Wich is better:
a) VLAN created on ethernet port (ETH1) as a WAN device. DHCP-client on it to receive the IP from the ISP.
eth 2-3-4-5+wifi as a single bridge for LAN part.
NAT Masquerade and so on, as a home router.
Fasttrack etc.
b) single bridge setup
eth1 TAG VLAN (the VLAN to use for the internet service from the ISP) + VLAN in the bridge
LAN PART with PVID 2 (for example) and we set there the LAN PART.
Wich is more efficent ?
The HAP ac2 is capable of doing 1Gbit download speed in the “a” variant, with no issues.
I tried the “b” design, with fastpath, with 0 issues.
Since both work for you and you can measure the performance via speed tests and you can monitor the CPU usage,
this is a non-problem. Being a trainer, not sure why the facts are not good enough???
What the heck is operator vlan, like making up new terms to confuse people…
If your fishing for personal opinions.
One bridge all vlans, WAN not on bridge, vlan for WAN is separate from other vlans.
Regardless of router, CRS3XX switches included etc…
I use the forum to discuss and hear each other’s opinion. You are not polite. Being a trainer doesnt mean that I know everything. Yes , I am fishing for hear the other’s opinions.
The “operator vlan” I mean the VLAN needed for the internet service received from the ISP.
I know that it is not a non problem but since there is a modern way to use vlan on switch chip, I wanted to discuss here wich was the best configuration to use.
I use almost everywhere the single-bridge approach, as stated on the docs. Just curios to know wich may be the best configuration.
We used since 2017 the vlan tagged on the ETH1 (wan), and a single bridge for the vlan and VLAN filtering.
Since it could work also the single bridge config, just wondering with is the best. And we agree that the single bridge is the solution.
For a simple home setup, I perfer A, since the only use of this VLAN is routing.
With b, you have no advantage compared to A, but you have to make sure not to leak any LAN things to WAN.
So option a is effectively the default config but with an additional /interface vlan to handle the WAN traffic being tagged.
Unless you are likely to have multiple WAN ports, want to be able to easily swap which ports are WAN and which are LAN, passthough additional provider/operator VLANs for IPTV and/or VoIP, or have multiple LAN-side VLANs (e.g. guest, IoT, etc.) sticking with that provides wire-speed switching between the LAN ports.
Otherwise you loose hardware offloading on devices with Atheros/Qualcomm switch chips when making the bridge VLAN-aware. Leaving it none-aware and programming the switch chip directly is a faff, especially with wireless interfaces involved and IIRC not possible on devices with newer wireless chips/drivers.
Option b is the approach used by OpenWRT, but their switch management UI is better.