For a basic home setup, where one port is for WAN and the other 4 are for LAN (without any further fancy topology) and using the Linux DSA subsystem, is it even desirable to use VLANs?
As far as I understand, when swconfig is used, I had to use VLANs to make ethernet frames get to the correct destination (since the only physical interface the system sees was eth0 which was connected to the switch).
But is it really necessary when using DSA? In my current setup, after switching to DSA, I have just one bridge device to bridge together lan1-lan4 and an interface named "lan" that is bound to this bridge. Additionally, there are the "wan" and "wan6" interfaces that are bound directly to the "wan" device.
Do I miss any features in my current setup compared to the default setup (which uses swconfig and VLANs)? particularly, am I missing some security features? Or is my current setup topologically equivalent to the default one?
The vlans are kind of hidden under the normal config as there are tags, hence why the conduit (eth0) has a larger MTU?
DSA basically you can effectively treat each port as a normal ethernet device.
As in you can use ethtool on the user ports etc which makes things more consistent.
You can also add different ports to a bridge and it's the same as dividing up your switch with swconfig under different vlans.
When you do want to do vlans it's just a different setup where you need to to bridge vlan filtering instead.
Per your comment, splitting out the 'wan' port and putting everything else under a bridge without vlan filtering looks to be the default setup for DSA on openwrt yes.
You of course could replicate the setup used by swconfig on non dsa switches. Where you have all ports in one bridge with bridge vlan filtering, then set wan as untagged and pvid of something different. And then similarly with the lan ports. But that's a lot more in terms of config files.
Thanks! I didn't know this was the default config for DSA-enabled routers (mine isn't DSA-enabled in master yet, I manually enabled it). I thought the default was just replicating the swconfig VLAN config as described in the wiki page I linked in the OP.
Ok...
So to answer your question, if you're using a flat network, you're not using VLANs (at least not at a user level). Under the hood, the system may use VLANs to keep the wan port logically separate from the lan ports, assuming that all the ports connect to the same ethernet switch. But DSA 'hides' this by simply presenting the wan and lan ports by name. And as you've already done, typically the lan ports will all be included in a bridge that is then bound to the lan.
If you wish to create additional networks that use ethernet, you'll probably be using VLANs, but there is some nuance about when VLANs are specifically necessary and how to configure them properly. This is of little or no concern if you are only using a single flat network.