How to configure a switch

Hello guys, I am from another problem. So I want to separate a little bit. The following setup I got. Mikrotik Routerboard 750gr3 with OpenWrt 23.05.03. So I want to configure it as an SDN Switch. For that I want to make some changes in the network settings. First I want to add a switch, it should look like that

For that I went to the settings : Network >> interface>>devices>>add device


My devices look like that now:

now after that I went back to the interface and want to add another interface: mgmt
This should contain the following settings:

-protocol : static address
-interface ?? -> here I found that it should be eth0.1 but that's not possible in my configurations
-bridge interface off
-bring up on boot on
-ip : 10.10.1.200
-netmask: 255.255.255.0
-gateway: 10.10.1.201
-custom dns 8.8.8.8
-force link on

so I tried to set this:

here is the list with the possible interfaces:

When I choose eth0 I can't connect via port 1 of the MikroTik board . So I tried wan. That also not work. I think the switch settings are noch correct. What did id do wrong and what should I choose as interface on my mgmt interface?

try with swith0.x as those are your vlans

Since this is DSA (MT7621 platform), eth0 is an internal connection. Though it appears in Luci lists, don't actually try to use it for anything. Use only the names of the external ports lan1 .. lan4 and wan. Note that there is already a bridge containing the lan ports, br-lan. A port can only be in one bridge, thus you should only have one bridge overall. It makes more sense to add wan to the existing br-lan and perhaps rename it to br-eth or something to reflect that it is now all the Ethernet ports, not just the lan ones.

Then create bridge-vlans within this single bridge. Finally attach each bridge-vlan to a layer 3 Interface using br-eth.N notation. In DSA, this is the only time that VLANs are referenced with the .N notation.

So, the MT7530 is a DSA switch. For this, you do not need to create a new device - just edit the one bridge that's already there (br-lan, usually). Enable the VLAN settings the way you did.

For your mgmt interface, pick one of the lan devices and exclude it from the bridge, then you can use it independently.

Edit: That's about the same as @mk24 just posted.

Thanks a lot for the help, I am new to DSA so trying to figure out how to use I probably. Sry that I am asking so much, but what you mean with "attach each bridge-plan to a layer 3 interface using breath.N notation" ? and I the default device "br-lan" I got the ports 2,3,4,5 and wan

If you have renamed the former br-lan to br-eth then you'd choose br-eth.2 as the Device for the Network Interface that operates on VLAN 2.

Even if you only use a VLAN for hardware switching between two physical switch ports, you will still need to create an Interface with Protocol: Unmanaged and attach it to that VLAN in order for the switch to be properly configured. This Interface will not actually send data in or out of the kernel since it has no IP address.

ah okay, one thing is not clear right now. Should I add in the port list of br-lan etc0 or not? andyboeh wrote I should do the same as before.

No. Do not reference eth0 anywhere in your configuration. The internal flow between CPU eth0 to the hardware switch (a very short wire on the same chip) is completely controlled by DSA.

Ah okay, so the "bridge-lan" ports are only 2,3,4,5 (why didn't I have a lan 1?) and wan with the following vlan configurations:

and the mgmt interface

The port names are defined in a model-specific file that is read at first boot. There is an attempt to make them correspond with any labels that the manufacturer printed on the case.

Realize that with wan set to T (Tagged) it will only work with a VLAN aware device on the other end of the cable that can transmit and receive packets tagged 1.

when I apply this changes I got the error that the device can't get any response. So I plugged my laptop on port 1 and set his ip to 10.10.1.201 and try to connect via ssh with 10.10.1.200 that didn't work

When connecting a port directly to a laptop it needs to be set to Untagged. Tagged is only for connecting to another switch, or some ISP modems that require tagged packets.

i have a question regarding configuring bridge-vlan using dsa
how can i configure this scenario:
bridge-vlan 10 (lan and wan)
bridge (lan and wlan0) "no vlan"
bridge (wan and wlan2)"no vlan"

@NPC: Please create a new thread with your question and be a bit more specific, i.e. which version of OpenWrt, which device and so on.

so the wan port should be untagged?

update: After setting It to untagged, its possible to connect!! Thanks a lot. you need a raise I got a tiny question at the end. On an online page I found the you should put the bridge interface on off, what did the mean by that?

I'm bringing the default network config for this device from the previous thread into this one for reference and discussion:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd3c:bb3e:760f::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'lan5'

config device
        option name 'lan2'
        option macaddr '48:a9:8a:ec:b1:72'

config device
        option name 'lan3'
        option macaddr '48:a9:8a:ec:b1:72'

config device
        option name 'lan4'
        option macaddr '48:a9:8a:ec:b1:72'

config device
        option name 'lan5'
        option macaddr '48:a9:8a:ec:b1:72'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'wan'
        option macaddr '48:a9:8a:ec:b1:71'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

@thesearchingfor - I'm looking at the top screenshot in the first post, and I don't understand the point of this configuration.

Basically you have the following memberships:

• WAN: VLAN 1, untagged
• LAN 1: VLAN 2, untagged
• LAN 2: VLAN 3, untagged
• LAN 3: VLAN 4, untagged
• LAN 4: VLAN 5, untagged

And that's it.

For a switch to be useful, there must be at least 2 ports that are connected to a given VLAN. But in your illustration, you've got only one port assigned to each VLAN. That means that this device becomes a dead end for every VLAN/port.

What is it that you are trying to achieve here? Do you have an upstream router with all of those VLANs already defined?

Ahh okay, now i understand it. Thanks a lot for the explanation. I am sry but I got another question, when you not so familiar with routing then it's no problem. When I connect the mikrotik to a pc via lan and the pc with wlan to the internet. Now I am sharing the internet connection of my pc with the lan (mikrotik) should I add specific routes, normally it should work without extra static routes, but I didn't have internet on the Mikrotik. My goal is to install some extra packages. Should I open an extra thread?

I have not a specific goal. I want to configure a tiny network for testing purpose. So I want to make an sdn switch with the mikrotik. After the configuration I need some packages and openVswitch installed.