Connecting Wireless to DSA VLANs

Installing and Using OpenWrt Network and Wireless Configuration
1

https://openwrt.org/docs/guide-user/network/dsa/converting-to-dsa#wireless states that

Back with swconfig, we couldn't directly assign wireless interfaces to VLANs. So we had to bridge wireless with an already VLAN configured ethX.X interface.

With DSA, this is not the case anymore.
Go to Network → Wireless and choose the network that wireless interfaces should attach to.
Wireless interfaces will automatically be included in the bridge and belong in the correct VLAN.

TL;DR

What's the advantage? It seems one still can't attach a WiFi interface directly to a bridge.

Is there a way to associate a VAP with a VLAN on a bridge without creating an intermediary?

The example provided at that link isn't very general, but more specific to a simple, wan/lan configuration.

With a "dumb AP", there isn't a reason to configure an IP address for each of the VLANs carried. There are advantages to not doing so, at least from a maintainability perspective, as well as potentially from a security perspective. No IP address on network X, anything that opened a wildcard listener shouldn't be available there, even with a flaw in firewall rules.

Whether I have option local '0' present or not, manual configuration without an intermediate bridge seems to fail. Trying to configure with LuCI seems inconsistent with those instructions.

image
image920×300 38.7 KB

The bridge is definitely "present and known" to UCI as it the requested VLAN.

image
image954×63 6.78 KB

If I create a "dummy" interface and change the VAP to target that, then things work as one might hope.

In config/network

config interface 'bogus_666'
        option proto 'none'
        option device 'br-switch.666'

In config/wireless

Fails (with or without the above declaration):

        option network 'br-switch.666'

Works:

        option network 'bogus_666'

In both situations bridge vlan show confirms the presence or absence of the VAP in the bridge membership.

But if I have to create a dummy interface for the VLAN, how is this any different from creating a bridge for the VLAN?

Edit:

Looking deeper into this, I am guessing that the bogus interface is to simplify / improve robustness of UCI parsing and configuration.

The intermediates do not appear in ip link or in bridge vlan show. The wifi-iface ifname is what appears in both ip link and bridge vlan show.

1 Like