Using WAN and LAN in a RTL838x based managed switch without VLAN tagging

Hello, everyone. I'm having an issue that should be easy to solve but I'm at my wits end. I have an RTL838x based managed switch that comes with a tagged VLAN100 in port 1 and untagged VLAN1 for WAN in every port. I want to have port 1 as the incoming WAN and have the switch distribute WAN and LAN connection to every other port, without any VLAN tagging whatsover. I've tried separating WAN and LAN from their bridges, restricting the specific ports, leaving the VLANs in place and making everything untagged and so on, but I either lose LAN with the switch or the switch can't get WAN to other ports. What should my configuration be?

Here is the stock configuration the switch comes with: https://pastebin.com/aGtFRYZZ

Thanks for any help.

The important part are the bridge-vlan sections. These define the VLAN numbers and determine whether each port will be tagged (lan4:t), untagged (lan4) or not a member (leave it out of the ports definition entirely).

Since there are already two VLANs 100 for the lan and 1 for the WAN you can start by simply redefining their port assignments. For example put port 2 untagged into VLAN 100 (which requires removing it from VLAN 1, since a port can be untagged only in one VLAN). Then you should be able to connect your PC untagged to port 2 and have LAN access.

Should you create a new bridge-vlan you also need to add an interface for it or it won't actually work. This is true even of VLANs that you only want to use for hardware switching between ports*. Those should have an interface of proto none and a device of switch.N with N matching the new VLAN number. Of course each bridge-VLAN's vlan number must be unique.

Note that the switching hardware can add or remove tags, but it can't rewrite the VLAN number as a packet moves through the switch.

  • If all the external ports are going to be untagged, you still need to assign a VLAN number to put packets on a unique path through the switch. They will be tagged on the way in and tags removed on the way out. The VLAN number can be any number that is not one of your other VLANs.
2 Likes

Thanks, that worked beautifully. I'm setting the switch along a NanoPi R4S, I think it will work out.

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.