Hello,

I have a openwrt router from China running Chaos Calmer 15.
It has one WAN and four LAN ports. How can I change one of the LAN ports to WAN?

I need to run multi WAN on this router. My current config is:

Thanks!

Doesn't above look odd when port 4 is both part of vlan 1 and vlan 2 untagged?

I believe you can remove one of the ports from vlan 1 and create a new switch_vlan section containing this port and the CPU port (6t ?). Similar to vlan 2.

Thanks for your reply. I have experience with Linux and BSD, but none with WRT and specially about managing switches Could you tell me what the new config. would look like? Is the vlan1 for wan and vlan2 for the lan switch?
Thanks again!

Here's a general example for the switch section, this would go to /etc/config/network:

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports 'X X X Yt'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports 'X X Yt'

Before you do this configuration, you will need to use an SSH connection to the router and the 'swconfig' tool to identify how the physical ports of the router map to the ports on the switch chip. To do this, just plug an Ethernet cable between a PC or a laptop and each of the LAN or WAN ports of the router in sequence, and run 'swconfig switch0 show' after each connection.

For each test, you should see one port always connected (this is the CPU-facing port) and then one more, depending on which physical port you plugged the cable. Use Notepad or similar to write down the port numbers shown by swconfig (they start from 0) and the physical port numbers labelled on the router.

Note that the switch chip may have pin connectors for more ports than the number of physical ports on your router, so if 'swconfig' shows that you have 7 or 8 ports, and one or more of them is never connected regardless of which port you plug the cable in, then that's completely normal.

After you have identified the ports, fix the Xs and Ys on the config I've shown above so that three of the ports belong to the "LAN" VLAN, and two belong to the "WAN" VLAN. The port Y will be the port that is always lit (the CPU-facing port), and it needs to have the 't' suffix to indicate that packets going out of this port will receive the VLAN identier.

The LEDE project has documented the behavior of a switch quite succintly: https://lede-project.org/docs/user-guid … figuration The theory will help you understand how the switch works.

After you have written the switch config, it's time to fix the network interfaces, firewalls, Dropbear, DNS and DHCP configs etc. to match the new network infrastructure. You will use "eth0.1" to identify the LAN interface and "eth0.2" to identify the WAN interface.

Be careful to document and plan your entire configuration before you begin modifying the files or restarting the router or services. A mistake in your configuration may render your device inaccessible over the network when e.g. Dropbear is listening on the 'eth0' interface when it should listen on 'eth0.1', or due to a firewall zone being registered to wrong interface, or forwarding rules missing.

Also note that this configuration will bind the WAN port and one of the LAN ports to the same network interface. If you need to use two distinct network interfaces and do load-balancing, then you'd separate one of the two ports in the above switch config to a new switch_vlan section, and write a corresponding interface, firewall rules etc. for this VLAN.

(Last edited by Antek on 28 May 2017, 10:13)

Accept my heartfelt thanks for the detailed instructions. I will be following it through shortly and will update here with results.

I went through with it, and was able to repurpose a lan port as wan2. I put wan on eth0.2 and wan2 on eth0.3
Afterwards I installed mwan3 package and luci-mwan3. Setting up the meteric on both wan connections and enabling the second wan connection in the mwan config page got the load balancing set up running.
I have two ADSL connections with 5-6 Mbps each, and I was able to get 11.2 Mbps on speedtest.net

However, now the luci web console logs me (root) out every other second! There is something wrong with the persistence of my connection maybe? Because of this same issue I think my uplaods are also behaving a bit strange.
Maybe I have missed some step?

So happy to not have to pause a 1080p video to watch it properly!

I have never heard of such an issue. Perhaps the mwan package is doing something it shouldn't? Is the uhttpd daemon listening only on the LAN interface, or on all interfaces? Are you connecting to LuCI through the load-balanced interface, or through LAN?

Make sure you don't have multiple browser tabs or windows open connected to Luci at the same time.  Use only one connection.

I guess that was the problem. After client reboot, everything is working as intended.

Due to dual wan load balancing, my client's IP keeps alternating every once in a while. I understand this is the normal behaviour. How can I use the MWAN policies to control this behaviour? I couldn't understand the existing guide.

I think there are some default rules populated. It would be great to be able to further fine tune the rules and add other one.