Bonding (active-backup) with vlan

Hi. I'm running OpenWrt 24.10.0 on an access point and I would like to set up a failover. The network diagram is like this:

It consists of a router, two switches and an access point. In case any one of the two switches goes down it should still work. The failover link (on the left) between the router and the switch is working fine and I would like to achieve same behavior between the access point (openwrt) to a switch.
To avoid some confusion I would like to say that I know that previously 'bonding' used to be set up as an interface but in the new version of openwrt it's now set as a device (which is a good thing).
What would be the best practice to do this? Should I use bridge device somewhere here as this is the way to set VLAN filtering on openwrt?
I have tried multiple approaches but none of them gave the desired result

Switches dont crash, if they are cheap you should plan few minutes downtime for code upgrading, but in normal conditions they keep switching asic configuration while main system is being upgraded.

If I'm not mistaken your approach does not make any sense.

Either you have an active passive bond between two devices but not between three of them.
Do you may want to have spanning tree protocol?

Or do I just read your topology wrong?

It is active-passive between two devices here, not three.

I dont know, the number of links count from ONE last time I checked

Ok let me simplify the diagram so that we could go back to the question.

In normal operation traffic should be going from AP through switch 2, then switch 1 and then to the router. If switch 2 is down, then AP should use the failover link to pass traffic to switch 1 and the router.

It is a description of STP.

I have STP enabled on switch 1 but what configuration should be done on AP (openwrt)? Both eth ports should be put on the bridge and STP enabled on the bridge?

Yes, easy if on DSA, ymmv on swconfig.

Does it look reasonable?:

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	option stp '1'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'dhcp'

config interface 'iot'
	option proto 'dhcp'
	option device 'br-lan.3'

config device
	option name 'lan1'

config device
	option name 'lan2'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '1'
	option name 'br-lan.1'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '3'
	option name 'br-lan.3'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1:t*'
	list ports 'lan2:t*'

config bridge-vlan
	option device 'br-lan'
	option vlan '3'
	list ports 'lan1:t'
	list ports 'lan2:t'

Yes, perfect, make sure tags are tagged on all/both links as stp unforwards all but one of physical cables.

Which STP protocol version does openwrt support? Should I run 802.1s considering there will be more vlans added?

Sadly just plain STP.
If you know what are you doing and you can configure STP on all bridge devices then lower the default timer values. Otherwise do not expect fail over in like 90 sec iirc.

As a second answer. I expect your devices have like at minimum 600 MHz and you have less then 16 vlans? My gut feelings are that we no longer have to deal with under powered devices like in the mid 90s so this should not be an issue. But the lameness of STP sucks in the 21. Century.
Cool kids use batman advanced but not every device supports an MTU of 1532 Byte so a wired backbone mesh is not an option every time.

Not very important, basic operation is to treat non-stp cable as potential loop and shut off port that got looped own frame back.

@antanas Please report back if you have tested and or configured STP.

In case you don't know: brctl showstp <bridge-name> shows you the current state, cost, timer, etc....

hi, yes it seems to be working fine but I haven't tested it very extensively