1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Non-routed VLAN

Discussion in 'Tomato Firmware' started by clarknova, Feb 2, 2012.

  1. clarknova

    clarknova Networkin' Nut Member

    Using shibby's 83V build on RT-N16

    I'd like to have a vlan that includes a couple switch ports only, ie, not the router. Is this accomplished by creating a vlan with the desired ports and then not assigning it to a bridge?
  2. teaman

    teaman LI Guru Member

    If I understood your idea correctly, then yes: it should be pretty straightforward. Just go to the Advanced/VLAN page, create your new VLAN and (re)assign physical ports as required.

    And... let us know how it goes!

    (I've attached a screenshot to this post that might be useful ...as an example...)
  3. clarknova

    clarknova Networkin' Nut Member

    Thanks. I will let you know.
  4. TomatoE2000

    TomatoE2000 Networkin' Nut Member

    Teaman: in you attached figure the 2 ports are not assigned to a bridge. i have an e2000 and what i like to do is run a router on a desktop (with one NIC to WAN and another to the free port in e2000-which are not part of the bridge) with DHCP of desktopRouter(OpenWrt) providing Address. my VLANs setup in e2000 for other ports have DHCP running for the bridge. Question is,how to make the gateway of the machines attached to Vlans in E2000 as my desktop LAN address(would it even work?). is there a simple way to do that. my ultimate goal really is to have one of the ports of e2000 isolated for Voip and another for guest access and not use e2000 for routing across WAN.
  5. teaman

    teaman LI Guru Member

    That is the general idea, yes. However, there might be a 'small' caveat (I honestly forgot to mention at the time): there is a chance/possibility that interface 'vlan4' would not be brought 'up' at runtime, since it doesn't 'belong' to any LAN bridge and/or any other interfaces... (i.e. when service 'net' gets started, etc..). If such thing happens on your router, you could still add 'ifconfig vlanX up' to your 'firewall custom script' (on page Admin -> Scripts -> Firewall) and that would 'fix' this particular problem (the router would still be unaware of any network traffic flowing through those ports: that would 'act' or 'would be seen like' just a store-and-forward/plain-and-simple 2-port ethernet switch ;)

    That sounds like a complex thing... If I undestood you correctly, you wanna have 2 WANs? One on your OpenWRT box and another on your Tomato router, right? Then you wanna 'detach' some of the ethernet ports on your Tomato router and use them as a plain-and-simple-ethernet-switch to interconnect some of your devices, while keeping them completely isolated from your Tomato router and your other devices? Is that it?

    If not... please do clarify things... perhaps... a diagram?

  6. TomatoE2000

    TomatoE2000 Networkin' Nut Member

    Thanks teaman for the response: here are some details:
    1. Currently i have vlan1-3 in E2000.i have attached VOipATA on Vlan1(with one port). attached internal machines on vlan2. and guest wireless on vlan3 and vlan access defined between them. currently the WAN port is where internet is attached.
    2. i want to move as much as possible away from e200o router(as i feel it is not powerful enough) and move to a desktop for routing function(inside a OpenWrt Vbox VM) and use e2000 as a switch.so, i have a desktop with 2 NICs one for WAN and Other for LAN(i removed WAN from e2000 and attached it to the desktop for internet connection. Attached LAN NIC to LAN port in e2000). in this setup now, the desktop is the internet gateway. so,the Vlan1-3 in e2000 need to know that the desktop is the gateway for internet access.(the DHCP assigned for bridges in e2000 do not permit to specify a gateway machine).

    does the above sound complicated. if yes, can we do away with VLans on e2000 and get a finer control with the desktop router for the devices attached to e2000 switch.
  7. teaman

    teaman LI Guru Member

    Long story short: don't worry too much about your E2000 not being 'powerful' enough as I've been using a WRT54GL as my primary/main router for these last few years without a single problem (which is sorta... an ancient and quite under-powered device, when compared to most routers in the market these days... including... the E2000) ;)


Share This Page