VLAN question and IP-address assign

There is no switch stuff in there at all, so that would explain why the web UI can't do anything with it.
Keep your fingers crossed for a switch configuration in the default network config file...

I removed it after I got the message I've described above. I tried to configure all without switch at all, using eth0.x only.

Keep your fingers crossed for a switch configuration in the default network config file...

I'm billion %% sure there was NO switch under Network menu in the clean install.

This will not work on a port-by-port basis on your device. You could add an external managed switch to the configuratin, and then from there you can designate ports as needed for each VLAN.

If you are certain, then you're out of luck based on the internal swtich hardware... so external swtich or buy a new router.

I'd opt for the new router based on everything we know (i.e. your current router is resource limited, it cannot be upgraded to a modern OpenWrt version, OpenWrt 18.06 had known security vulnerabilities, and your router doesn't support port-level configuration of the switch)... all together, it doesn't really make sense to spend money on a managed switch when you can invest that money in a new device that improves your situation for all of the issues described and gives you proper switch configuration options.

Re-phrasing O'Henry's " Bolivar cannot carry double" - "Bolivar cannot carry budget" )))

But I really appreciate your all replies, guys, especially psherman. I'm still about to give a try with MACVLAN, but there's not much info on that... Anyway, TNX

I don't want to assume anything about your financial situation, and I certainly can understand if things are tight, especially in the current economic climate (at least in the US). That said, you can probably get a used router that is supported by the latest OpenWrt 22.03 for relatively cheap (if in the US, look at ebay, facebook marketplace, craigslist, etc.). Spending $30-$50 USD would likely get you something significantly more capable than what you have now. And, with the points raised by @slh, you may pay for it one way or another -- possibly real money lost if your network is compromised, but if not money, you could find yourself investing a lot of time fixing problems that could arise from such a breach. (maybe time is plentiful and cash is tight, but regardless, just keep this all in mind).

A hacked asterisk instance (and there are criminals actively looking for them) can cost you tens of thousands of dollars within a few hours, it's a very lucrative 'business' in some parts of the world - and they attack globally.

SIP services really must be secure and up to date.

psherman, that was a joke! )))

Of course I'm really considering to follow your advice and to replace the hardware. This is not about 80 bucks. What I'm thinking about and which I don't like - there's ENDLESS upgrading. What will you suggest when 23.something comes out... The same things - 22th revision has security issues, it's unreliable/vulnerable, and some features are not supported anymore. I wanna stop and USE, at least if situation allows to solve issues another way.

Welcome to the digital age. The only way to avoid this is to go offline. Your computers, your phones, even your TVs have updates just the same (although things like TVs and IoT devices tend to be abandoned fairly quickly by their manufacturers).

Your router is the first line of defense and should be kept up to date to the extent possible. If this was your physical home and you had a lock that could be opened by any random passerby, you'd probably replace the lock as soon as you could. Even if you have cameras and/or a security system, a useless lock means someone could walk into your home grab a bunch of things, and be out before the security system even alarms.

Given that 18.06 is 5 years old, I think you've 'stopped and used' it for quite a long time. Security vulnerabilities that are exposed to the internet can spell disaster quite quickly... there's a reason the router also includes firewall functionality, and it should be kept up to date. Done with reasonable regularity, it is actually pretty fast (a few minutes of maintenance every few months)

I know. I don't use SIP, and all is inside a tunnel. Count it almost has no outside access. Plus, it's impossible (in my case) to spend more, than you have on you account... At the same rime, the router that cost USD350 initially cost me 15. And it does its job.

BTW, one of my routers is modern Mikrotik with Owrt 22.03. It ALSO doesn't show Switch. And actually, I bought it because of built-in SD-card reader, aaaaaannnnd...... it doesn't work under current OpenWRT driver. Saying - "endless improvements" are not always working.

Depending on the model, the 'Tik might be DSA (which won't show a switch menu, but would have the capability), or the ports could theoretically all be independently routed (i.e. no built-in switch chip). If you want help on this one, a new thread would be a good option.

Again, a new thread makes sense here. But the question would be about what packages you installed and how the SD Card is setup... most devices with SD cards work fairly easily, but there are some outliers.

Already did. Couple of months ago or so... No solution, had to use USB card-reader instead of built-in one.

bummer about the sd card slot. But did you get help with the switch questions? If not, start a thread or send me the link to one you already had and I'll see if I can help.

OK, THANK YOU so much...

OOpps... Always keep 1% over billion when someone says he's sure 1bln%%!

psherman, I mislead you as I forgot what I did when initially configured the device! Point is actually I haven't even seen initial Luci's GUI, so I can't confirm whether there was Switch menu item or not. I also don't remember initial content of network configuration file, but I replaced it completely.

This is because initially I couldn't connect to the device either from WAN or LAN and DHCP didn't work. Moreover, WAN and LAN were switched and 1-port WAN was a LAN port, and 4-ports LAN acted as WAN!!! So I had to describe eth1 and eth0 (WAN and LAN respectively) manually in the config file using serial port, replacing its content entirely (can't remember whether there was switch section, but it's still possible not) and only after that I could connect to Luci. Obviously, there was no switch menu after config changes.

What I'd like to do - first, I'll describe switch for eth1 (not eth0), let's see what will happen after

config 'switch' 'eth1'
   option 'enable'      '1'
   option 'enable_vlan' '1'
   option 'reset'       '1'

If nothing changes, I'll rename /etc/config/network and allow Owrt to generate new config, BUT could you please confirm other configs are not affected by this action? I don't want to lose vti0, ppp, routing, devices and some other settings in OTHER conf files.

Run swconfig list and you should see something like this:
Found: switch0 - 4ef600c00.ethernet
The name (switch0) is important, it should almost always be switch0.
Next investigate the switch ports with swconfig dev switch0 show | grep link
The port that is up at 1000baseT will be the one connected to the CPU, as the rest of the switch is 10/100. Plugging and unplugging cables and running the link status again will show the logical numbers of each physical port.

From that you can build a basic switch configuration in /etc/config/network, like this one:

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '4 3 2 1 0'

Note that none of the ports are tagged. This is how it starts out when there is no configuration. The next step would be to tag the CPU port, and also change the lan network to use the same eth0.N tag. Then you can add VLANs of different numbers and move physical ports into them.

It is very easy to break the Ethernet during this process, so you should be logged into the router via wifi, if it has wifi hardware. You can also temporarily open port 22 on WAN so you can log in from the WAN side if lan is broken.

Tried swconfig previously. Its output is empty. (