How to make vlan on openwrt 24.10 with archer c7?

Hello, I am just starting my homelab adventure, hence I have some questions. I have a router from my isp from where I connected the ethernet cable to the WAN socket on the archer c7 v5. I have loaded openwrt 24.10, however from what I have been able to determine my router does not support DSA and I have to do it with swconfig. The guides from a few years ago are for older versions of openwrt and I've seen that they differ a bit in what needs to be set in the gui. I would like to make it so that ports 1-3 can see each other normally with the rest of the devices from the router from the ISP, but for port 4 I would like to create a separate VLAN for my server to access the internet and be exposed to the network, but to not see the rest of the devices on my network. Is anyone able to explain step by step how to do this (explain like to a child). The router from the ISP has an address of 192.168.18.1, through the mac address I have set the archer adress 192.168.18.2. Archer has its lan network with an address of 192.168.1.1, if this helps somehow. Thanks for help (sorry for my english).

I've just set up some VLANs on a swconfig device (Archer C7 is one) on 24.10.0, and it seems like nothing much has really changed. Just be sure to not follow the DSA-based guides.

Off the top of my head:

• Create separate bridges, e.g: br-lan (this should be your existing default bridge), br-guest. These are just example names: you could name it br-servers or something.
• Add/replace ports on the bridges with VLANs to be created.
  • If your internal network is on eth1 (you can see this in the Switch screen), remove it from the br-lan and replace it with eth1.101. Here 101 is just an example VLAN ID. This will create a new eth1.101 802.1q device automatically.
  • Add eth1.102 to the br-guest. Again, 102 is just an example.
• Create new guest interface for the br-guest device. Set it's IP range (for example 192.168.2.1/24) and enable the DHCP server.
  • The existing lan interface should already be backed by br-lan device, so no changes needed.
• Create firewall zone for the br-guest interface and configure it and other zones, depending on where you want to route your traffic.
  • This is up to you to figure out.
• And finally, create both VLANs 101 and 102 and untag ports in the Switch screen, depending on which port belongs to which VLAN. E.g. you server would be in the guest LAN.
• Optional: create additional Wi-Fi network for the guest interface.

If you lock yourself out, DON'T PANIC, just wait 90 seconds and LuCi will revert your latest changes.

Go to the switch page and add a new VLAN, we will use 3 here. Set the port lan4 to Untagged in the new VLAN, and set it to off in the old LAN (VLAN 1). Set port eth0 to Tagged in all the VLANs. This page only affects switching paths within the hardware switch chip. It doesn't create actual networks. Setting up the switch first is recommended because it will add the choice eth0.3 to the list of Devices for the next step.

Then create a new Interface of protocol Static IP. The IP should be 192.168.Z.1, where Z is any number that is not already in use (in your network 1, and 18).

Since this network will be wired only you can attach eth0.3 directly to it as the Device, or you can create a new bridge device to contain it. That would be necessary if you ever wanted an AP within the C7 attached to the network.

Follow the guest network guide to set up the DHCP server and the firewall on the server network. You will also need port forwards to make services on the servers accessible from the Internet.

You need to tag vlans on system port(s) using luci swconfig frontend (luci-network-switch) then add eth(0|1).(1-4095) to openwrt bridges.

Thank you all for your help. I managed to configure everything correctly thanks to your comments.