LuCI VLAN setup⚓︎
What is VLAN?⚓︎
VLAN is a short for Virtual Local Area Network and is defined by IEEE802.1Q1. It is used to separate local networks on a single physical network. It is done by separating the communication of each network by adding a VLAN tag into a frame header.
An interface tagging and recieving (i.e. accepting) tagged communication is reffered here as a VLAN tagging interface. Each of these interfaces has to be configured to a specific VLAN ID and ports.
Further informations can be found at OpenWRT2
VLAN does not add much security, the communication is not encrypted.
VLAN interface creation⚓︎
VLAN communications are set by configuration of the switch, as that it is done on the second level of ISO/OSI model3. By default a user defines interfaces using switch interfaces (
eth1, etc.), but Turris OS is using DSA4 for managing the switch, which enables creating VLAN interfaces directly over desired interfaces. For creating VLAN interface over a specific port use
lanX interfaces, but you can use also
ethX for managing traffic that is not passing throught the switch.
Creating a VLAN interface in LuCI⚓︎
The VLAN interfaces are configured in the Network > Interfaces menu.
A VLAN tagged interface can be added to an existing or new network interface bridge in the format
<if> is the desired interface (i.e.
eth0, etc.) and
X is VLAN ID.
The interface is not pre-created and you cannot find it in the drop-down list. It must be written manually and confirmed by pressing Enter
When creating a new interface with a VLAN tagged interface, you can add the interfaces in the window, that is shown when creating the interface.
In an existing network interface you have to edit the interface. Then select the Physical Settings tab. In the opened tab add the VLAN tagged interfaces.