DSA VLAN settings

Enig123 · May 11, 2021, 8:10pm

My D-Link DIR-860L B1 is now acting as an AP, which is connected to a switch behind main router, ip is 192.168.1.2, and the WiFi clients are assigned in 172.16.0.0/22 range. The WiFi clients are using 192.168.1.2 as gateway ip to the lan, then forwarded to WAN.

The problem is, since I am using current snapshot which has DSA switch drivers, I don't know how to use port 1 to connect to the switch and the rest 3 ports to form a VLAN, so I can isolate the rest ports from the LAN, but let them get to WAN.

Here's my current network config:

config interface 'lan'
        option type 'bridge'
        option ifname 'lan1 lan2 lan3 lan4'
        option proto 'dhcp'
        option ip6assign 'none'

config device 'lan_lan1_dev'
        option name 'lan1'
        option macaddr '54:xx:xx:xx:xx:90'

config device 'lan_lan2_dev'
        option name 'lan2'
        option macaddr '54:xx:xx:xx:xx:90'

config device 'lan_lan3_dev'
        option name 'lan3'
        option macaddr '54:xx:xx:xx:xx:90'

config device 'lan_lan4_dev'
        option name 'lan4'
        option macaddr '54:xx:xx:xx:xx:90'

What I would like to configure is to form lan2-lan4 as a VLAN, the connected client get ip from dhcp service of the DIR-860L, and use the lan1's ip 192.168.1.2 as gateway ip, the same as WiFi client.

Thanks in advance for your kind help.

mk24 · May 11, 2021, 9:06pm

That can't be your entire configuration, there must be two networks, you'd have lan being bridged into the upstream network, and something you're calling "gate" which assigns 172.16 IPs and then NATs that group of users into the lan.

The Ethernet configuration is straightforward, you'd just remove lan1 from the lan network and place it into the gate network bridge (not shown) instead. The name 'lan1' is based on the manufacturer's label on the outside of the case, it doesn't have anything to do with being in a lan network.

DSA means for a use case like this you treat the ports as independently connected to the kernel, even though there actually is also a hardware switch involved you don't have to configure it.

Enig123 · May 11, 2021, 9:10pm

@mk24, sorry for the confusion, the word 'gate' should be 'gateway ip' instead.

My whole config file is as follow:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd65:a615:ccba::/48'
        option packet_steering '1'

config interface 'lan'
        option type 'bridge'
        option ifname 'lan1 lan2 lan3 lan4'
        option proto 'dhcp'
        option ip6assign 'none'

config device 'lan_lan1_dev'
        option name 'lan1'
        option macaddr '54:xx:xx:xx:xx:90'

config device 'lan_lan2_dev'
        option name 'lan2'
        option macaddr '54:xx:xx:xx:xx:90'

config device 'lan_lan3_dev'
        option name 'lan3'
        option macaddr '54:xx:xx:xx:xx:90'

config device 'lan_lan4_dev'
        option name 'lan4'
        option macaddr '54:xx:xx:xx:xx:90'

config interface 'wan'
        option ifname 'wan'
        option proto 'dhcp'

config device 'wan_wan_dev'
        option name 'wan'
        option macaddr '54:xx:xx:xx:xx:93'

config interface 'wan6'
        option ifname 'wan'
        option proto 'dhcpv6'

config interface 'guest0'
        option proto 'static'
        option ipaddr '172.16.3.1'
        option netmask '255.255.255.0'
        option gateway '192.168.1.2'

config interface 'guest1'
        option proto 'static'
        option ipaddr '172.16.2.1'
        option netmask '255.255.255.0'
        option gateway '192.168.1.2'

config interface 'guest2'
        option proto 'static'
        option ipaddr '172.16.1.1'
        option netmask '255.255.255.0'
        option gateway '192.168.1.2'

My bad again, the gateway ip is actually 192.168.1.2, the WAN port is vacant.

I had almost no experience in VLAN related configuration, sample configurations guiding me to the configuration I would like it to be are welcome.

anomeome · May 11, 2021, 9:19pm

Some info, with some more syntax bits in my post a couple up from that one.

Enig123 · May 11, 2021, 10:14pm

Thanks. I will have to think through it before actual configuring, just cannot afford to lose WiFi.

Enig123 · May 12, 2021, 11:30pm

It serms that my use case perhaps can avoid using VLAN at all?

Is it possible configure port 1 as 'lan' and the rest ports for another bridge interface?

Not sure though. Anyone can help me understand if it's possible?

mk24 · May 12, 2021, 11:51pm

Correct, you don't have to think about this in terms of VLANs at all. Consider it as ports attached to networks. I think you want to move the lan1 port into the wan network so it bridges directly to your upstream router. To do that will require changing wan (and wan6 if using IPv6) to bridges.

config interface 'wan'
   option type 'bridge'
   option proto 'dhcp'
   list ifname 'wan'
   list ifname 'lan1'

Then be sure to remove lan1 from the lan bridge
option ifname 'lan2 lan3 lan4'
Note that list ifname is the newer preferred syntax for multiple interfaces in a network bridge-- it works the same as the old option ifname with all the interfaces on one line.