OpenWrt Forum Archive

Topic: ALIX 2D13 - No Switch for VLAN

The content of this topic has been archived on 23 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
RangerZ
15 Jul 2017, 20:48

My understanding of VLANs is thin. My ALIX 2d13 does not appear to have a switch, but has 3 Ethernet ports. One is WAN and the other 2 are bridged for LAN. I'm looking at IoT devices, and it's been suggested to put them on a separate VLAN, which I do not think I can do.

Is moving one Ethernet port to another interface "IoT" a valid approach for this hardware?

If so would this be correct
Current

config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.111.1'
option origifname 'eth0'
option origbridge 'true'
option ifname 'eth0 eth2 tap0'

ToBe

config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.111.1'
option ifname 'eth0 tap0'

config interface 'IoT'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.222.1'
option ifname 'eth2'

I assume I will need additional firewall rules from IoT to WAN and visa versa and a new "IoT" section in the dhcp file. Is that sufficient to isolate the 2 Interfaces?

(Last edited by RangerZ on 15 Jul 2017, 20:49)

Post #2
mk24
15 Jul 2017, 22:24

Yes that is what you could do, then connect your "things" to port 2 and the more trusted LAN users to port 1.   You can use cheap unmanaged Ethernet switches to expand the networks.

You can create VLANs on a single port by referring to it as (for example) 'eth0.1' in one network and 'eth0.2' in another.  This causes tagged packets to be sent through the cable.  The device at the other end of the cable must be VLAN-aware, such as another OpenWrt router or a managed switch.

The discussion might have continued from here.