VLAN Configuration

Configure VLANs across your OpenWRT devices with OpenSOHO.

Important (read first!)

  • VLAN configuration is tricky to get right, so OpenSOHO applies its configuration in a way that limits possible connection loss.
  • VLAN tagging is only applied when a device’s apply list contains VLAN. Removing vlan does not undo the configuration.
  • LAN remains untagged on all ports (configuring this per-port is explained below). The rationale is to keep the network functional when VLAN tagging is enabled.
  • CIDR settings on lan are ignored — forcing those would break the network. CIDR settings are applied on the selected gateway only. Interfaces on APs and switches should be configured with option proto 'none'.
  • VLANs named lan and wan are extra protected from accidental modification. If you rename your lan or wan, this protection is not active.
  • OpenSOHO takes the Ethernet interfaces reported by the OpenWRT device (via OpenWISP monitoring) and will:
    • Add an untagged config (u*) towards the lan for each Ethernet port.
    • Add a tagged config (t) for each Ethernet port towards all other VLANs.

Getting Started

  1. Under Vlans, ensure a Vlan named lan exists. Give it a number, e.g. 100 — this is your lan VLAN ID. Avoid VLAN IDs 1 and 2.
  1. Under Devices, add vlan as an apply value for each device that requires VLAN support. Do this gradually — there is no easy way back via OpenSOHO. Work from the least important APs towards the main router.
  2. When all required devices have vlan applied, your network is ready for additional VLANs.

Configuring Extra VLANs

  1. Add an extra entry under Vlans. At minimum, give it a name and a number, e.g. guest and 200. OpenSOHO ensures this VLAN is available, tagged on all interfaces, on all devices with vlan applied.
  2. Configure a gateway (usually the same as the lan gateway).
  3. Add a CIDR to define the subnet, e.g. 192.168.1.1/24. The /24 subnet size is well tested. OpenSOHO adds this IP address on the gateway only.
  4. Wifi interfaces can be added via the Wifi config.
  5. OpenSOHO does not configure DHCP or the firewall yet (planned). Use LuCI on the gateway for that.

Avoiding untagged access on ports

By default the OpenSOHO puts the LAN vlan untagged on all ports. This can be modified by creating a custom Port Tagging configuration.

  • Name, OpenSOHO internal name
  • untagged: the VLAN which should be available untagged
  • trunk: if enabled it automatically adds all VLANs known by OpenSOHO as tagged.
  • tagged: adds the specified VLANs as tagged on the interface.

Next go to Ethernet and set the Config of the port to the selected Port Tagging configuration.

Last modified May 12, 2026: Update vlan.md (ad052fa)