Creating multiple VLANs on the WAN Connection of your router with OpenWRT

Posted on by

Yes, this is quite a detour from the usual articles on my blog, but as my blog is also my own documentation and this is an area where proper documentation is scarce, I decided to write about it anyway.

Beginning of last month, I got a new internet provider which delivers its services over optic fibre. As this blog is hosted on my home server, this does mean that this blog potentially loads 30x faster with 1 Gbit/s.

My old router (TP-Link Archer C7) didn’t support that kind of speeds, so I bought a 2nd hand Edgerouter-X and installed OpenWRT on it. The Edgerouter-X supports the Distributed Switch Architecture (DSA) which means that older documentation on how to create multiple VLANs on your WAN connection are no longer valid. Luckily, the people on the OpenWRT forum are very helpful and they were kind enough to help me with the correct configuration.

The case is a provider where all Internet traffic is supposed to go on VLAN ID 100, IP TV on VLAN ID 101 and VoIP on VLAN ID 102. The Edgerouter-X has 5 ports, labelled eth0 – eth4. In the below configuration, the provider’s TV box is connected to eth2, while the VoIP equipment is on eth3. That leads to this config (only the relevant part is shown):

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'eth3'
	list ports 'eth4'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ip6assign '60'
	list ipaddr '192.168.1.1/24'

config interface 'wan'
	option device 'br-lan.100'
	option proto 'dhcp'

config interface 'wan6'
	option device 'br-lan.100'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth1:u*'
	list ports 'eth4:u*'

config bridge-vlan
	option device 'br-lan'
	option vlan '100'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '101'
	list ports 'eth0:t'
	list ports 'eth2:t'

onfig bridge-vlan
	option device 'br-lan'
	option vlan '102'
	list ports 'eth0:t'
	list ports 'eth3:t'

config interface 'iptv'
	option proto 'none'
	option device 'br-lan.101'

config interface 'voip'
	option proto 'none'
	option device 'br-lan.102'

In the end, I discovered that my provider moved IPTV to VLAN ID 100 together with other internet traffic and as I don’t use VoIP, I didn’t need multiple VLAN IDs on my WAN interface. I wanted to document this anyway, as maybe it benefits someone else one day.

Special thanks to Peter Sherman and Mike Keitz who helped me with this configuration in the OpenWRT forum.