Failing to successfully configure VxLAN over Wireless link

I have attempted to configure 2 Linksys WHW01 (v1 I believe) with VxLAN over a mesh in order to extend multiple wireless networks to the 2nd WHW01. They are both configured pretty identical, and I can ping the remote device on the designated "management IP" on lan1. I have configured a static address on top of the VxLAN and can ping the other device's IP on that link, but I am unable to get an IP when I connect to the SSID on the second device. The first device, freyja, is cabled to my network. Freyr is the remote, wireless only device. Neither device has any firewall rules or zones configured (nft/fw4 not installed as well). I am running LuCI openwrt-23.05 branch (git-23.236.53405-fc638c8) / OpenWrt 23.05.0-rc3 (r23389-5deed175a5). What am I missing in order to send at least VLAN13/lan13 (if not all of VLANs 2, 5, 13 [lan2/5/13]) over the wireless link? Thank you.

FREYJA - wired device

root@freyja:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd1e:2eb7:a14d::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	list ports 'eth2'

config interface 'lan1'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.21.4'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.21.1'
	list dns '192.168.21.1'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth1:u*'
	list ports 'eth2:u*'

config bridge-vlan
	option device 'br-lan'
	option vlan '2'
	list ports 'eth1:t'
	list ports 'eth2:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '5'
	list ports 'eth1:t'
	list ports 'eth2:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '13'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'vxlan0:u*'

config interface 'lan2'
	option proto 'none'
	option device 'br-lan.2'
	option force_link '1'

config interface 'lan13'
	option proto 'static'
	option device 'br-lan.13'
	option ipaddr '192.168.13.4'
	option netmask '255.255.255.0'
	option gateway '192.168.13.4'
	option defaultroute '0'

config interface 'lan5'
	option proto 'none'
	option device 'br-lan.5'
	option force_link '1'
	option defaultroute '0'

config interface 'vxlan0'
	option proto 'vxlan'
	option force_link '1'
	option peeraddr '239.1.1.1'
	option vid '1'
	option tunlink 'lan'
	option defaultroute '0'

config interface 'vxlanaddr'
	option proto 'static'
	option device '@vxlan0'
	option ipaddr '192.168.255.4'
	option netmask '255.255.255.0'
	option defaultroute '0'



root@freyja:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/a000000.wifi'
	option channel '11'
	option band '2g'
	option htmode 'HT40'
	option country 'US'
	option cell_density '3'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/a800000.wifi'
	option channel '108'
	option band '5g'
	option htmode 'VHT80'
	option country 'US'
	option cell_density '3'

config wifi-iface 'wifinet1'
	option device 'radio1'
	option mode 'mesh'
	option encryption 'sae'
	option mesh_id 'rcm'
	option mesh_fwding '1'
	option mesh_rssi_threshold '0'
	option key 'xxx'
	option network 'lan'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'RC13-1'
	option encryption 'none'
	option isolate '1'
	option network 'lan13'
	option ieee80211k '1'
	option time_advertisement '2'
	option time_zone 'CST6CDT,M3.2.0,M11.1.0'
	option wnm_sleep_mode '1'
	option wnm_sleep_mode_no_keys '1'
	option bss_transition '1'
	option proxy_arp '1'

FREYR - remote, wireless only device

root@freyr:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdb0:9611:aaef::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	list ports 'eth2'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth1:u*'
	list ports 'eth2:u*'

config interface 'lan1'
	option proto 'static'
	option device 'br-lan.1'
	option ipaddr '192.168.21.5'
	option netmask '255.255.255.0'
	option gateway '192.168.21.1'
	list dns '192.168.21.1'

config bridge-vlan
	option device 'br-lan'
	option vlan '2'
	list ports 'eth1:t'
	list ports 'eth2:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '5'
	list ports 'eth1:t'
	list ports 'eth2:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '13'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'vxlan0:u*'

config interface 'lan2'
	option proto 'none'
	option device 'br-lan.2'
	option force_link '1'

config interface 'lan5'
	option proto 'none'
	option device 'br-lan.5'
	option force_link '1'

config interface 'lan13'
	option proto 'static'
	option device 'br-lan.13'
	option ipaddr '192.168.13.5'
	option netmask '255.255.255.0'
	option gateway '192.168.13.1'
	option defaultroute '0'

config interface 'vxlan0'
	option proto 'vxlan'
	option peeraddr '239.1.1.1'
	option vid '1'
	option tunlink 'lan1'
	option defaultroute '0'

config interface 'vxlanaddr'
	option proto 'static'
	option device '@vxlan0'
	option ipaddr '192.168.255.5'
	option netmask '255.255.255.0'
	option defaultroute '0'



root@freyr:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/a000000.wifi'
	option channel '11'
	option band '2g'
	option htmode 'HT40'
	option country 'US'
	option cell_density '3'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'RC13-2'
	option encryption 'none'
	option isolate '1'
	option network 'lan13'
	option ieee80211k '1'
	option time_advertisement '2'
	option time_zone 'CST6CDT,M3.2.0,M11.1.0'
	option wnm_sleep_mode '1'
	option wnm_sleep_mode_no_keys '1'
	option bss_transition '1'
	option proxy_arp '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/a800000.wifi'
	option channel '108'
	option band '5g'
	option htmode 'VHT80'
	option country 'US'
	option cell_density '3'

config wifi-iface 'wifinet1'
	option device 'radio1'
	option mode 'mesh'
	option encryption 'sae'
	option mesh_id 'rcm'
	option mesh_fwding '1'
	option mesh_rssi_threshold '0'
	option key 'xxx'
	option network 'lan1'
	option ifname 'm-rcm-0'

if you can you should use batman-adv over mesh. It is much easier to configure. However, if you are forced to use VXLAN then I think your VXLAN0 interface being on your VLAN1 interface is causing your issues. You need to get your VXLAN0 interface onto the parent interface. Not 100% sure but I use VXLAN for the same purpose but use DD-WRT for this as I prefer to bash script my network config so I am trying to translate from bash to your conf files.

My DD-WRT startup script:

swconfig dev switch0 set enable_vlan 1
swconfig dev switch0 set enable_jumbo "1"
swconfig dev switch0 vlan 1 set ports "5t 1t"
swconfig dev switch0 vlan 2 set ports "5t"
swconfig dev switch0 vlan 3 set ports "5t 1t"
swconfig dev switch0 vlan 4 set ports "5t 0 1t 2 3 4"
swconfig dev switch0 vlan 5 set ports "5t 0t 1 2t 3t 4t"
swconfig dev switch0 set apply

ifconfig eth0 mtu 2304
ifconfig vlan1 mtu 2304
ip link add vxlan0 type vxlan id 1 group 239.1.1.1 dstport 4789 dev br0
vconfig add vxlan0 3
vconfig add vxlan0 4
brctl addif br1 vxlan0.3
brctl addif br2 vxlan0.4
ip link set dev vxlan0 up
ip link set dev vxlan0.3 up
ip link set dev vxlan0.4 up

export TERM=xterm 
gpio disable 15

you will notice I place my VXLAN0 onto the br0 which is shown in brctl show:

root@dd1:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.14cc20d1dca2       yes             eth1
                                                        eth2
                                                        vlan1
                                                        wl0.1
                                                        wl1.1
br1             8000.14cc20d1dca2       yes             eth0.3
                                                        vxlan0.3
                                                        wl0.2
                                                        wl1.2
br2             8000.14cc20d1dca2       yes             eth0.4
                                                        vxlan0.4
                                                        wl0.3
                                                        wl1.3

I am not married to using VxLAN; I selected it because, based on (days of) reading forum posts, it seemed the most performant. I did try and configure batman-adv last night and was able to get VLAN13 working across the mesh (though not VLAN1 which is the IP I prefer to use for managing the remote device), but when I ran a speed test while connected to the AP on the remote device, the wireless driver fell over on the remote endpoint and would not come back up without a reboot of the device.

I will go through your VxLAN config and see if I can match it to OpenWRT's config files. I am pretty familiar with those commands having done some basic Linux networking and bridging before for VMs and the fact my primary router is based on FreshTomato, so all the commands for that are like DD-WRT's.

I would first stick with batman-adv. It's easier to setup but requires a layer-2 wireless connection either WDS or 802.11s. As long as you can achieve a reliable layer-2 wireless connection batman-adv is a cinch to setup. Post your batman-adv config so we can see where you might need to make changes.

Thank you for the assistance. The mesh and base batman-adv config seems stable; I can run batctl n and batctl o and see the neighbor as well as iw dev <dev> station dump and see the other station. I can also run batctl tp -t 10000 <other MAC> both ways and consistently get ~200Mbps across the link (they are only a few feet away from each other right now).

Here are the network configs for each. I only added the IPs to lan13 on each device so I could easily test connectivity. I am pretty sure the bat0 and batmesh stanzas are taken nearly verbatim from the batman-adv wiki page. Here is what works and what doesn't once I pull the wired connection out of FREYR to test the mesh.

• I can ping to FREYR from FREYJA over lan13
  • connect to the wireless network on FREYR attached to lan13
  • successfully complete a speedtest out to the Internet
• I cannot ping over lan1 (lan on FREYJA) from FREYJA to FREYR
  • nor get an IP when I connect to the wireless network on lan1 on FREYR.
• I cannot connect to the lan13 (43.5) address on FREYR from any other subnet on my network and I have verified firewall rules on my primary router allow the traffic (including watching packet counts go up in iptables while pinging).

FREYJA - wired

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd1e:2eb7:a14d::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'bat0.1'
	list ports 'bat0.2'
	list ports 'bat0.5'
	list ports 'bat0.13'
	option stp '1'
	option mtu '2304'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.21.4'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.21.1'
	list dns '192.168.21.1'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth1:u*'
	list ports 'eth2:u*'
	list ports 'bat0.1'

config bridge-vlan
	option device 'br-lan'
	option vlan '2'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'bat0.2'

config bridge-vlan
	option device 'br-lan'
	option vlan '5'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'bat0.5'

config bridge-vlan
	option device 'br-lan'
	option vlan '13'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'bat0.13'

config interface 'lan2'
	option proto 'none'
	option device 'br-lan.2'
	option force_link '1'

config interface 'lan13'
	option proto 'static'
	option device 'br-lan.13'
	option ipaddr '192.168.43.4'
	option netmask '255.255.255.0'
	option gateway '192.168.43.1'
	option defaultroute '0'

config interface 'lan5'
	option proto 'none'
	option device 'br-lan.5'
	option force_link '1'
	option defaultroute '0'

config interface 'bat0'
	option proto 'batadv'
	option routing_algo 'BATMAN_IV'
	option aggregated_ogms '1'
	option ap_isolation '0'
	option bonding '0'
	option fragmentation '1'
	option gw_mode 'server'
	option gw_bandwith '500mbit'
	option log_level '255'
	option orig_interval '1000'
	option bridge_loop_avoidance '1'
	option distributed_arp_table '1'
	option multicast_mode '1'
	option network_coding '0'
	option hop_penalty '30'
	option isolation_mark '0x00000000/0x00000000'

config interface 'batmesh'
	option proto 'batadv_hardif'
	option master 'bat0'
	option mtu '2304'

FREYR - remote

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdb0:9611:aaef::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'bat0.1'
	list ports 'bat0.2'
	list ports 'bat0.5'
	list ports 'bat0.13'
	option stp '1'
	option mtu '2304'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth1:u*'
	list ports 'eth2:u*'

config interface 'lan1'
	option proto 'static'
	option device 'br-lan.1'
	option ipaddr '192.168.21.5'
	option netmask '255.255.255.0'
	option gateway '192.168.21.1'
	list dns '192.168.21.1'

config bridge-vlan
	option device 'br-lan'
	option vlan '2'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'bat0.1'

config bridge-vlan
	option device 'br-lan'
	option vlan '5'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'bat0.5'

config bridge-vlan
	option device 'br-lan'
	option vlan '13'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'bat0.13'

config interface 'lan2'
	option proto 'none'
	option device 'br-lan.2'
	option force_link '1'

config interface 'lan5'
	option proto 'none'
	option device 'br-lan.5'
	option force_link '1'

config interface 'lan13'
	option proto 'static'
	option device 'br-lan.13'
	option ipaddr '192.168.43.5'
	option netmask '255.255.255.0'
	option gateway '192.168.43.1'
	option defaultroute '0'

config interface 'bat0'
	option proto 'batadv'
	option routing_algo 'BATMAN_IV'
	option aggregated_ogms '1'
	option ap_isolation '0'
	option bonding '0'
	option fragmentation '1'
	option gw_mode 'offf'
	option log_level '255'
	option orig_interval '1000'
	option bridge_loop_avoidance '1'
	option distributed_arp_table '1'
	option multicast_mode '1'
	option network_coding '0'
	option hop_penalty '30'
	option isolation_mark '0x00000000/0x00000000'

config interface 'batmesh'
	option proto 'batadv_hardif'
	option master 'bat0'
	option mtu '2304'

This. A vxlan interface should be attached to a bridge to be useful. At least I have have not seen any other deployments.
So the vxlan interface (the vtep) and a number of physical and any number of virtual interfaces got attached to a bridge to form a switched layer 2 domain...

config interface 'lan13'
	option proto 'static'
	option device 'br-lan.13'
	option ipaddr '192.168.43.5'
	option netmask '255.255.255.0'
	option gateway '192.168.43.1'
	option defaultroute '0'

you have bat0.13 and br-lan.13 using the same vlan tags. You need to delete br-lan.13.

I thought I had to have both interfaces (the bridge and bat) with their VLAN "subinterface" listed (somewhere) in order to get the traffic to/from the external (bat0 over mesh) and internal (lan13 where the wireless interface is connected) interfaces. I played some more with this tonight and have ended up at the same place where I can ping between the nodes across the mesh (and batctl n and batctl o show successful batman links) on vlan13 (the .43 interfaces), but unable to ping off the mesh or into it from external devices.

I also tried with vxlan tied to br-lan, but was unable to get anything working. I feel like I should just start over, but not actually sure what to do once I get the mesh up and a single subnet working across it.

I think you're overcomplicating it. Just create a bridge interface configure the ip and add the bat0.13 to the bridge

below is probably what you are looking for.

your gateway must either be empty or points to the proper gateway.

config interface 'bat0'
	option proto 'batadv'
	option routing_algo 'BATMAN_IV'
	option aggregated_ogms '1'
	option ap_isolation '0'
	option bonding '0'
	option fragmentation '1'
	option gw_mode 'server'
	option gw_bandwidth '1000mbit/1000mbit'
	option log_level '0'
	option orig_interval '1000'
	option bridge_loop_avoidance '1'
	option distributed_arp_table '1'
	option multicast_mode '1'
	option network_coding '0'
	option hop_penalty '30'
	option isolation_mark '0x00000000/0x00000000'

config interface 'nwi_mesh0'
	option mtu '2304'
	option proto 'batadv_hardif'
	option master 'bat0'

config device
	option name 'br-lan'
	option type 'bridge'
	option stp '1'
	option igmp_snooping '1'
	option ipv6 '0'
	option mtu '2304'
	list ports 'bat0.1'
	list ports 'bat0.2'
	list ports 'bat0.5'
	list ports 'bat0.13'
	list ports 'eth1'
	list ports 'eth2'

config interface 'vlan13'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option device 'br-lan.13'
	option gateway '(not --> 192.168.13.4)'
	list dns '192.168.13.4'
	option ipaddr '192.168.13.4'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'bat0.1'
	list ports 'eth1:t'
	list ports 'eth2:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '2'
	list ports 'bat0.2'
	list ports 'eth1:t'
	list ports 'eth2:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '5'
	list ports 'bat0.5'
	list ports 'eth1:t'
	list ports 'eth2:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '13'
	list ports 'bat0.13'
	list ports 'eth1:t'
	list ports 'eth2:t'

config interface 'vlan1'
	option proto 'none'
	option device 'br-lan.1'

config interface 'vlan2'
	option proto 'none'
	option device 'br-lan.2'

config interface 'vlan5'
	option proto 'none'
	option device 'br-lan.5'

I also have some problem understanding eth1 and eth2 ? Usually in openwrt it is usually labeled lan1 and lan2.

This is the output of ip link and shows eth1 and eth2 as subinterfaces of eth0. Based on reading various forum posts while researching this, my guess is eth0 is the "CPU" port and eth1 and eth2 are the physical network ports on the device. I am currently working on the info from your last post.

I do not actually need both eth1 and eth2 to be trunked except on one port on the first device. I will probably drop them from the remote system and just assign those ports to the guest network.

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether d8:ec:5e:8a:7d:d9 brd ff:ff:ff:ff:ff:ff
3: eth1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether d8:ec:5e:8a:7d:d9 brd ff:ff:ff:ff:ff:ff
4: eth2@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
    link/ether d8:ec:5e:8a:7d:d9 brd ff:ff:ff:ff:ff:ff
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether d8:ec:5e:8a:7d:d9 brd ff:ff:ff:ff:ff:ff
8: br-lan.1@br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether d8:ec:5e:8a:7d:d9 brd ff:ff:ff:ff:ff:ff
9: br-lan.2@br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether d8:ec:5e:8a:7d:d9 brd ff:ff:ff:ff:ff:ff
10: br-lan.13@br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether d8:ec:5e:8a:7d:d9 brd ff:ff:ff:ff:ff:ff
11: br-lan.5@br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether d8:ec:5e:8a:7d:d9 brd ff:ff:ff:ff:ff:ff
12: bat0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
    link/ether 32:ec:cb:a0:84:a6 brd ff:ff:ff:ff:ff:ff
13: bat0.1@bat0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 32:ec:cb:a0:84:a6 brd ff:ff:ff:ff:ff:ff
14: bat0.2@bat0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 32:ec:cb:a0:84:a6 brd ff:ff:ff:ff:ff:ff
15: bat0.5@bat0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 32:ec:cb:a0:84:a6 brd ff:ff:ff:ff:ff:ff
16: bat0.13@bat0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 32:ec:cb:a0:84:a6 brd ff:ff:ff:ff:ff:ff
17: phy1-mesh0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master bat0 state UP qlen 1000
    link/ether d8:ec:5e:8a:7d:db brd ff:ff:ff:ff:ff:ff
18: phy0-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether d8:ec:5e:8a:7d:da brd ff:ff:ff:ff:ff:ff

you should check your syslog to see if it is being flooded with errors related to BRx sending receiving packets to itself. If this is the case you should manually configure the MAC on each interface to be unique. The MAC should be unique on every device lan wide.

I was not getting that error unless I had the wired connection as well as the mesh. Today, I had vlan13 working even though I could not access the management interface on vlan1, but I went ahead and moved the second device to its final location so my son could use the network on it. Tonight, I am having no issues access the device on its primary "management" interface on vlan1. The main differences are that STP is enabled on all my network devices and I enabled igmp_snooping on the br-lan interface.

In the end both devices are configured as below with different IPs on vlan1 and the second device only having eth1 and eth2 untagged on vlan13 (so the guest network can be used with a wired connection if necessary) instead of acting as trunk interfaces. I hope this working config can help somebody in the future. Thank you @papdee and @_bernd for helping me out with this.

config device
	option name 'br-lan'
	option type 'bridge'
	option igmp_snooping '1'
	option mtu '2304'
	option stp '1'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'bat0.1'
	list ports 'bat0.2'
	list ports 'bat0.5'
	list ports 'bat0.13'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth1:u*'
	list ports 'eth2:u*'
	list ports 'bat0.1'

config bridge-vlan
	option device 'br-lan'
	option vlan '2'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'bat0.2'

config bridge-vlan
	option device 'br-lan'
	option vlan '5'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'bat0.5'

config bridge-vlan
	option device 'br-lan'
	option vlan '13'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'bat0.13'

config interface 'vlan1'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.21.4'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.21.1'
	list dns '192.168.21.1'

config interface 'vlan2'
	option proto 'none'
	option device 'br-lan.2'
	option force_link '1'

config interface 'vlan13'
	option proto 'none'
	option device 'br-lan.13'
	option force_link '1'

config interface 'vlan5'
	option proto 'none'
	option device 'br-lan.5'
	option force_link '1'

Is there a way for me to edit the subject of the post? I would like to change the subject to reflect the use of batman as well as show [Solved].

glad it worked it in the end. The last thing I would advise you is putting untagged ports on the trunk interface. It is doable (cisco call this hybrid ports and comware calls it dynamic ports) but can cause confusion with other devices on the network. To simplify network design a trunk port should only be configured with tagged ports. But if it is doing its job then maybe best leave it as is and enjoy.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.