How to get a guestzone IP address on RPi4 using DSA

I setup my RPi4 to have two Interfaces, LAN and GUEST. I am using VLANs via DSA.

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd1a:184b:b879::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option proto 'static'
	option ipaddr '10.9.8.2'
	option netmask '255.255.255.0'
	option device 'br-lan.1'

config interface 'wan'
	option proto 'dhcp'
	option peerdns '0'
	option delegate '0'
	list dns '1.1.1.1'
	list dns '1.0.0.1'
	option device 'br-wan'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth0'

config bridge-vlan
	option device 'br-lan'
	option vlan '3'
	list ports 'eth0:t'

config device
	option name 'br-lan.1'
	option type '8021q'
	option ifname 'br-lan'
	option vid '1'
	option ipv6 '0'

config device
	option name 'br-lan.3'
	option type '8021q'
	option ifname 'br-lan'
	option vid '3'
	option ipv6 '0'

config device
	option type 'bridge'
	option name 'br-wan'
	list ports 'eth1'
	option bridge_empty '1'

config interface 'guest'
	option proto 'static'
	option device 'br-lan.3'
	option ipaddr '172.17.2.2'
	option netmask '255.255.255.0'
	list dns '1.1.1.1'
	list dns '1.0.0.1'

GUEST is using br-lan.3 and LAN is using br-lan.1 and I need to have a device running with in a lxc attach itself to the GUEST interface not the LAN interface.

I tried defining the lxc.net.0.link = br-lan.3@br-lan but this is invalid. I can use lxc.net.0.link = br-lan but gets an IP address in my LAN zone rather than in my guest zone. I am wondering how I can the VLANs (1 and 3) so my AP works right and some how get the container to use my guest interface.

If I make a new bridge, br-guest and associate it with br-lan.3 will that work? Note that I currently have br-lan.3 associated with br-lan so I am wondering if it's valid to have the same VLAN in two bridges. If so, I would create a new interface and use br-guest with it only for the lxc.

EDIT: worked like a charm.

There's no switch in the Pi4. Create VLANs directly on the eth port with the notation eth0.X. If you have added a USB to Ethernet adapter it will be eth1.X. Create a separate bridge for each network that needs to bridge more than one physical port.

3 Likes