Why do dedicated WAN ports exist on some routers?

Title.

I can’t understand why they’d exist aside from maybe firewall specific rules for that port only. I know some ISP supplied routers are modem combos, but I don’t see why a dedicated WAN port might exist in that situation either.

Because a router needs atleast two interfaces in order to be a router. It is a device which switches traffic between networks. The wan and LAN ports are just labelled that way and do not have to be used for that purpose, but in order to connect a local network to the internet you need a router and it needs two interfaces.

8 Likes

Some consumer devices might have a separate wan port as their are preconfigured to be setup that way.

Generally, anything non-consumer doesnt have these specific designations unless they are for specific purposes.

6 Likes

Well yes, but take this as an example.

I own this router, but I haven’t tried swapping the cable to the ISP modem/router combo from the blue WAN port to one of the yellow ports. However, would this work just the same? I’d imagine based on what you’ve said, yes.

I had thought that might be the case.

Before ISPs gave us Router/Modem combos (Which I think is horrible), all we got was a modem. In order to allow multiple devices in a single home to connect to a network, we needed the all-in-one routers we have today.

A good scenario today is my home has a gateway that only provides internet, it doesn’t have that router/switch/ap shit turned on. Which connects to the WAN port on my router, from my router is the rest of my home network.

No it won’t, imagine a consumer router to be a 3 in 1 device.

It has a built in router, switch, and wap.

  • Router - What connect your home network to the external network. Generally has a WAN and a LAN port.
  • Switch - The 4 Yellow LAN ports with an imaginary 5th dedicated to your router
  • WAP - Wireless Access Point, the wireless functionality

Connecting the the modem/gateway to the yellow port shouldn’t do anything based on how the router is configured, although you have now tempted me to connect my switch to my gateway and see what shenanigans I can get away with.

2 Likes

If your modem is also a router then you can connect it to a switch or the switch part of your router and it will work. If it’s just a modem or if the router function is disabled (bridge mode) then it shouldn’t work. Unless your ISP is sloppy, if you connect a switch to a modem you may be able to get multiple public IPs if your ISP hasn’t prevented that.

The wan port does not need to be used for wan, it’s just what they wrote on it, the router has two interfaces, one is wan the other is lan and is connected to the switch internally. The firewall is configured to do nat and has a default rule to deny all on wan and allow all on lan. But there is nothing special about the wan port.

1 Like

Wouldn’t that cause a DHCP conflict though?

Yeah, if you have two dhcp servers running.

Funny thing is I think my ISP is being sloppy, my PFSense box and my Router gets different IPs. Once I spoofed my old router MAC on my PFSense box, I got my old IP back. So the idea is if I used an unmanaged switch to my gateway (Bridged mode combo junk from my ISP), my PFSense box, old router, and any other device I connect to teh switch would get its own IP. I’ve already reconfigured my old router to be a WAP, so I will need another ethernet device.

The WAN port is usually running a protocol like PPPoE, and is used to connect to a DSL/cable modem.
Your device needs to login to PPP and then route between the WAN port and the switch ports.

You can’t just connect the WAN link to one of the switch ports because it’s running the wrong protocol and on the wrong side of the firewall. If you tried it there would be no connectivity.

1 Like

The firewall and the UI and configuration scripts on the device all come with a bunch of assumptions about which ports are used how.

If you were to install OpenWRT/LEDE, you’d see most likely that all ports are part of the same managed switch, and all the lan ports are on vlan1 and wan port is on vlan2, and CPU has both VLANs tagged. (Or some similar setup to that, some routers have a 7 port switch and 2 internal rgmiis).

1 Like

Routers used in home and business applications are primarily used for Network Address Translation.

This is a necessity to enable one public IP address to be used by multiple devices on the network. It uses reserved IP address ranges for the internal network (192.168.X.X, 10.X.X.X and 172.16.X.X - 172.31.X.X)

A router with a WAN port will be configured with the intention that that port will be used for the public side of NAT. This may be optional, or fixed in the router’s software.

Business grade routers often have an 802.3 (Ethernet) capable WAN port to enable them to be connected to another piece of equipment. This may be used for a leased-line router for example. It could also be compatible with PPPoE for use with a separate modem as @MarcT said.

An ISP modem/router (or aftermarket router) may be equipped with both a modem port and a WAN port. Beyond flexibility this could allow for a form of failover, with two different connections available to a single router. This may also be used to configure multiple public IP addresses on a single gateway.

1 Like

a dedicated WAN-only port might be marginally cheaper; you don’t need VLANS and other features on the WAN side (and if even the LAN side doesn’t support VLANS then it would need some other switching backplane to isolate it from the LAN ports).

it might also only be 100 megabit :smiley:

TLDR: price

Any half decent “Real” router won’t make the distinction like that and allow you to address the ports individually whichever way you want. That maybe sounds harsh, and such cheap routers are aimed at, and perfectly fine for home use. But corners are cut, and that’s how.

1 Like

A WAN port is a Layer 3 port (i.e. it gets an IP address). the other ports are just Layer 2 Switch Ports (i.e. that port/interface DOES NOT have an IP address - it simply forwards packets)

1 Like

Odd given my ASUS RT-68R has it and it was a $200+ router. :C

$200 is fairly cheap. It’s also a consumer router. It’s labeled so you don’t have to think much or do any configuration.

2 Likes

Yes, $200 is a cheap home user (basically what i mean by cheap, as most home users do not require any advanced features beyond very basic routing) router. Right now for example i have a $45,000 (AUD, including 5 year’s support) Cisco router sitting on my desk to configure.

By “real” router i meant something enterprise grade, they typically start at 2-3x that price for something capable of ADSL2 or VDSL and the price only goes up from there.

Above and beyond what @Dexter_Kane said (but Dexter is always on point):
Some routers also have more specialized hardware for WANs. Sometimes the WAN interface is a serial interface (less common these days), or sometimes the router has a specialized interface to handle some of the networking in hardware (like TCP offload engines), or to work with some load balancing equipment, etc. There are lots of technical reasons behind it all, some of it is a vestige from an older time.