VLAN on Network Switch - VLAN

PurpleToaster · March 6, 2025, 2:51am

I am running OpenWRT on a ZyXEL GS1900-24HP v1.

{
        "kernel": "5.15.167",
        "hostname": "switch1",
        "system": "RTL8382",
        "model": "ZyXEL GS1900-24HP v1",
        "board_name": "zyxel,gs1900-24hp-v1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.5",
                "revision": "r24106-10cc5fcd00",
                "target": "realtek/rtl838x",
                "description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
        }
}

I was looking for information on "best practice" and found Best practices for running OpenWrt as a simple VLAN switch.

I was trying to find if "I should create an interface for each VLAN on my switch?" As per @psherman's answer, I should.

I have been running my switch since last September with OpenWRT without any interfaces except one for my LAN (VLAN1 - switch.1).

My question is why is this necessary? I am only asking so that I can better understand and learn. Does it make anything better or cause issues without an interface?

psherman · March 6, 2025, 2:55am

On a pure ethernet switch (i.e. not an AP) with DSA, I'm actually not positive if an interface for each VLAN required or not. But that said, it will not hurt. (and if you're curious and want to help me learn, you can test one of the VLANs without the interface).

The strategy is simple:

create bridge VLANs for each of the VLAN IDs.
Edit your lan interface as necessary such that it uses the appropriate vlan and address for the network that will be used to manage the device itself.
Create unmanaged interfaces (option proto 'none') for the other VLANs.

If you need help, please feel free to post your configs.

andyboeh · March 6, 2025, 2:01pm

I only create interfaces for VLANs that I need accessible at the switch (i.e. the management VLAN). I haven't found any negative implications with this strategy.

fow0ryl · March 7, 2025, 12:16am

For me both methods are working. There are pros and cons.
Defining all interfaces has the advantage that you are able to see how many data is transferred per interface / VLAN.
But of course its a little more work to define all interfaces.
And if you add a new VLAN later, you will have to do it on all your switches...

PurpleToaster · March 7, 2025, 7:18pm

This is what I was thinking. What I had was working, but identifying an interface will also show which port belongs to which VLAN in the Port status section.

PurpleToaster · March 7, 2025, 7:19pm

Currently it is working without an interface. I may add interfaces like you said to get the benefits of what @fow0ryl mentioned.

psherman · March 7, 2025, 7:21pm

Thanks for confirming. The interface is required in the case of an AP, but it's good to know that it's not required for ethernet in DSA (I knew for fact that it wasn't required for ethernet in the swconfig environment).