I recently bought a D-Link 2640 which is a MT7621 device using DSA instead of swconfig. I'm having trouble migrating my VLAN config to my new router.
VLAN 3 was just used for mwan but that's not needed anymore so I'm fine without it. VLAN 4 is the one that had tagged packets for the Guest WiFi coming in.
| VLAN ID | LAN1 | LAN2 | LAN3 | LAN4 | WAN |
|---------|------|------|------|------|-----|
| 1 | off | unt | unt | unt | off |
| 2 | off | off | off | off | unt |
| 3 | unt | off | off | off | off |
| 4 | off | off | tag | off | off |
This is the relevant output of /etc/config/network
Should I create VLAN 1 and 2 in the new DSA config? If not, should I just create VLAN 4 with LAN3 as tagged and keep other ports as 'do not participate'? Do I need to set Primary VLAN ID on any of the ports?
I'd be happy to refer to a comprehensive guide or a documentation but I wasn't able to find much on migrating VLAN configs from swconfig to DSA.
The router has 4 LAN ports and dual band WiFi. I'm trying to create two wireless APs - personal and guest. The guest AP will be on VLAN 10 and it will only run on 2.4 Ghz.
I also have an EAP225 hardware AP connected to LAN4. It also creates a 5Ghz personal and 2.4Ghz guest AP with the guest AP on VLAN10.
I tried using this config
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'xxx:xxx:xxx::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'br-lan.1'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option hostname 'sun'
config interface 'guest'
option proto 'static'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
option device 'br-lan.10'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'lan4:t'
However, using this config makes the trusted clients in my personal AP stop connecting. My android phone shows an error saying IP Configuration Failure.
@cybrnook I tried following your post but I wasn't successful in configuring what I want.
I'll configure my guest WiFi as mentioned here but it's hardly what I want. I've been unable to solve this issue. The absence of documentation also doesn't help.
I read that post. Sorry, that didn't help me. I was unable to configure VLAN 10 for my Guest AP. I mean, it was working but then the Personal AP stopped working as I've mentioned before.
That post doesn't explain what I need to do if I want to use wireless APs as well.
If it helps, this is how I want the setup to look like and work.
While different to what you describe above, I had a similar issue with WLANx AP config for onboard radios for a master build until I added commit and commit to my build, after which network configs that I had set aside just started working for wireless, one example:
Summary
OpenWrt SNAPSHOT, r16966-940c196be1
-----------------------------------------------------
Linux mamba 5.10.45 #0 SMP Fri Jun 18 12:33:30 2021 armv7l GNU/Linux
root@mamba:/# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix ''
config device
option name 'wan'
option macaddr ''
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config device
option name 'lan1'
option macaddr ''
config device
option name 'lan2'
option macaddr ''
config device
option name 'lan3'
option macaddr ''
config device
option name 'lan4'
option macaddr ''
config device
option name 'itch0'
option type 'bridge'
list ports 'lan4'
list ports 'lan3'
list ports 'lan2'
list ports 'lan1'
option vlan_filtering '1'
# option igmp_snooping '1'
# option stp '1'
config bridge-vlan
option device 'itch0'
option vlan '10'
list ports 'lan4:*'
list ports 'lan3'
# list ports 'lan2'
# list ports 'lan1'
option alias 'lan'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
option ip6assign '60'
# option ip6assign '56'
# option ip6hint '10'
option device 'itch0.lan'
config bridge-vlan
option device 'itch0'
option vlan '20'
list ports 'lan2:t'
list ports 'lan1:t'
option alias 'ap'
config interface 'ap'
option proto 'static'
option ipaddr '192.168.20.1'
option netmask '255.255.255.0'
option ip6assign '64'
option device 'itch0.ap'
config bridge-vlan
option device 'itch0'
option vlan '30'
list ports 'lan2:t'
list ports 'lan1:u*'
option alias 'iot'
config interface 'iot'
option proto 'static'
option ipaddr '192.168.30.1'
option netmask '255.255.255.0'
option ip6assign '64'
option device 'itch0.iot'
config bridge-vlan
option device 'itch0'
option vlan '4094'
list ports 'lan2:t*'
option alias 'sink'
config interface 'windscribevpn'
option proto 'none'
option device 'tun0'
root@mamba:/# netifd-netinfo.sh -d
DEVICE UP CARRIER PRESENT EXTERNAL TYPE
=============================================================================
eth0 x x x Network device
itch0 x x x bridge
itch0_10 x x x VLAN
itch0_20 x x x VLAN
itch0_30 x x x VLAN
lan1 x x Network device
lan2 x x Network device
lan3 x x Network device
lan4 x x x Network device
lo x x x Network device
wan x x x Network device
wiot0 x x x x Network device
wiot1 x x x x Network device
wlan0 x x x x Network device
wlan1 x x x x Network device
root@mamba:/# bridge vlan
port vlan-id
lan4 10 PVID Egress Untagged
lan3 10 PVID Egress Untagged
lan2 20
30
4094 PVID
lan1 20
30 PVID Egress Untagged
itch0 10
20
30
4094
wlan0 10 PVID Egress Untagged
wlan1 10 PVID Egress Untagged
wiot0 30 PVID Egress Untagged
wiot1 30 PVID Egress Untagged
did not work, then did. Checking the commit log those are still not in 21.x, which I guess means somehow people are making things work, I could not. So, I suggest it is probably worthwhile to try a master image to see if things change; as an aside there were some recent mac80211 commits pushed to master which I think you would find useful given your device and WPA3 in play.