Nanopi R4S compatible managed switch

Hi everyone,
I installed OpenWrt on nanopi r4s, it works perfectly.
It has one WAN and one LAN interfaces (no internal switch) and I want to create few VLANs on LAN interface and connect a managed switch to it.
Given that they are all on single LAN interface, do I need a switch that supports VLAN trunking?
I'm asking this because I'm about to buy the ZYXEL GS1200-8, but it doesn't support VLAN trunking, see this topic here

This is simplified schema:
ISP => (wan) R4S (lan) => ManagedSwitch <= (LAN, IOT, WIFI, GUEST)

Thank you!

If you want to assign ports on the switch to the VLANs you configure on the router, then you need a VLAN-aware switch. Otherwise, the switch will just pass the tagged traffic to all the ports (in the best case).

Thank you!
ZYXEL GS1200-8 is managed, VLAN aware, but doesn't support VLAN trunking.

Use D-Link managed switch.

I have several Zyxel GS1200 switches (5-port and 8-port) and they all support VLAN trunking. At the moment I'm off home and therefore I can't show the corresponding configuration pages of the switches.

My main router is a rpi4b (built-in ethernet port as VLAN trunk and a TP-Link UE300 as WAN port).

1 Like

Disclaimer: no experience with the gs1200 series.

Take a look at the gs1900 series instead.
a) it can do that using the OEM firmware and
b) you could even install OpenWrt on it (very limited flash size though)).

Thank you!

It would help me if you share your settings, I'm interested in basic vlans LAN, IOT, GUEST.
I also have a UAP-AC-LR access point that will be connected to the switch, with the related VALNs.

Thank you, I saw that model, it is too big in size and I don't have performance requirements either. My LAN is the size of a regular house.

The gs1900 series ranges from 8 to 52 ports, yes the gs1900-8 is a tad wider than one might prefer; other vendors and models exist.

I'm running a Netgear GS308T v1 managed switch to handle multiple vlans on my R4S. The GS308T v1 is about as small as one can expect for having 8 ports. It is also supported by OpenWrt, which is nice for having a common operating system and interface on all my network hardware. It does not offer POE though.

Thank you!
I checked this too, I'm not sure I can find the exact V1 version. I would prefer to put OpenWRT on it but I haven't found a safe way to do that.
Is this applicable as V1: GS308T-100PES ? Although is double the price of GS1200-8.
I don't need/want POE at all.

That's it. Just make sure it is the GS308T, not the GS308 or GS308E some other variant. I've only seen the v1 of the GS308T for sale, I don't think there are any other versions (yet). None indicated on WikiDevi anyway.

New is expensive. I picked up mine used for much less.

These are currently supported by OpenWrt if that is a priority, so you could shop from this list.

If OpenWrt is not a priority, that expands your options a lot - just about any managed switch should do the job.

No problem, but you have to wait until monday, when I'm back home.

I do not know that device. Is it VLAN capable?

By the way: every OpenWrt supported device configured as AP is VLAN capable.

No rush, thank you!
UAP-AC-LR is vlan capable.

Not the user you asked but since I have basically the same setup in question (RPi 4B, TP-Link UE300 and ZyXel GS1200-8HP v2) I thought there's no harm in you having more than one example config to compare to.
Please note that I slightly edited the output of the RPis "cat /etc/config/network" to remove most of the things that don't relate to the VLAN config and reordered it to make it better understandable.

Switch config screenshot

cat /etc/config/network
root@Router:~# cat /etc/config/network

config device
        option name 'eth0'

config device
        option type '8021q'
        option ifname 'eth0'
        option vid '10'
        option name 'eth0.10'

config device
        option type '8021q'
        option ifname 'eth0'
        option vid '20'
        option name 'eth0.20'

config device
        option type '8021q'
        option ifname 'eth0'
        option vid '30'
        option name 'eth0.30'

config device
        option name 'eth1'
              
config device
        option type '8021q'
        option ifname 'eth1'
        option vid '2'
        option name 'eth1.2'
        
        
config interface 'wan'
        option proto 'pppoe'
        option device 'eth1.2'
        option username 'XXXXX'
        option password 'XXXXX'
        option ipv6 '1'
        option peerdns '0'
        list dns '9.9.9.9'
        list dns '149.112.112.112'       

config interface 'wan6'
        option proto 'dhcpv6'
        option device '@wan'
        option reqaddress 'try'
        option peerdns '0'
        list dns '2620:fe::fe'
        list dns '2620:fe::9'
        option reqprefix 'auto'


config interface 'mgt'
        option proto 'static'
        option ipaddr '192.168.4.1'
        option netmask '255.255.255.0'
        option device 'eth0'

config interface 'lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option device 'eth0.10'

config interface 'guest'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option device 'eth0.20'
        
config interface 'work'
        option proto 'static'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.0'
        option device 'eth0.30'
    
root@Router:~#

As to your original question:
The posters in the thread you linked to are referring to a "set and forget" option/checkbox that makes it so that the selected port(s) automatically forward packets with any VLAN tags as "VLAN trunking".
While the GS1200-8HP doesn't have this option you can manually add a port as a tagged member to all of the VLANs you created (= trunk). See Ports 1 (RPi) and 2 (WiFi AP) in the screenshot above.

1 Like

Thank you very much, this helps me to get an idea about the necessary settings.
On R4S it is the other way around, eth0 WAN and eth1 LAN.
Can I use 'mgt' interface to directly connect my laptop to router LAN port for config/debug/testing purpose?

Yes.

In the dotted notation "eth0" without an appended dot and VLAN ID means it's untagged and since the "mgt" interface uses the device "eth0" this is the interface that will respond to untagged packets your laptop will send (in it's default configuration).
The "mgt" interface was me being careful not to lock myself out of the router when I first learned about VLANs...

On the switch (and AP) I didn't really need a dedicated management VLAN but since I only had 7 devices to connect and port 8 was unused anyway and I wanted to learn about VLANs...

Btw. VLAN ID 1 is the GS1200-8HPs default VLAN and can't be removed. IIRC it's generally recommended to not use VLAN ID 1 (and a few other default VLAN IDs I can't remember).

1 Like

I'm back home now and can show the configuration of my GS1200-5:

  • Port 1 is the trunk port and connected to the LAN port of my rpi4b
  • Port 2 is another trunk port connected to a VLAN-aware PC
  • Port 3-5 are untagged ports for non-VLAN-aware devices.

VLAN1 is the VLAN to manage/access the GS1200 switch.

The PC at port 2 is the only device, which can access/manage the GS1200.

Don't forget to set the correct PVID for the corresponding ports!!!

2 Likes

Thank you!