Vlan with dsa (eth0&eth1)

For even a non-network person like me, this explanation has been immensely helpful:

swconfig / DSA

I have an unused box (Netgear R6100) and I remember this box had Eth0 & Eth1. However, when used to configure, I only had the 4 lan ports (1,2,3, &4) and one CPU port (Eth0). This did not allow me to use the wan port to be "trunk" as there was no place to tag it.

Is it possible to use this box as a "managed" 5-port switch (I realize, it is only 100m) however, it will serve my IOT very well instead of going to a land-fill.

Much appreciate any pointers.


did you already check the wiki page of the device for details?

Hi Pico,
I did and usually the place I first check and sometimes don't understand enough.

In this case, I assumed that eth0 is actually the wan interface and so I configured it in a way that I am using the wan interface as a trunk and i think appears to work fine. See the screenshot.

I would like the wan port to be a trunk but drop all traffic of vlan1 and I could not figure out how to do that as there is no WAN interface in the switch as shown in the picture.

Appreciate your help.

I reported this only after a few minutes of testing with the trunk on the wan. The device stops responding to ping after some time..
Created 802.1Q (eth0.1, eth0.5, eth0.6, and eth1.1, eth1.5, eth1.6) devices. Created bridge br-lan (eth0.5 & eth1.5) and br-iot (eth0.6 & eth1.6). Then created static address interfaces lan and iot using bridges. Bridge 11n to iot, and 11ac to lan interfaces.

Removed wan, wan6. Disabled firewall, then stopped. removed all zones.

Worked fine for some minutes and then stopped responding to pings.

Any suggestion on how to investigate?


Unless something is wrong with the configuration, eth0 appears to be CPU connection to the 4-port switch. eth1 is likely directly connected to the wan port.

Let's take a look at the config:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network

I think I had made a stupid error and after fixing that it hasn't offered any errors. I will post the recipe just in case a noob wants to do something similar. I had missed to turn off the dhcp that I needed in the initial stages of configuring the switch.

I do want to find out why people want to redact the mac address. These sit behind the firewall and so what might be the risk? Any pointers?