAN
This can help avoid subtle issues and makes the setup more predictable across different devices.
Hi ncompact, thank you for your reply. On ports lan21-lan24 are connected three OWRT dumb APs for in house wifi distribution, so yes, they are able to decode tagged VLAN. Actually they are not connected because of this issue and I’m using the Main Router switch, a Netgear R6220 with OWRT 25.12, until issue resolution (originally it was a single port X86, but I decided to simplify my network management).
At the moment I’m not expecting any VLAN untagged port, even if I may try to setup one, for test.
Regarding VLAN 1,.. it’s the original setup coming with OWRT firmware, so I didn’t touch it. And further more I should change the network configurations of my APs to comply with the new VLAN numeration.
At first I thought it might be a basic configuration issue on the VLAN side, but from your setup it looks like you already have a fairly solid understanding of tagging and trunking.
At this point I’m not sure I can add anything useful beyond what has already been suggested, so I’ll just follow the thread to see how it evolves.
On your router, you have VLAN 1 untagged on all 4 ports, and VLAN 10 tagged on all 4 ports.
But on the switch, if port 1 is your uplink, VLAN 10 (tagged) on the switch port 1 is missing from that config.
Therefore, assuming everything else is properly configured, you just need to add port 1 to the VLAN 10 bridge-vlan (on the switch) like this:
config bridge-vlan
option device 'switch'
option vlan '10'
list ports 'lan1:t'
list ports 'lan21:t'
list ports 'lan22:t'
list ports 'lan23:t'
list ports 'lan24:t'
Pro-tip:
To ensure that your VLANs are working properly at the router, and that everything is also making it over the trunk, it's a good idea to setup an access port for each VLAN on each device, at least temporarily.
So... on the router., consider reallocating one of the ports to be untagged VLAN 10... for example, let's assume port 4 is the connection over to the switch... make port 3 untagged on VLAN 10 (removing it from VLAN 1), like this:
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan4:u*'
...
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'lan1:t'
list ports 'lan2:t'
list ports 'lan3:u*'
list ports 'lan4:t'
Do the same thing on the GS1900-24E switch -- remove one port from VLAN 1 and put it into VLAN 10 as untagged + PVID (:u*).
A few side notes:
You might consider changing the bridge-vlan for VLAN 1 to be setup with list ports (as you've done with VLAN 10) rather than the current option ports.
Delete the subnet mask in the router's vlan10 interface. You don't need it because you have CIDR notation in the ipaddr line.
Also on the router, unless all 4 ports are used as trunk ports, it's probably best to only have VLAN 10 tagged not he ports that actually will have a VLAN aware device connected.
that is your L3 management interface for the switch, remove ip6assign
that is a second L3 interface. But OpenWRT currently only supports L2. Remove it for now.
For a simple setup do L3 routing between the VLANs on your router. If you like you can configure multiple DumbAPs with multiple VLAN/SSIDs with OpenSOHO.
