Skip to content

Instantly share code, notes, and snippets.

@michele-tn

michele-tn/Create_VLANs_via_SSH_on_GliNET_OpenWRT_Routers.md

Created May 22, 2025 15:02
Show Gist options
  • Save michele-tn/0825223729c930b56c0096faefb0532a to your computer and use it in GitHub Desktop.
Save michele-tn/0825223729c930b56c0096faefb0532a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Create_VLANs_via_SSH_on_GliNET_OpenWRT_Routers.md

πŸ› οΈ How to Create VLANs via SSH on OpenWRT Routers (e.g., GL.iNet Mango)

This README provides a step-by-step guide on how to create VLANs on OpenWRT-based routers (such as GL.iNet Mango) using the command-line interface via SSH. VLANs (Virtual LANs) enable network segmentation for enhanced security and management.

πŸ“‹ Requirements

  • OpenWRT-compatible router (e.g., GL.iNet Mango)
  • SSH access to the router
  • Basic knowledge of networking and SSH

πŸš€ Step-by-Step Guide

πŸ”Ή 1. Access the Router via SSH

ssh [email protected]  # Replace with your router's IP address

πŸ”Ή 2. Backup Configuration Files

cp /etc/config/network /etc/config/network.backup

πŸ”Ή 3. Identify the Physical Interfaces

ip link show

Typical interfaces: eth0, eth1, br-lan, etc.

πŸ”Ή 4. Edit the Network Configuration File

vi /etc/config/network

Add VLAN definitions:

config interface 'vlan10'
        option proto 'static'
        option ifname 'eth0.10'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'

config interface 'vlan20'
        option proto 'static'
        option ifname 'eth0.20'
        option ipaddr '192.168.20.1'
        option netmask '255.255.255.0'

If using swconfig:

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '10'
        option ports '0t 1'

config switch_vlan
        option device 'switch0'
        option vlan '20'
        option ports '0t 2'

If using DSA, use eth0.10, eth0.20, etc. directly.

πŸ”Ή 5. Configure the DHCP Server (Optional)

config dhcp 'vlan10'
        option interface 'vlan10'
        option start '100'
        option limit '150'
        option leasetime '12h'

config dhcp 'vlan20'
        option interface 'vlan20'
        option start '100'
        option limit '150'
        option leasetime '12h'

πŸ”Ή 6. Configure Firewall Zones

config zone
        option name 'vlan10'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option network 'vlan10'

config zone
        option name 'vlan20'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option network 'vlan20'

πŸ”Ή 7. Apply and Restart Network

/etc/init.d/network restart

πŸ§ͺ Testing VLANs

  • Connect devices to the corresponding switch ports
  • Test IP address assignment and connectivity
  • Use ping or traceroute to verify isolation or routing

πŸ’‘ Tips

βœ”οΈ Always back up config files before making changes
βœ”οΈ Use tagged VLANs for trunk ports and untagged for access ports
βœ”οΈ Use logread or dmesg to troubleshoot issues

πŸ“š Resources

  • 🌐 [OpenWRT VLANDocumentation
  • 🌐 GL.iNet Developer Guide

πŸ“¦ This README is suitable for GitHub projects involving OpenWRT VLAN configurations.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment