In my home network I currently run two separate networks each with their own
VLANs and an additional access point (archer c7) to extend the wifi
range. The access point and the avm router are connected via tagged ports
transferring tagged ethernet packets (VLAN trunk).
In the figure below the network setup is shown.
Since the avm box moved from
DSA I had to migrate my
VLAN setup on the avm box.
The description below documents this setup, and may be of help to anybody :^)
DSA the switch ports appear as own devices, here the
VLANs are directly configured on the
bridge devices and appear as sub-devices
of the bridge. See above, the
br-lan.20 which correspond to
the VLANs 10 and 20.
The Local setting of the VLAN controls if the corresponding sub-device is
created or not.
The lan1 port is configured as tagged (T) for our VLANs. This means for outgoing packets the VLAN tag is not removed and incoming packets should be tagged. Additionally, we configured that incoming packets that are untagged should be tagged with VLAN 99 primary VLAN (U|*). This port is used as VLAN trunk to connect the access point.
For the configuration nothing has changed, besides using the new bridge sub-devices.
For completeness of the setup, the following shows the configuration of the access point.
The access point defines two networks
guest similar to the networks
defined on the router above. The interfaces bridge the following devices
- br-lan: eth0.10 + home wifi
- br-guest: eth0.20 + guest wifi
guestinterface is setup as
unmanagedbecause it does not need an IP address, since nobody connected to the guest network should be able to connect to the access point. The access point also does not define any firewall rules, as all firewall rules are centrally defined on the avm box.
The switch is configured as shown below. The two interesting configurations are that the CPU (eth0) interface is tagged for all VLANs and that the LAN1 port is tagged as well.
Similar to the avm setup above, the LAN1 port is tagged for our VLANs and hence used as VLAN trunk to connect to the avm router.
The eth0 port is tagged, such that we get sub-devices eth0.10 and eth0.20 for use in our different networks.