Hi @TechDad83 

Thanks for posting in our business forum.

Don't understand the example you gave and what you said after the example.

Are you saying that you need to isolate one VLAN to one port on the router? Then don't tag it, and it does what you want.

If you have more explanation, love to hear it.

Hi @Clive_A

Thank you for your reply. What Im trying to I guess explain is having 2 or 3 independent Physical networks all using the same router.

LAN Port = Business LAN

LAN/WAN Port = LAB LAN

Another example would be that I have a server that I want on a completely different subnet and isolate it to just that port on the router. I could VLAN and add rules but I should have the ability to assign an interface to do that.

Prior to moving to a TP-Link (Omada) I was using pfSense and each interface is assignable and can be independent of each other. I was sending 1 port to my VPN tunnel, so anything on that network was using the tunnel.

Hope that better explains what I was asking.

Hi @TechDad83 

Thanks for posting in our business forum.

TechDad83 wrote

Hi @Clive_A

Thank you for your reply. What Im trying to I guess explain is having 2 or 3 independent Physical networks all using the same router.

 

LAN Port = Business LAN

 

LAN/WAN Port = LAB LAN

 

Another example would be that I have a server that I want on a completely different subnet and isolate it to just that port on the router. I could VLAN and add rules but I should have the ability to assign an interface to do that.

 

Prior to moving to a TP-Link (Omada) I was using pfSense and each interface is assignable and can be independent of each other. I was sending 1 port to my VPN tunnel, so anything on that network was using the tunnel.

 

Hope that better explains what I was asking.

I don't think this would be possible at least we don't see it as very useful. pfSense can do that because each interface needs to be manually configured. It's open-source and this is a prebuilt one. The purpose of the product is to create interfaces for you. About whether an interface can be assigned to the port or not, you should configure VLAN. This is common we do with the thing you said.

So, I believe you have a question, if the way is to use the VLAN, then how to remove the VLAN 1? This question has been answered several times on the forum. We don't support removing the default VLAN.

What you asked for is more like a feature on the switch called Port Security. But this is a router, not a switch. Supposedly, it should handle both layer 2 and layer 3.

And if you want to do a VLAN that's separate from the other networks, in the controller mode, there is a function called Management VLAN. That's usually where you put your core network devices and you expect to separate them from most network clients.

This is the limitation of the prebuilt one. I know open source can do a lot beyond this. However, this feature has not been a common practice or a design idea since it was introduced. I mean this feature should become one of the essentials when it first came out because assigning the interfaces is the first thing you should do when dealing with the physical interface(port). Anything you do with the networking, you create the interface and assign it to the port first. It did not come at that time and I think this may not be added now when most users are already familiar with this system.

Not sure what the purpose is here, but maybe don't "remove" the default VLAN,  but instead, change what that port thinks is it's "default" VLAN?  I think the setting is called PVID? and as said before, don't tag it.  ?

I guess you could then still pass any other VLAN's over as Tagged,  but i'm drawing a blank as to why or what to...  Except maybe a VoIP device likes this Untagged "default" (or "Native") with a Tagged Voice-VLAN kind of setup with a normal/generic workstation hanging off the back of it...?