VLAN on a RouterBoard

The situation

One day, my neighbors approached me and asked if they could use my internet connection for a while. Of course they can, but I wanted their internet access to be separated from my LAN, so I installed a WiFi access point in my storage room, which is near to the wall separating their appartment from mine. The only problem: There is only one ethernet cable going in this room and I didn't want to lay another cable. Of course the obvious solution for this is creating VLANs. The next barrier: I don't have dedicated switch hardware for this.

After thinking a little bit, I came to the conclusion, that it must be possible to do this task with two RouterBoards.

In my scenario, I wanted to create a VLAN trunk between a RB2011 and a RB750GL. In fact, it's very easy: Create the desired VLAN interfaces on the physical interface on both devices. The RB750 is my "egress" device, to achieve the behavior of a VLAN capable switch, you must bridge the physical ports to the appropriate VLAN interface. That's it!

These two images demonstrate the logical and the real setup:

The config on the RB750GL

/interface bridge
add comment=LAN l2mtu=1594 name=br_vlan100
add comment="LAN guests" l2mtu=1594 name=br_vlan200
add comment=FFFr l2mtu=1594 name=br_vlan300

/interface vlan
add interface=ether1 l2mtu=1594 name=ether1.100 vlan-id=100
add interface=ether1 l2mtu=1594 name=ether1.200 vlan-id=200
add interface=ether1 l2mtu=1594 name=ether1.300 vlan-id=300

/interface bridge port
add bridge=br_vlan100 interface=ether1.100
add bridge=br_vlan200 interface=ether1.200
add bridge=br_vlan300 interface=ether1.300
add bridge=br_vlan100 interface=ether2
add bridge=br_vlan200 interface=ether3
add bridge=br_vlan300 interface=ether4

Summary

As you see from the configuration, I named the VLAN interfaces "etherX.YYY" where X is the interface number and YYY the VLAN ID. This way you can see the physical interface and the VLAN id at a glance. I use three VLANs, one for my LAN, one for my neighbors access point and one for the Point-to-Point link mentioned here.

Despite this setup is working regarding separating different networks in VLANs, one should keep in mind, that this setup is bridging VLAN interfaces with physical interfaces. This means, in contrast to dedicated VLAN capable switch hardware, in this setup the packets must be processed by the RouterBoard's CPU. "Real" switch hardware would handle VLANs and packet switching in a special switch-chip to reduce CPU load and increase throughput.

In my setup, I can easily push ~1GBit traffic over the VLAN trunk without maxing out the CPU.

Go back

My Whishlist

If the information I provided was helpful to you, I would really appreciate if you have a look on my Amazon whishlist.

I'm not begging for anything and I will continue to share my knowledge but of course I would be really happy to see some packages arriving ;-)