VLAN inplementation

Hi,

I'm trying to understand the VLAN inplementation on OpenWrt/LEDE.
I have LEDE "Reboot (17.01.4, r3560-79f57e422d" on Netgear wndr3700v1.

Looking at and trying to understand the following page:

https://openwrt.org/docs/guide-user/network/vlan/switch_configuration#assigning_vlan_ids_on_vlan-enabled_switch_hardware

In the above link from what I understand there is two ways to define a VLAN interface:

"Assigning VLAN IDs on VLAN-enabled switch hardware
•
Creating driver-level VLANs".

On the page it is written that if you have seperated LAN and WAN you have a VLAN-enabled switch hardware.

Based on that assumption, I can asign VLAN on my VLAN-enabled switch hardware.
I don't understand how I should do that though?

Any help is appreciated.

From LUCI goto Netwok->Switch page to add VLAN

Ok -- I have now ID 1 (default) and ID 2.

How can I create a separate interface for vlan ID 2?

Command line or modifying '/etc/config/network' would be ideal.

Each device is different, you should understand how is yours "wired" before playing with VLANs. At the TOH page for your device (https://wiki.openwrt.org/toh/netgear/wndr3700#switch_ports_for_vlans), there is a description on how are the interfaces configured:

• eth0 is wired to one port on the switch, and all LAN ports are wired to the switch, too.
• eth1 is wired directly to the WAN port, there is no switch involved here.

The default configuration should not need to use VLANs at all (you should post it here, so we can have a look at it and confirm my theory). You just need to create the VLANs now, tag them on the CPU side, and mark them as untagged or off on each LAN port.

Ok -- In luci:

Switch page:

Id: 1000

Interfaces page:

Add New Interface:

Name: eth0_1
Protocol: static

Should I select "Custom Interface" and input eth0.1000?

Thats the general idea, not sure if high numbered VLAN ID will work.

If the CPU port connected to the switch is eth0, use eth0.1 to go into the switch as VLAN 1 and eth0.2 for VLAN 2 etc. Once you are tagging VLANs on a CPU port, do not use the plain CPU port (eth0) for anything, always specify the VLAN number.

Some routers have a separate CPU port (e.g. eth1) connected directly to the WAN Ethernet jack on the back. Read the wiki page for your model to see how the hardware is arranged.

According to:

https://openwrt.org/toh/hwdata/netgear/netgear_wndr3700_v1

the switch is 'VLAN=Yes'.

I guess my question is more about the difference between VLAN-enabled
switch hardware and software VLAN?

From what I gather from this discussion there is only one way to
configure VLAN interface.
Specific VLAN Id and custom interface name (xxxx.zzzz), regardeless of
weder it is VLAN-enabled switch hardware or software VLAN?

The interface part is optional, you don't need to create a new interface or assign a interface for every vlan. It depends on your confugration

Here is '/etc/config/network':

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd20:c1c8:7009::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option ifname 'eth1'
	option proto 'dhcp'

config interface 'wan6'
	option ifname 'eth1'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'
	option blinkrate '2'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5'

config switch_port
	option device 'switch0'
	option port '1'
	option led '6'

config switch_port
	option device 'switch0'
	option port '2'
	option led '9'

config switch_port
	option device 'switch0'
	option port '5'
	option led '2'

I'm not sure to fully understand how the wiring is important for the VLAN.
I have no plan to tuch 'br-lan' untill I get what I want!

My gall is to have multiple separate interfaces which which on eatch
will run a dhcp server.

I realy appriciate any help/fidback I get.

There are two parts. The hardware VLAN switching in the switch is set up with config switch_vlan statements. The switch is a separate chip than the ethernet port of the CPU. Sometimes they are built as different sections of the same chip, but still it acts like entirely separate hardware.

Software VLANs, eg. eth0.2, are used to send VLAN tagged packets out of a CPU port. The CPU port is connected to the switch chip by very short wires, but it is still logically completely separate hardware.

When setting up your Ethernet ports and switches, it is good to be logged into the router on wifi. This way you will not be blocked out if you misconfigure the Ethernet.

As I suspected, eth1 is wired directly to WAN, and eth0 is wired to port 5 on the switch.

Now, if you change these lines:

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '0 1 2 3 5'

To these:

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '1 2 3 5t'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '0 5t'

Then, LAN1 to LAN3 are wired to eth0.1 and LAN4 is wired to eth0.2; remember to update your LAN network:

config interface 'lan'
    option type 'bridge'
    option ifname 'eth0.1'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

And to configure another interface on eth0.2, or you can separate the other LAN ports.

Ok -- Here is the revised network file:

config interface 'loopback'
         option ifname 'lo'
         option proto 'static'
         option ipaddr '127.0.0.1'
         option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
     option type 'bridge'
     option ifname 'eth0.1'
     option proto 'static'
     option ipaddr '192.168.1.1'
     option netmask '255.255.255.0'
     option ip6assign '60'

config interface 'try_1'
     option ifname 'eth0.2'
     option proto 'static'
     option ipaddr '192.168.88.1'
     option netmask '255.255.255.0'

config interface 'wan'
         option ifname 'eth1'
         option proto 'dhcp'

config interface 'wan6'
         option ifname 'eth1'
         option proto 'dhcpv6'

config switch
         option name 'switch0'
         option reset '1'
         option enable_vlan '1'
         option blinkrate '2'

config switch_vlan
     option device 'switch0'
     option vlan '1'
     option ports '1 2 3 5t'

config switch_vlan
     option device 'switch0'
     option vlan '2'
     option ports '0 5t'

config switch_port
         option device 'switch0'
         option port '1'
         option led '6'

config switch_port
         option device 'switch0'
         option port '2'
         option led '9'

config switch_port
         option device 'switch0'
         option port '5'
         option led '2'

Given the above I have some questions:

• I have now two VLAN interface (eth0.1 and eth0.2) properly setup for
  my device?

• The line : 'option type bridge' is only needed when an interface is to
  be bridge with an other interface (EG: wireless) or is it needed because
  it is a VLAN interface?

I don't plan to use IPv6 for the moment that is why I removed the line
'option ipv6assign ...' from the try_1 interface. Same goes for the line
'option ula_prefix' in the 'globals' section.

I'm still missing something but I can't figure out what I'm missing.

I realy appriciate you bearing with me!

• As far as I know, yes: you have separated one LAN port from the others, and configured two independent interfaces.

• You could bridge two ethernet interfaces (for example, to make them work as if they where on the same switch); but in your current configuration, it is configured as a bridge so the wireless interface can attach to it. It is unrelated to any VLAN.

Awsome, thank you and thanks to anyone who has contributed to this
question!

Much appriciated.