Archer A7 V5 - DSA configuration

Hello there.
Newbie here, last night i was managed to make myself OpnSense (firewall-dhcp-dns) -> and OpenWrt(dumbap) with vlans settings like this: Switch created 20,30 tag them etc, make bridges, setup wireless and everything worked fine.

(the idea is so opnsense deligate ip's and openwrt is only ap via wireless on port1, and on port2 to be vlan for tv)

But in Bridge Filtering i dont see the specific LANs, i actually need them so i can make port1 -> to serve WIFI traffic on vlan 10,20 and port2 -> TV-cable on vlan30

This picture shows specific ports and on mine are all connected in vlan or something:


My config

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'
        option ipv6 '0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option delegate '0'
        option ipaddr '192.168.1.3'
        option gateway '192.168.1.1'
        list dns '192.168.1.1'

config device
        option name 'eth0.2'
        option macaddr '00:00:00:00:00:df'
        option ipv6 '0'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'
        option delegate '0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 3 4 5 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '1 0t'

config device
        option name 'eth0'
        option ipv6 '0'

config device
        option name 'eth0.1'
        option type '8021q'
        option ifname 'eth0'
        option vid '1'
        option ipv6 '0'

config device
        option type 'bridge'
        option name 'xBR'
        option ipv6 '0'
        list ports 'eth0.1'

config interface 'xBRIDGE'
        option proto 'none'
        option device 'xBR'
        option delegate '0'

That screenshot is actually from me, I put it on the Converting to DSA page on the OpenWrt Wiki. I wrote that whole page.

Your device uses swconfig so you don't deal with DSA at all. Also, swconfig does VLAN filtering on its own so you don't need the "bridge VLAN filtering" feature at all. Configure the switch ports on the Network -> Switch section on LuCI.

4 Likes

Oh thanks for the info i will stick to the working config that i made somehow and i guess i will not worry for now with DSA

It's nice to know that you don't need to configure anything in that tab by having swconfig.

I hate to hijack this thread, but I am also interested in setting up DSA on an Archer A7 v5. Do you know if (even though it uses swconfig by default) it could be set up to use DSA (without having to fiddle with lower level setup stuff like the router's .dtsi file)?

E.g., if I compile a custom firmware image for it and explicitly compile in QCA8k DSA support (from the make kernel_menuconfig menu), and then setup the switch config like how the "converting to DSA" wiki page describes, and then unload the swconfig kmod and load the qca8k kmod, would it work?

My interest in DSA stems from the router (supposedly) having a QCA8337N switch, which has DSA support and (more importantly) has HW NAT / HW flow offloading user the DSA driver (or at least will probably be getting HW NAT functionality soon...I think).

My intended usage for the router is a (mostly) dumb access point that serves as the sole broadcaster of a secondary IoT wifi network. Currently my main router broadcasts both the main wifi and the IoT wifi (using the same radios). The goal is to get some of the wifi traffic onto different channels to speed up wifi for devices used by real life people. So, it just needs to forward traffic to/from the main router...no need to firewall or resolve DNS requests (the main router runs a recursive unbound instance) or anything like that. Correct me if I'm wrong, but this seems like a situation where HW NAT could be quite beneficial, yes?

It can be migrated to DSA, but it does involve "fiddling with the router's .dtsi" and more than that - and if you fail any of the small details, it will fail to come up again and will require external recovery.

The good news, there is a PR doing most of that, the bad news, it's a little outdated and will require quite a bit of massaging to apply and work again. If you know what you're doing, finding it as a starting point will be the least of your problems - and you still need to be on top of your game and be prepared to develop for- and debug your device, including recovering it as needed.

Thanks for the info. I suspected this was the case, but really hoped that it wasnt and that some compile-time switches and UCI setup was all that was needed. Oh well.

I imagine I could probably pull this off (with a whole bunch of "learning as I go along the way"), but if Im being honest: right now I already have more projects in my life than I have time for. I also dont have the tools for serial recovery (though have gotten quite good at TFTP recovery from not-quite-right custom compiled openwrt firmware images). So I'll likely stick with swconfig too (for the moment).

Thanks again for the info.

If you ever make time for it, hit me up. It would be nice working together on it. I always appreciate working on fun little projects like this as a team.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.