Do all vlan exits need a pvid?

i have my pi 4 running a few vlans, and all tagged to my edgerouter x, is this config correct on the ER-X, or should i remove the * for primary vlan, from vlan 20 and 30?

image879×489 19.8 KB

this is the network file for it

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd3c:d00b:4819::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'eth1'
        list ports 'eth2'
        list ports 'eth3'
        list ports 'eth4'
        option bridge_empty '1'

config interface 'vlan10'
        option device 'br-lan.10'
        option proto 'static'
        option ipaddr '192.168.10.2'
        option netmask '255.255.255.0'

config interface 'vlan20'
        option device 'br-lan.20'
        option proto 'none'

config interface 'vlan30'
        option device 'br-lan.30'
        option proto 'none'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'eth0:t'
        list ports 'eth1:u*'
        list ports 'eth2:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'eth0:t'
        list ports 'eth3:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '30'
        list ports 'eth0:t'
        list ports 'eth4:u*'

If the intent is to have those ports behave as access ports (i.e. 'normal' ethernet ports for non-vlan aware devices to connect)...

The truth is that I cannot find a definitive source that describes the difference between the different methods of setting a port as untagged... so eth4 in this example:

config bridge-vlan
        option device 'br-lan'
        option vlan '30'
        list ports 'eth0:t'
        list ports 'eth4:u*'

using the eth4 line, it is possible to define in any one of these three ways:

        list ports 'eth4:u*'
-- vs --
        list ports 'eth4:u'
-- vs --
        list ports 'eth4'

While I haven't seen anything that says that * is absolutely required, or even technically the u, but if a VLAN is going to be used untagged (and there should only be max 1 untagged network per port), I am of the opinion that it makes the most sense to make it unequivical and explicit :u*

So with that contexdt, yes, the designation should be :u*.... at least as far as I am aware. This guarantees that all egress traffic for that VLAN will be untagged and that all untagged ingress traffic on that port will be properly associated with the same VLAN.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.