I want to use my old WRT610N as a managed switch. I don’t need it to route, just perform VLAN tagging. This is pretty simple with the LAN interface but doesn’t make as much sense to me with the WAN interface. What I have settled on is bridging WAN and LAN but this seems kind of silly since they were on the same switch to begin with (both are members of eth0). Is this the right way of doing this? Will I suffer any performance penalty by doing it this way? Once again, I don’t want to do any routing on this box, just tagging. Any help is appreciated. Thanks!
You don't have a VLAN 2 in the switch so eth0.2 is not going to go anywhere anyway.
Identify which switch port is the CPU (most likely 0, but not true in all cases) and make it tagged in all the VLANs. Technically it only needs to be tagged in VLANs that will have a kernel network bridge or interface (e.g. lan and wan) but that is often all of them.
The switch ports which go to physical cables can be marked tagged in one or more VLANs if tagged traffic is needed, otherwise they will be untagged in exactly one VLAN as an "access" port for devices which are not VLAN aware.
This is a lot easier to understand on the GUI switch page.
For tagged packets, the VLAN number has to match the tag number that is required. On old 10/100 switches often you have to do this:
option vlan '3'
option vid '35'
The vlan parameter is restricted to less than 16, and it has to be unique within the switch (it is an index into the switch's hardware table of VLANs with 16 entries). The vid parameter is the number that is actually used for tagging, it can be up to 4095.
Port 1 gets untagged traffic (I am using this for management) and VLAN4 traffic.
Port 0 gets untagged VLAN4 traffic since that’s where my endpoint is.
The tagging already works.
I’m using untagged traffic on port 1 to get a DHCP address and I guess that’s being delivered to the tagged port 8? I’m not routing anything so this is my best understanding for why I need to tag the cpu port. I did not tag VLAN4 to the CPU because I don’t need VLAN4 traffic to the CPU.
Since I’m not routing I guess I don’t need eth0.2 at all and I can probably delete it. Actually, I shouldn’t need the bridge either then and I should be able to just do this. Is that right?
Right that is what should work, although tagged and untagged on the same port may not always work, and you should definitely set up a pvid of 1 on port 1, telling untagged packets that arrive on port 1 should go into VLAN 1.
It worked!
Well you can only untag one VLAN per interface so I don’t think the PVID is going to do anything.
I think the syntax has changed a bit btw. This is what I ended up with. It seems to work
Btw, I’ve been thinking about this and I don’t know why I have the option to untag the VLANs that go to the cpu. Off makes sense (don’t route a specific VLAN to the CPU) and tagged makes sense (route tagged traffic to the cpu). But going to the cpu don’t make sense. Why would I ever route untagged traffic to the cpu?
Really? Because that’s exactly how I’m going to be using it. I am just routing a single VLAN to the CPU that will be used for configuring openWRT. The CPU shouldn’t have any knowledge of any of the rest of the traffic, it’s just passed through the switch.
So are you saying that in my scenario, I could potentially send untagged VLAN 1 to the CPU? Not that it really matters.
