Converting VLAN setup with dumb AP to DSA

johndg · February 3, 2024, 9:38pm

hi,
after I've successfully configured VLAN setup with dumb AP, I want to migrate that configuration from the old AP, to a new one - ax3000t, that has 3 LAN ports, and 1 WAN port.

running ls -l /sys/class/net in the new AP returns:

eth0 -> ../../devices/platform/15100000.ethernet/net/eth0
lan2 -> ../../devices/platform/15100000.ethernet/mdio_bus/mdio-bus/mdio-bus:1f/net/lan2
lan3 -> ../../devices/platform/15100000.ethernet/mdio_bus/mdio-bus/mdio-bus:1f/net/lan3
lan4 -> ../../devices/platform/15100000.ethernet/mdio_bus/mdio-bus/mdio-bus:1f/net/lan4
phy0-ap0 -> ../../devices/platform/18000000.wifi/net/phy0-ap0
...
phy1-ap0 -> ../../devices/platform/18000000.wifi/net/phy1-ap0
wan -> ../../devices/platform/15100000.ethernet/mdio_bus/mdio-bus/mdio-bus:1f/net/wan

/etc/config currently has:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd61:3163:614f::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.31.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'wan'
	option macaddr 'b3:a1:32:3b:45:be'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

note - this is before making the relevant changes to make it a "dumb ap", which should be adding the wan port to the bridge, deleting the wan devices/interfaces, and disabling the dhcp and firewall services, as per the instructions.

the main router's /etc/config is the same as before:

...
config interface 'iot_online'
        option device 'eth1.10'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'
        option proto 'static'

config interface 'iot_offline'
        option device 'eth1.11'
        option ipaddr '192.168.11.1'
        option netmask '255.255.255.0'
        option proto 'static'
...

my thoughts were to modify /etc/config/network on the AP, to (my modifications with the # sign):

...
config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'wan'  # adding this

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.2'  # here
	option gateway '192.168.1.1'  # here
	list dns '192.168.1.1'  # here

# and from here till the end

config device
	option name 'br-iotonline'
	option type 'bridge'
	list ports 'eth1.10'

config interface 'iotonline'
	option device 'br-iotonline'
	option proto 'none'

config bridge-vlan
	option device 'br0'
	option vlan '10'
	list ports 'wan:u*'

config device
	option name 'br-iotoffline'
	option type 'bridge'
	list ports 'eth1.11'

config interface 'iotoffline'
	option device 'br-iotoffline'
	option proto 'none'

config bridge-vlan
	option device 'br0'
	option vlan '11'
	list ports 'wan:u*'

would this be correct?

thanks!

psherman · February 3, 2024, 11:41pm

No, not quite. You're kind of on the right track, but everything works from br-lan with bridge-vlans -- this creates br-lan.x where x is the VLAN ID.

You've also got the wan port set for multiple VLANs untagged -- that won't work. You can have zero or one untagged network, and zero, one, or many tagged networks on any given port. It must match the configuration of the other (upstream, in this case) device.

So, what we need to know is:

What VLANs are present on the upstream connection (to your main router) -- what are the VLAN IDs and are they all tagged? If any is untagged, which one?
Confirm that you will use the wan port as the uplink.
Define what VLANs you want on each of the lan ports, and if they are trunks or access ports.
Define which VLAN is used to manage the device and what address you want the AP to hold on that network.

From there, we can create the appropriate changes to your config.

johndg · February 4, 2024, 7:12am

alright so according to order:

if I understand you correctly, the current AP VLAN settings are (/etc/config/network):

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1.1'
...
config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 2 3 4 5 1'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '0t 1t'
	option vid '10'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '11'
	option ports '0t 1t'

from this I'm not sure which ones are tagged or untagged, but on the luci /network/switch page, I see that VLAN IDs 10,11 are tagged on wan,eth1 ports (and "off" on all other ports).

the WAN port will be connected to the main router
I don't want any VLANs on the other lan ports (only WiFi clients should be on VLANs , according to different SSIDs, but since it's already mentioned in the previous topic, I skipped it)
I want the AP to be on 192.168.1.2 and not on any VLAN

psherman · February 4, 2024, 7:25am

Ok... so looking at the old config, I see the following on logical port 1:

VLAN 1 - untagged
VLAN 10 tagged
VLAN 11 tagged

VLAN 1 is also present on all ports as untagged (2-5, as well as port 1 mentioned earlier).

The main router appears to have just vlan10 (192.168.10.0/24) and VLAN 11 (192.168.11.0/24). It doesn't appear that VLAN 1 (192.168.1.0/24) exists on the main router.

So... let's get to work:

First, add the wan port to br-lan so it looks like this (btw, what happened to port lan1? doesn't really matter, but is it missing??):

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'wan'

Next, we'll delete the wan stanzas:

Now we'll create bridge-vlans:

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan2:u*'
	list ports 'lan3:u*'
	list ports 'lan4:u*'
	list ports 'wan:u*'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'wan:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '11'
	list ports 'wan:t'

And now we'll edit the lan network interface to use br-lan.1 and the address you specified.

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.1.2'
	option netmask '255.255.255.0'

And finally we'll add unmanaged network interfaces for your vlans:

config interface 'vlan10'
	option device 'br-lan.10'
	option proto 'none'

config interface 'vlan11'
	option device 'br-lan.11'
	option proto 'none'

Now, all that is left is to make the two new SSIDs and use networks vlan10 and vlan11 respectively.

Restart the device and you should be good.

One last consideration -- I don't see VLAN1 on the main router... but if it is there (just not shown in this thread), you'll want to make sure you disable the dhcp server on the AP.

NPeca75 · February 4, 2024, 7:28am

Hi

in DSA it will be something like this ...

config device
        option type 'bridge'
        option vlan_filtering '1'
        option name 'switch'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan'

config bridge-vlan
        option device 'switch'
        option vlan '1'
        list ports 'wan:u*'
        list ports 'lan1:u*'
        list ports 'lan2:u*'
        list ports 'lan3:u*'
        list ports 'lan4:u*'

config bridge-vlan
        option device 'switch'
        option vlan '10'
        list ports 'wan:t'

config bridge-vlan
        option device 'switch'
        option vlan '11'
        list ports 'wan:t'

config interface 'vlan1'
        option proto 'static'
        option device 'switch.1'
        option ip6addr 'fd00::1/64'
        option ipaddr '192.168.1.1/24'

config interface 'vlan10'
        option proto 'none'
        option device 'switch.10'

config interface 'vlan11'
        option proto 'none'
        option device 'switch.11'

johndg · February 5, 2024, 6:59am

thanks, works without a fuss.
also thanks @NPeca75 for the suggestion.
both solutions seems mostly compatible, except for first vlan (id 1 - which seems without use in the main router) and option vlan_filtering '1' - is this not mandatory?

p.s. lan1 doesn't exist on this device, it seems..

psherman · February 5, 2024, 5:54pm

VLAN 1 is just there for the local device because when you enable bridge-VLANs, all interfaces must be associated with a VLAN (br-lan.x where x is the VLAN ID). Using VLAN1 (or really it could be any abitrary VLAN ID that is not used elsewhere) works because we're associating it with an untagged network coming from the upstream router).

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!

system · February 15, 2024, 5:56pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.