When setting VLAN on Turris, it is good to first understand the hardware setup and the interconnection of individual components. See the following schema:

The processor of the router Turris Omnia (SoC, Armada 385) has 3 network interfaces. In the system they are eth0, eth1 and eth2. eth2 is connected directly to WAN on the back side of the router, the interfaces eth0 and eth1 are connected to the switch-chip, specifically to ports 0 and 6, and their assignment to the connectors LAN1 – LAN5 can be configured.

The router is by default configured so that the LAN1 connector is assigned to the eth0interface. The rest of the connectors (LAN2 – LAN5) are connected via the interface eth1. See the following file:

/etc/config/network

config interface 'loopback'
      option ifname 'lo'
      option proto 'static'
      option ipaddr '127.0.0.1'
      option netmask '255.0.0.0'
 
config globals 'globals'
      option ula_prefix 'auto'
 
config interface 'lan'
      option ifname 'eth0 eth1'
      option type 'bridge'
      option proto 'static'
      option ipaddr '192.168.1.1'
      option netmask '255.255.255.0'
      option ip6assign '60'
 
config interface 'wan'
      option ifname 'eth2'
      option proto 'dhcp'
 
config interface 'wan6'
      option ifname '@wan'
      option proto 'dhcpv6'
 
config switch
      option name 'switch0'
      option reset '1'
      option enable_vlan '1'
 
config switch_vlan
      option device 'switch0'
      option vlan '1'
      option ports '0 1 2 3 4 '
 
config switch_vlan
      option device 'switch0'
      option vlan '2'
      option ports '5 6'

From looking at the last two blocks of config switch_vlan, it should be clear that two VLANs are set up. In the first block VLAN1 is defined as the connection of ports 0 1 2 3 4 to the switch-chip. Port0, as can be seen in the schema above, goes with interface eth1, ports 1 to 4 go with the corresponding physical connectors LAN2 – LAN5. So, if an ethernet cable is connected to any connector LAN2 to LAN5, the given data flow can be seen on the interface eth1. The same goes for the interface br-lan, because eth1 are eth2 connected via bridge - see block config interface 'lan' .

Analogous to that is the system in the next block config switch_vlan: VLAN2 goes with port6 (and so also the interface eth0) and port5, which is physically connected to LAN1.

It should be visible from the previous section that eth1 and eth0 represent VLANs with the names VLAN1 and VLAN2. It is also possible to add more VLANs, see the following example (mentioned are only blocks for config switch_vlan):

/etc/config/network

config switch_vlan
      option device 'switch0'
      option vlan '1'
      option ports '0t 1 2'
 
config switch_vlan
      option device 'switch0'
      option vlan '2'
      option ports '5 6'
 
config switch_vlan
      option device 'switch0'
      option vlan '3'
      option ports '0t 3 4 '

VLAN2 stayed the same as in the previous example (it connects the interface eth0 with the connector LAN1. VLAN1 now contains port0 (interface eth1), port1 (and so connector LAN5) and port2 (corresponds with connectors LAN4). Notice that port0 is tagged (0t), which is necessary, because port0 (interface eth1) is used as a link between the switch-chip and the processor for VLAN1 and also forVLAN3. The last block is to be understood analogously.

For managing the correct functioning of the set-up VLANs, it is necessary to change the block config interface 'lan' . For example like this:

/etc/config/network

config interface 'lan'
    option ifname 'eth0 eth1.1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'
 
config interface 'lan-2'
    option ifname 'eth1.3'
    option type 'bridge'
    option proto 'static'
    option ipaddr '10.0.0.1'
    option netmask '255.255.255.0'

Notice that in block 'lan' we changed eth1 to eth1.1, which signifies VLAN1 on interface eth1. We also created a new network 'lan-2' with static allocation to which we connected VLAN3 and so also the physical connectors LAN2 and LAN3 (see previous VLAN setting and the above schema).