I'm trying to recreate my swconfig VLAN layout for a dumb AP in SWA.
Original swconfig:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'ddc2:9aea:19b1::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.30'
option gateway '192.168.1.1'
option broadcast '192.168.1.255'
list dns '192.168.1.1'
option ip6hint '30'
option ip6ifaceid '::1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option description 'lan'
option ports '0t 1 4'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option description 'vpn'
option ports '0t 1t 2 3'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '3'
option description 'dmz'
option ports '0t 1t'
config switch_vlan
option device 'switch0'
option vlan '4'
option vid '4'
option description 'iot'
option ports '0t 1t'
config device
option type 'bridge'
option name 'br-vpn'
list ports 'eth0.2'
config device
option type 'bridge'
option name 'br-iot'
list ports 'eth0.4'
config interface 'vpn'
option proto 'none'
option device 'br-vpn'
config interface 'iot'
option proto 'none'
option device 'br-iot'
My current DSA attempt:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'ddc2:9aea:19b1::/48'
config device
option type 'bridge'
option name 'br0'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'wan'
config interface 'lan'
option device 'br0'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.30'
option gateway '192.168.1.1'
option broadcast '192.168.1.255'
list dns '192.168.1.1'
option ip6hint '30'
option ip6ifaceid '::1'
config interface 'vpn'
option proto 'none'
option device 'br0.2'
config interface 'dmz'
option proto 'none'
option device 'br0.3'
config interface 'iot'
option proto 'none'
option device 'br0.4'
config bridge-vlan
option device 'br0'
option vlan '1'
list ports 'lan1:u'
list ports 'lan3:u'
list ports 'lan4:u'
config bridge-vlan
option device 'br0'
option vlan '2'
list ports 'lan1:t'
list ports 'lan2:u'
config bridge-vlan
option device 'br0'
option vlan '3'
list ports 'lan1:t'
config bridge-vlan
option device 'br0'
option vlan '4'
list ports 'lan1:t'
Is this PVID block strictly necessary or is this handled automatically now by DSA? In swconfig we had to untag the egress port manually for the trunk port (in this case, lan1):
config bridge-vlan
option device 'br0'
option vlan '1'
list ports 'lan1:u'
list ports 'lan3:u'
list ports 'lan4:u'
I am also curious about the difference between setting a port as "u*" vs "u" -- this is a difficult term to search for.