Cheapest option to bridge a RPi4 router to a dumb AP for VLANs tagging to work if the dumb AP goes down

Installing and Using OpenWrt Network and Wireless Configuration
22

I reverted back to a system of just 3 VLANs for now:

  • VLAN 10 (lan)
  • VLAN 3 (guest)
  • VLAN 5 (iot)

The managed switch configured to use 802.1q "simple" VLANs, so trunked or one VLAN-per port. The router is connected to port 15 which is trunked. The dumb access point is connected to port 14 which is also trunked. My workstation is connected to port 6 which is set to "Access" on VLAN 10.

I have a complication: on my router, I am running pi-hole in a linux container which is running on its own bridge. When I was running my setup without the managed switch, it worked fine meaning I could ssh to it and it was my primary DNS which worked, but now I cannot access it at all not even from an ssh connection to the router itself. If I attach to it with lxc-attach -n pihole on the router, I cannot ping anything (like 1.1.1.1) or connect to anything. Has to be something with my configuration within the managed switch. Any thoughts?

For reference, here is my router's /etc/config/network and you can see the lxc bridge as `lxcbr0' in there.

/etc/config/network on router 
config interface 'loopback'
  option device 'lo'
  option proto 'static'
  option ipaddr '127.0.0.1'
  option netmask '255.0.0.0'

config globals 'globals'
  option ula_prefix 'fd1a:184b:b879::/48'
  option packet_steering '1'

config device
  option name 'eth0'
  option ipv6 '0'

config device
  option name 'eth1'
  option ipv6 '0'

config device
  option name 'wg0'
  option ipv6 '0'

config device
  option type 'bridge'
  option name 'lxcbr0'
  option ipv6 '0'
  option bridge_empty '1'

config device
  option name 'eth0.3'
  option type '8021q'
  option ifname 'eth0'
  option vid '3'
  option ipv6 '0'

config device
  option name 'eth0.5'
  option type '8021q'
  option ifname 'eth0'
  option vid '5'
  option ipv6 '0'

config device
  option name 'eth0.10'
  option type '8021q'
  option ifname 'eth0'
  option vid '10'
  option ipv6 '0'

config interface 'wan'
  option device 'eth1'
  option proto 'dhcp'
  option peerdns '0'
  option delegate '0'
  list dns '1.1.1.1'
  list dns '1.0.0.1'

config interface 'lxc'
  option device 'lxcbr0'
  option proto 'static'
  option ipaddr '10.0.4.1'
  option netmask '255.255.255.0'

config interface 'lan'
  option device 'eth0.10'
  option proto 'static'
  option ipaddr '10.9.8.1'
  option netmask '255.255.255.0'

config interface 'guest'
  option device 'eth0.3'
  option proto 'static'
  option ipaddr '10.9.7.1'
  option netmask '255.255.255.0'

config interface 'iot'
  option device 'eth0.5'
  option proto 'static'
  option ipaddr '10.9.5.1'
  option netmask '255.255.255.0'

config interface 'wg0'
  option proto 'wireguard'
# specifics omitted

@arinc9 - I am pinging you because you helped me to setup the lxc bridge back in this thread. Wondering if you have any insights.

For reference, the new configuration is using a managed switch:

[ RPi4 ]-eth1 -- WAN
[ RPi4 ]-eth0 ---------[ Managed switch ]---[All other PCs]
                           |
                           |
[Dumb AP]------------------|