Another Dumb Question About VLAN's

Hi CZ.nic team and all

I have just received my Turris Omnia and everything seems like it is working very well, so far so good, Thank You for an excellent product :grin:.

The Challenge I now have is replicating my setup as I had multiple Vlan’s with very specific functions. Admittedly my previous setup of the Vlan’s was helped through the automation of the router software, so I am struggling a little with the raw “Switch” options in the “LuCi” Interface.

Just wondered if anyone could clarify whether the first two Vlan examples are setup as part of the Turris Omnia configuration or whether I can change these?

Also wondered if anyone can explain why in Vlan#1 Ports 0 through to 3 are untagged with Port 5 however on Vlan#2 Ports 4 & 6 are untagged?

I know these are bridged, but do not know why it was setup like this as I am no expert?

I have a WebServer that I separate from the rest of the network on its own Vlan (Vlan-B). I would like to put the WebServer into Port4 and isolate this in its own Vlan however I need to connect onto it with the device plugged into Port0

I also have other devices that need to see the Webserver from a Separate Vlan (Vlan-A) so understand I will need to set the Webserver (Vlan-B) as Tagged in (Vlan-A)

Can anyone explain why the default Vlan’s are set up this way and confirm if I can plug my webserver into Port4 without causing problems in the base configuration of the Omnia?

Please see the schematic in this post:

There are two gigabit links between the SoC and the switch, so default setup uses one link shared between ports LAN0 to LAN3 (eth0) and other link used exclusively for port LAN4 (eth2). Hence the switch configuration with two VLANs and all ports untagged.

If you want just to move the LAN4 device into a separate network, there’s no need to fiddle with the switch setup, just remove eth2 from the lan logical interface and put it into some other interface.

If you need more VLANs, you can change the internal switch ports to tagged mode and then create interfaces like eth0.1 to make the internal link between SoC and the switch tagged.

Thank you for the feedback :smile:
So what you are saying is that I do not need to do anything, simply Plug the Webserver into Port 4 and is is already separated from the Ports 0 - 3

I think I was looking at this from the wrong way round.

So I should have Port#4 Untagged in Vlan#2 and Port#4 Tagged in Vlan#1 so i can connect from Vlan#1 into Vlan#2

If this is correct I understand now, was seriously confusing myself before!!

It is separated on the switch level. However, there is by default a software bridge inside TurrisOS bridging those two internal links together. So you have to detach one of the links from this bridge to actually separate them.

Yes, if your webserver is capable of both tagged and untagged traffic, you can connect it like this. But I would recommend to create such policies inside the router on the IP layer, not by switching.

1 Like