I have a question about "Switch with a separate router (RoaS)". I understand why these examples fully VLAN all traffic. However, in my small system, I'd prefer to mix in untagged traffic as slightly more trusted, and keep IOT and guest WLAN on VLANs. I'm not clear on how this would change the configuration.
My assumptions for changing the "blue" ports to untagged:
Purple Trunk. These need IP Services (L3), so add Bridge as member
I think your missing the point. Untagged traffic is not for the purpose of subnetting a specific LAN. It is a functionality to enable the admin to indicate to the router which interfaces need the tagged vlan stripped off before reaching the other end of the cable connected to the port. This is typical of access ports which are connected to PCs, printers etc…
Also with your presented config you have one foot in the vlan door and one foot out the vlan door which will not work.
There is not advantage to take your home trusted blue vlan and remove it from its vlan structure, so not sure I understand why you are going down this route.
Furthermore you cannot magically add your homelan to any trunk port which is very limiting.
You could I suppose add the homelan subnet to the bridge itself, but one important aspect of entire linked thread was to eliminate the confusing practice of putting the subnet on the bridge and using PVID=1 for more than jus the default setting on bridges, switches etc…
Finally, is there anything that is prevented by using Blue VLan for homelan (trusted). Answer = No, so why change it?
Thanks very much for clarifying this for me. Probably because I’m new to all this, I did not quite get that understanding out of the VLAN post. I appreciate your thorough replay. Hopefully, in the coming days I’ll take a stab at implementing this. Worst case, I’ve become very familiar with the reset button, and restoring my configuration.
