Thanks david, that was a great explanation and I understand much better now.
I just have a couple of clarifications on what you've said here -
-
When you say 'have a way to talk to the router other than through the ports being configured' do you mean, 'have something like a serial/JTAG ready and tested?' or do you just mean, if you're connecting through port 1, leave it alone. (But deleting eth1 could be a problem in that case too, wouldn't it?)
-
If I make a mistake and I'm locked out, I'm assuming right now it'll be recoverable through resetting the config with the button. Is this safe to assume?
-
You say each vlan should have cpu(eth1) as a tagged port, but the existing vlan has that set to untagged. I just want to confirm you meant tagged on all the new ones?
thanks again for the walkthrough, much appreciated.
EDIT: One addition - I assumed vlan 2 in this diagram wasn't doing anything, but after looking again, I'm not so sure. Is that a dummy unused entry, or is it necessary for WAN connectivity somehow?