[OpenWrt Wiki] Splitting VLANs (https://openwrt.org/lib/exe/opensearch.php) (OpenWrt Wiki) (https://openwrt.org/) (https://openwrt.org/docs/guide-user/network/vlan/creating_virtual_switches?do=index) (Sitemap) (Recent Changes) (https://openwrt.org/feed.php) (Current namespace) (https://openwrt.org/feed.php?mode=list&ns=docs:guide-user:network:vlan) (Plain HTML) (https://openwrt.org/_export/xhtml/docs/guide-user/network/vlan/creating_virtual_switches) (Wiki Markup) (https://openwrt.org/_export/raw/docs/guide-user/network/vlan/creating_virtual_switches) (https://openwrt.org/docs/guide-user/network/vlan/creating_virtual_switches) (https://openwrt.org/uk/docs/guide-user/network/vlan/creating_virtual_switches) (https://openwrt.org/docs/guide-user/network/vlan/creating_virtual_switches)   (https://openwrt.org/start) (OpenWrt Wiki) (OpenWrt Wiki) OpenWrt Wiki    (Search) ([F]) (Search)       (https://openwrt.org/docs/guide-user/network/vlan/creating_virtual_switches?s[]=firewall&s[]=4&s[]=5)   Tools      (https://openwrt.org/docs/guide-user/network/vlan/creating_virtual_switches?s[]=firewall&s[]=4&s[]=5) (Translations of this page)   Translations of this page      (https://openwrt.org/docs/guide-user/network/vlan/creating_virtual_switches?do=login&sectok=) (Log In)   Log In           You are here (https://openwrt.org/start) (start)   Home    (https://openwrt.org/docs/start) (docs:start) Documentation   (https://openwrt.org/docs/guide-user/start) (docs:guide-user:start) User guide   (https://openwrt.org/docs/guide-user/network/start) (docs:guide-user:network:start) Network   (https://openwrt.org/docs/guide-user/network/vlan/start) (docs:guide-user:network:vlan:start) VLAN (Virtual LAN)   (https://openwrt.org/docs/guide-user/network/vlan/creating_virtual_switches) (docs:guide-user:network:vlan:creating_virtual_switches) Splitting VLANs           Learn about OpenWrt  Learn about OpenWrt (https://openwrt.org/supported_devices) (supported_devices) Supported devices  (https://openwrt.org/packages/start) (packages:start) Packages  (https://openwrt.org/downloads) (downloads) Downloads  (https://openwrt.org/docs/start) (docs:start) Documentation (https://openwrt.org/docs/guide-quick-start/start) (docs:guide-quick-start:start) Quick start guide  (https://openwrt.org/docs/guide-user/start) (docs:guide-user:start) User guide  (https://openwrt.org/docs/guide-developer/start) (docs:guide-developer:start) Developer guide    (https://openwrt.org/docs/guide-developer/security) (docs:guide-developer:security) Security  (https://openwrt.org/faq) (faq) FAQ  (https://forum.openwrt.org/) (https://forum.openwrt.org/) Forum    Contributing (https://openwrt.org/submitting-patches) (submitting-patches) Submitting patches  (https://openwrt.org/bugs) (bugs) Reporting bugs  (https://openwrt.org/wiki/wikirules) (wiki:wikirules) Contributing to wiki    Project (https://openwrt.org/about) (about) About OpenWrt  (https://openwrt.org/rules) (rules) Rules  (https://openwrt.org/infrastructure) (infrastructure) Infrastructure  (https://openwrt.org/donate) (donate) Donate  (https://openwrt.org/merchandise) (merchandise) Merchandise  (https://openwrt.org/wiki/start) (wiki:start) Website  (https://openwrt.org/trademark) (trademark) Trademark policy  (https://openwrt.org/license) (license) License  (https://openwrt.org/contact) (contact) Contacts       (https://openwrt.org/docs/guide-user/network/vlan/creating_virtual_switches?do=edit) (Show pagesource [v])   Show pagesource   (https://openwrt.org/docs/guide-user/network/vlan/creating_virtual_switches?do=revisions) (Old revisions [o])   Old revisions   (https://openwrt.org/docs/guide-user/network/vlan/creating_virtual_switches?do=backlink) (Backlinks)   Backlinks   (Back to top [t])   Back to top          (Table of Contents)   Table of Contents   Splitting VLANs Introduction  Web interface instructions Default configuration  Modified configuration          Splitting VLANs   This article relies on the following:  Accessing (https://openwrt.org/docs/guide-quick-start/walkthrough_login) (docs:guide-quick-start:walkthrough_login) web interface / (https://openwrt.org/docs/guide-quick-start/sshadministration) (docs:guide-quick-start:sshadministration) command-line interface   Managing (https://openwrt.org/docs/guide-user/base-system/uci) (docs:guide-user:base-system:uci) configs / (https://openwrt.org/docs/guide-user/additional-software/managing_packages) (docs:guide-user:additional-software:managing_packages) packages / (https://openwrt.org/docs/guide-user/base-system/managing_services) (docs:guide-user:base-system:managing_services) services / (https://openwrt.org/docs/guide-user/base-system/log.essentials) (docs:guide-user:base-system:log.essentials) logs        This article may contain network configuration that depends on migration to DSA in OpenWrt 21.02  Check if your device uses DSA or swconfig as not all devices have been migrated  ifname@interface has been moved to device sections  (https://openwrt.org/docs/guide-user/network/dsa/start) (docs:guide-user:network:dsa:start) DSA Networking   (https://forum.openwrt.org/t/mini-tutorial-for-dsa-network-config/96998) (https://forum.openwrt.org/t/mini-tutorial-for-dsa-network-config/96998) Mini tutorial for DSA network config on the forum  (https://openwrt.org/releases/21.02/notes-21.02.0#new_network_configuration_syntax_and_boardjson_change) (https://openwrt.org/releases/21.02/notes-21.02.0#new_network_configuration_syntax_and_boardjson_change) DSA in the 21.02 release notes        Introduction  This how-to virtually splits off one of your devices Ethernet ports to be used for non-LAN purposes.
E.g. you could provide this Ethernet port for your guests or for a secured extra zone used for an office work computer separated from your LAN zone.  This how-to just demonstrates how to create the additional VLAN switch.
The VLAN switch created by this how-to needs to be linked to a dedicated interface and a dedicated firewall zone in subsequent steps.   Web interface instructions   Default configuration  A typical default LEDE configuration on a home router with 5 LAN ports looks like this, when going to the “switch” menu of LuCI:  VLAN ID  Upstream side:HW switch ↔ eth0 driver  Downstream side:HW switch ↔ physical ports   CPU (eth0)  LAN 1  LAN 2  LAN 3  LAN 4  WAN   1  tagged  untagged  untagged  untagged  untagged  off   2  tagged  off  off  off  off  untagged      This default configuration provides 2 VLAN switches by default:  VLAN ID 1: the VLAN switch for the 4 ports (that are mapped to the LAN interface)  VLAN ID 2: the VLAN switch mapped to the 1 WAN port    Modified configuration  As we can't magically add new physical ports to the existing device, we will simply reassign LAN 1 to make up a new virtual switch:  VLAN ID  Upstream side:HW switch ↔ eth0 driver  Downstream side:HW switch ↔ physical ports   CPU (eth0)  LAN 1  LAN 2  LAN 3  LAN 4  WAN   1  tagged  off  untagged  untagged  untagged  off   2  tagged  off  off  off  off  untagged   3  tagged  untagged  off  off  off  off      Note the new third line and the change in the intersection of VLAN 1 and LAN 1. This updated configuration means that you will now have 3 VLAN switches:  VLAN ID 1: the VLAN switch for the remaining 3 ports (that are still mapped to the LAN interface)  VLAN ID 2: the VLAN switch mapped to the 1 WAN port  VLAN ID 3: the newly created VLAN switch for the 1 port LAN 1. This port is currently without function. You first have to assign it to an interface (in the “physical settings” tab of an existing or newly created interface)   Notes:  LAN 1 in this example can no longer be used for SSH or LuCI administration, unless you link the existing LAN interface to this newly created VLAN switch eth0.3 (But usually you will want to assign this new VLAN to a newly created interface, which then has to be put into a new firewall zone).  As long as one last LAN port remains in VLAN switch 1, you will still have access to LuCI and SSH over that port. In case you have accidentally or purposely set all ports to “off” in switch VLAN 1, in most cases you can still use your WiFi for LEDE admin access.  The LAN IDs as used in the switch section of LuCI or in config files of UCI may not reflect the same numbering scheme used on the printed labels on the outside of your router. Due to decisions of the manufacturer, it could be inverted on some devices (4 =1, 3=2, 2=3, 1=4 ).    This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.OK (https://en.wikipedia.org/wiki/HTTP_cookie) More information about cookies        Last modified: (2023/09/30 03:16) 2023/09/30 03:16  by vgaetera        Self-registration in the wiki has been disabled.If you want to contribute to the OpenWrt wiki, please post (https://forum.openwrt.org/t/applying-for-openwrt-wiki-account/101671) (https://forum.openwrt.org/t/applying-for-openwrt-wiki-account/101671) HERE in the forum or ask on IRC for access.    (https://creativecommons.org/licenses/by-sa/4.0/deed.en) (CC Attribution-Share Alike 4.0 International) (cc) (by) (sa)   Except where otherwise noted, content on this wiki is licensed under the following license:(https://creativecommons.org/licenses/by-sa/4.0/deed.en) (CC Attribution-Share Alike 4.0 International) CC Attribution-Share Alike 4.0 International       (skip to content)