LAN port doesn't work with DSA and VLAN on dumb AP

I have a device setup as a dumb AP. Its connected on a switch port where a trunk VLAN and a tagged one are setup. The device properly gets an IP address on both networks (setup as DHCP client for management) as you can see:

This is the config used (created by LuCI). I have removed any DHCP config and removed all firewall zones, etc:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'wan'

config interface 'lan'
        option device 'br-lan'
        option proto 'dhcp'

config device
        option type 'bridge'
        option name 'br-san'
        list ports 'lan2'
        list ports 'wan.20'

config interface 'san'
        option proto 'dhcp'
        option device 'br-san'

My problem is that lan2 doesn't have any network activity at all. I feel like there is something wrong with tagging / untagging but not sure how to check. Note that WiFi networks on either bridge work fine and have network access. The only issue is that the physical lan2 port doesn't work, but lan1 does (I need one for each network). If I change both ports to br-lan, they both work. If I change them both to br-san, they stop working (devices don't get an IP address).

It's probably worth mentioning that the device is a MediaTek MT7621 one (Xiaomi Mi Router 4A Gigabit Edition) running OpenWrt 21.02.0 r16279-5cc0535800.

Still no luck. LAN ports (lan1, lan2) do not have any network access when bridged into br-san. Is this is bug? I believe so since they work with br-lan.

Can you draw a diagram of how things are physically connected. Where does your other VLAN come from? What and switches are involved?

I have a "dumb AP" with DSA and VLAN - if I translate my config to your attempted setup, it would look like

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'wan'
        list ports 'lan1'
        list ports 'lan2'

config interface 'lan'
        option device 'br-lan.1'
        option proto 'dhcp'

config interface 'san'
        option device 'br-lan.20'
        option proto 'dhcp'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'wan:t*'
        list ports 'lan1:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'wan:t'
        list ports 'lan2:u*'

The VLANs were created in the Bridge VLAN filterering tab on the br-lan device

This assumes

  • 802.1Q VLAN
  • that WAN is connected to a router port with both vlans 1 and 20 tagged

I can't even begin to imagine how you created that config in LUCI to be honest

The VLAN comes from another OpenWrt router's LAN port (screenshot from first router):

A cable from LAN 2 of the main router is connected on this router's WAN port. This setup is working because the new router replaced an old one (which didn't had DSA) and was working fine. Only 2 devices involved.

Why not? This is how I did it before DSA. I created a new bridge "Device" which I named "br-san" and on "Existing device" I added a custom wan.20 device. I then created a new Interface which I named "san" and added only the br-san device. This is what I got:

image

As you can see the dumb AP gets an IP, which seems to be working. Also, if I add a WiFi AP and bridge it to this interface, clients can connect and have both network and internet access. The only issue is that LAN ports aren't working for the san device when I bridge them.

I believe both solutions are described here: https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial

Oh well, I ended up doing it the other (:face_vomiting:) way...

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'wan'

config interface 'lan'
        option proto 'dhcp'
        option device 'br-lan.1'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'wan:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'wan:t'

config interface 'san'
        option proto 'dhcp'
        option device 'br-lan.20'

This works and both LAN ports have VLAN 20 network access :tada:

Why the :face_vomiting: if it works? I don't understand how you thought your way could work

Why wouldn't it work? I created a new bridge with members: wan.20, lan1, lan2. Notice that both WiFi AND the device have network and internet access... Only the lan ports do not work.

I believe it's cleaner since the second network doesn't use the first one's bridge (br-lan.20 :face_vomiting:)

1 Like

I faced the same issue on my Xiaomi Mi 4 router - everything works except port-to-VLAN bridging.
Will be good to hear about the working configuration for such setup.

The configuration that works (suggested by @jaromanda) for me is the following:

I think Mini tutorial for DSA network config - #87 by mk24 explains why your original setup doesn't work

Yes it kinda does... Thanks a lot!

I would prefer to avoid bridging separate VLANs.
BTW, can you confirm that your VLAN trunk works properly regardless of the port speed, i.e. 1Gb vs. 100Mb ?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.