Hard time configuring VLAN

So I had a very bad written post, so I edit it to be easier to understand, with the configs attached configured in the way I think it should be.

I have a APU router running OpenWRT 22.03 and a Netgear GS108Ev3.

I've had my VLAN setup working exactly as I want it to work, but after some tinkering I blew my whole configuration up and I locked me out and had to factory reset the router. Unfortunately I didn't have it backed up.

My router got three ports, one WAN and two LAN. I want to connect the first LAN port (eth1) to my switch and from there have my wired devices connected to different VLANs.
The second LAN port I don't need to use at this point.

Here I will just mention VLAN 30 as I get that working, it will be no problem to fix the rest of them.

What I'm trying to do is to have VLAN1 for my router, switch and stuff like that and then have VLAN30 for my trusted devices.

At this point WiFi works as expected. My devices connected to WiFi are on the right VLAN (VLAN 30).

I have no idea if it's configured wrong on the router or on the swich (or both?).

/etc/config/dhcp

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix '***'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'eth0'
	option proto 'dhcp'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	list ports 'eth2'
	option bridge_empty '1'
	option ipv6 '0'

config device
	option type 'bridge'
	option name 'bridge'
	option bridge_empty '1'
	option ipv6 '0'
	list ports 'bridge.1'
	list ports 'eth1'
	list ports 'bridge.30'

config bridge-vlan
	option device 'bridge'
	option vlan '1'
	list ports 'bridge.1:t'
	list ports 'bridge.30'

config bridge-vlan
	option device 'bridge'
	option vlan '30'
	list ports 'bridge.1'
	list ports 'bridge.30:t'
	list ports 'eth1:t*'

config interface 'trst'
	option proto 'static'
	option device 'bridge.30'
	option ipaddr '192.168.30.1'
	option netmask '255.255.255.0'

/etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'trst'
	option interface 'trst'
	option start '100'
	option limit '150'
	option leasetime '12h'

/etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:02.5/0000:05:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:02.1/0000:01:00.0'
	option channel '36'
	option band '5g'
	option htmode 'HT20'
	option disabled '1'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid '***'
	option encryption 'psk2'
	option key '***'
	option network 'trst'

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall

I've updated my first post with more info and hopefully better written

Hi

maybe this will help you

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix '***'

config interface 'wan'
	option device 'eth0'
	option proto 'dhcp'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	list ports 'eth2'
	option bridge_empty '1'
	
config bridge-vlan
    option device 'br-lan'
    option vlan '1'
    list ports 'eth1:u*'

config bridge-vlan
    option device 'br-lan'
    option vlan '30'
    list ports 'eth1:t'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'trst'
    option device 'br-lan.30'
    option proto 'static'
    option ipaddr '192.168.30.1'
    option netmask '255.255.255.0'

hi,

here is my config, i'll explain what i do below

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd99:bafc:8772::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

config interface 'wan'
        option device 'eth1'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

config interface 'guest'
        option proto 'static'
        option device 'eth2.3'
        option ipaddr '10.10.10.1'
        option netmask '255.255.255.0'

config interface 'iot'
        option proto 'static'
        option ipaddr '10.20.20.1'
        option netmask '255.255.255.0'
        option device 'br-iot'

config device
        option type 'bridge'
        option name 'br-iot'
        list ports 'eth2.4'

i have 3 physical network interface: eth0, eth1, eth2.
eth1 is wan, simple standard config
eth0 is member of the br-lan bridge device, which is assigned with interface lan. standard config.
eth2 is shared port between guest and iot networks. vlans are created automatically because i am using the eth2.x notation. they are almost the same, there is slight difference though: iot interface is assigned to a br-iot bridge device which has eth2.4 as member (like in case of lan), while guest network is directly assigned to eth2.3 device. creating an extra bridge device for iot is just more comfortable for me but not necessary at all. unless you do wifi, because wifi needs a bridge device to tap on to.

now, my switch port which connects to eth2 is configured as trunk port, so both VLANs (3, 4) can pass through. then switch does the heavy lifting by cascading VLANs further down by assigning some ports to one or the other vlan.

in short, if your switch is manageable and supports vlans you should just define your vlans with eth.X notation, and connect to trunk switch port.

your configuration with 'bridge' bridge and bridge.X mixed with eth is too complicated, least to say, in my opinion. (and apparently does not work).

so keep it simple

@NPeca75 @grrr2 Thanks to both of you I now got it working like I want, from router to switch on all ports with all of my VLANs.

Hi
i am glad you sorted this out
please mark proper answer as solution and topic as solved

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.