Bridging an untagged VLAN port to an Ethernet interface

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello,

I am using an OpenWRT One which connects to my router via a tagged VLAN interface (eth0) with the AP setup with multiple SSIDs for each VLAN (which works fine).

I also want to bridge the second interface (eth1) to one of the VLANs for a nearby wired device, however I am having problems configuring this.

The configuration I am trying to use is (see below for full network config):

config device
	option type 'bridge'
	option name 'br-home'
	list ports 'br-lan.50'
	list ports 'eth1'

However this does not create the interface (if I use brctl show it doesn't show up).

I can set the bridge up manually using brctl and ip link fairly easily, which works fine.

brctl addbr br-home
brctl addif br-home eth1
brctl addif br-home br-lan.50
ip link set up dev br-home
ip link set up dev eth1

I am looking for a way of replicating this in /etc/config/network - any ideas?

Regards, Paul

# ubus call system board
{
	"kernel": "6.6.63",
	"hostname": "AP-Conservatory",
	"system": "ARMv8 Processor rev 4",
	"model": "OpenWrt One",
	"board_name": "openwrt,one",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "24.10.0-rc2",
		"revision": "r28161-ea17e958b9",
		"target": "mediatek/filogic",
		"description": "OpenWrt 24.10.0-rc2 r28161-ea17e958b9",
		"builddate": "1733226068"
	}
}

# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd07:a3e8:d044::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '50'
	option name 'br-lan.50'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '60'
	option name 'br-lan.60'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '70'
	option name 'br-lan.70'

config interface 'vlan50'
	option proto 'none'
	option device 'br-lan.50'

config interface 'vlan60'
	option proto 'none'
	option device 'br-lan.60'

config interface 'vlan70'
	option proto 'static'
	option device 'br-lan.70'
	option ipaddr '192.168.70.30'
	option netmask '255.255.255.0'
	option gateway '192.168.70.1'
	list dns '192.168.70.1'

config bridge-vlan
	option device 'br-lan'
	option vlan '50'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '60'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '70'
	list ports 'eth0:t'

config device
	option type 'bridge'
	option name 'br-home'
	list ports 'br-lan.50'
	list ports 'eth1'
2

Add eth1 to the default bridge and set it as an untagged member in the bridge vlan filtering section.

...

config device
	    option name 'br-lan'
	    option type 'bridge'
	    list ports 'eth0'
	    list ports 'eth1'

config bridge-vlan
	    option device 'br-lan'
	    option vlan '50'
	    list ports 'eth0:t'
	    list ports 'eth1:u'

config bridge-vlan
	    option device 'br-lan'
	    option vlan '60'
	    list ports 'eth0:t'

...

The necessary 802.1q devices are created automatically by netifd, so you can remove all these sections.

3

Thanks, that worked fine (I hadn't thought of just using one bridge).

I’m still slightly curious as to how I would setup a separate bridge (as per the manual brctl example) using /etc/config/network, I had another go trying to add another bridge using the syntax below but again this didn’t work.

config device
option name ‘br-home'
option type 'bridge'
list ports 'eth0'
list ports 'eth1'

config bridge-vlan
option device ‘br-home'
option vlan '50'
list ports 'eth0:t'
list ports 'eth1:u'

Also, is there any way of seeing the bridge VLAN filter configuration from the command line (brctl just shows the interfaces).

Regards, Paul

4 
opkg update; opkg install ip-bridge; \
bridge vlan
1 Like