Topology:
There's a mesh that runs B.A.T.M.A.N. Layer 2 routing that uses the 802.11s protocol and has no IP addresses associated with it. Every node gets "bat0" as access to this transport.
Conceptually, that now fades into the background as "bat0" on every node knows how to manage Ethernet-like ARP and route Ethernet-like packets among the nodes.
Now, I need to route several VLANs among nodes and to off-mesh nodes.
OpenWrt and netifd typically set up wireless APs and then bridge them to the identified option network when they come up. At least in my experience, as long as there is a bridge with the proper name set up in /etc/config/network then "it just works".
Wired (Ethernet) interfaces require explicit configuration in /etc/config/network to be added to the bridge.
So, in my case, there are two "types" of VLANs that I end up pushing over the mesh:
- Management interface -- connects only to off-net hosts, no (direct) access from wireless clients
- ethX.NNNN bat0.NNNN
- bridge gets IP address
- Specific SSID -- no (direct) access to AP
- bat0.NNNN
-
/etc/config/wirelesscontains anoption network "<named bridge>"entry
If you need wireless clients to be able to access services on the AP, then you would "do both":
- Specific SSID -- with direct access to AP
- ethX.NNNN bat0.NNNN
-
/etc/config/wirelesscontains anoption network "<named bridge>"entry - bridge gets IP address
I name my bridges in /etc/config/network consistent with the VLAN that is later selected for clarity, as well as for 802.1X "auto-VLAN" should I deploy it in the future. It is the interfaces in the declaration of the bridge that actually "sets" the VLAN -- option ifname 'eth0.100 bat0.100'