...
| Property | Description |
|---|---|
| disabled (no | yes; Default: no) | Enables or disables switch VLAN entry. |
| independent-learning (no | yes; Default: yes) | Whether to use shared-VLAN-learning (SVL) or independent-VLAN-learning (IVL). |
| ports (name; Default: none) | Interface member list for the respective VLAN. This setting accepts comma-separated values. e.g. ports=ether1,ether2. |
| switch (name; Default: none) | Name of the switch to which the respective VLAN entry is intended for. |
| vlan-id (integer: 0..4095; Default:) | The VLAN ID for certain switch port configuration. |
| Note |
|---|
Devices with MT7621, RTL8367, 88E6393X, 88E6191X switch chips support HW offloaded vlan-filtering. VLAN-related configuration on the "/interface ethernet switch" menu is not available. |
VLAN Forwarding
Both vlan-mode and vlan-header along with the VLAN Table can be used to configure VLAN tagging, untagging and filtering, there are multiple combinations that are possible, each achieving a different result. Below you can find a table of what kind of traffic is going to be sent out through an egress port when a certain traffic is received on an ingress port for each VLAN Mode.
...
| Warning |
|---|
When allowing access to the CPU, you are allowing access from a certain port to the actual router/switch, this is not always desirable. Make sure you implement proper firewall filter rules to secure your device when access to the CPU is allowed from a certain VLAN ID and port, use firewall filter rules to allow access to only certain services. |
| Note |
|---|
Devices with MT7621, RTL8367, 88E6393X, 88E6191X switch chips support HW offloaded vlan-filtering. VLAN-related configuration on the "/interface ethernet switch" menu is not available. |
VLAN Example 1 (Trunk and Access Ports)
...