Hello folks
It seems there is only documentation for VLAN that I've been able to find for manual cli configuration. Even then, I'm unable to parse that to describe what I see in my interface.
Can someone explain this diagram? Why is there CPU0 CPU1 when there's already the ports and WAN?
I want to configure each physical (1-4) ports as separate vlans that are untagged. Can someone suggest how I go about doing that?
thanks
The reason there are the CPU0 and CPU1 interfaces on the switch is that the
switch is a different network component than the CPU on the router. As such,
there needs to be a way for the CPU to talk to the switch as well as for the
switch to talk to the outside world.
The CPU0 and CPU1 ports correspond with eth0 and eth1 that you see in the OS.
The PortX and WAN ports correspond with what's labled on the back of the router.
to make each port a separate VLAN that's untagged, you will need to do multiple
steps
make sure you have a way to talk to the router other than through the ports
you are reconfiguring
use the add button to create additional VLANs, make each port it's own VLAN
untagged.
for each of these VLANS, also add CPU1 as a tagged port
go to the interfaces section and create new interfaces for each vlan
say you make the new VLANS 11, 12, 13, 14, you would then create eth1.11,
eth1.12, eth1.13, and eth1.14 you can delete the plain eth1 interface
At this point, from the OS point of view, you know have four separate
interfaces, but they go over the same wire to the switch, and the switch will
put them each out a separate port.
David Lang
Thanks david, that was a great explanation and I understand much better now.
I just have a couple of clarifications on what you've said here -
When you say 'have a way to talk to the router other than through the ports being configured' do you mean, 'have something like a serial/JTAG ready and tested?' or do you just mean, if you're connecting through port 1, leave it alone. (But deleting eth1 could be a problem in that case too, wouldn't it?)
If I make a mistake and I'm locked out, I'm assuming right now it'll be recoverable through resetting the config with the button. Is this safe to assume?
You say each vlan should have cpu(eth1) as a tagged port, but the existing vlan has that set to untagged. I just want to confirm you meant tagged on all the new ones?
thanks again for the walkthrough, much appreciated.
EDIT: One addition - I assumed vlan 2 in this diagram wasn't doing anything, but after looking again, I'm not so sure. Is that a dummy unused entry, or is it necessary for WAN connectivity somehow?
Thanks to david I was able to come up with a working config without any disasters.
I'm enclosing a picture of my 4-vlan setup for anybody coming afterwards.
Thanks david!
I'm slightly confused. In the switch, there are two default VLANs (1 for LAN and 2 for WAN), just as it was in older Openwrt. However, both of these are now untagged by default, as per the screenshot in the OP. In older Openwrt the CPU port was tagged by default in both VLAN 1 and VLAN 2. Then, according to this commit:
https://git.lede-project.org/?p=source.git;a=commit;h=73d923ed6baabe3f8844f13216c50a6383a79a46
...the default should be to emit tagged as the default?
Most dual-cpu-port switches opted out of the tagged-by-default for various reasons. You can simply promote them to tagged. Latest LuCI should also auto-adjust the vlan interfaces in such a case.
@jow Thanks! But just to be clear, when you say promote you mean to just change from untagged to tagged in the config/LuCI? Are there any downsides to this? For instance, in the above screenshot, changing both the untagged entries for VLAN 2 (i.e the WAN) to tagged, would work exactly the same as keeping them untagged, right?
Correct, I mean changing untagged to tagged. There are no real downsides, apart from cosmetical ones. For users who are not interested in vlans it makes a lot more sense to have eth0 = lan, eth1 = wan instead of eth0.1 = lan, eth1.2 = wan.
Yes, the resulting configuration should be equivalent to both CPU ports untagged.