Linksys WRT3200ACM : setting up VLANs

I have a Linksys WRT3200ACM running OpenWRT 21.02.1.

As I already have a pfSense router I have put the WAN port into the "br-lan" bridge.

WAN port is connected to multiple VLAN (untagged, vlan.10, vlan.11, vlan.12, ...), tested working fine.

I can't find a way to setup the WRT3200ACM's lan1 port to be only on vlan.11.

What I tried:

• put lan1 port out on br-lan bridge
• create a wan.11 device
• create a "vlan11" device that bridges wan.11 + lan1 ports
• on the vlan11 bridge enabled VLAN filtering, set wan.11 as "tagged" and lan1 as "untagged" (the device on this port will be another access point that has to be only on vlan11 and not capable of managing vlans)
• create a new interface "VLAN11", unmanaged, using the device "vlan11"

What I can see:

• lan1 is connected and packets are received
• wan.11 is connected but there are no packets going through

I'm 100% sure vlan11 goes from the pfSense router, through all switchs to the wan port : I'm upgrading from OpenWRT 19.07 to 21.02, everything works great on 19.07

Old 19.07 conf:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd87:4142:00dc::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'dhcp'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0 1 2 4 5t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '6t'
	option vid '2'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '11'
	option ports '3 4t 6t'

New 21.02 conf for now:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdd3:77b2:a5f8::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'wan'

config interface 'lan'
	option device 'br-lan'
	option proto 'dhcp'

config device
	option name 'wan'
	option macaddr '32:23:03:dc:12:00'

config device
	option type '8021ad'
	option ifname 'wan'
	option vid '11'
	option name 'wan.11'

config device
	option type 'bridge'
	option name 'VLAN11'
	list ports 'lan1'
	list ports 'wan.11'

config bridge-vlan
	option device 'VLAN11'
	option vlan '11'
	list ports 'lan1'
	list ports 'wan.11:t'

config interface 'VLAN11'
	option proto 'none'
	option device 'VLAN11'

Thanks for reading me and your help !

Ok I found the way to get my set up and running !

• on the "Devices" tab [Configure] "br-lan"
• on the "Bridge VLAN filtering" tab :

image1125×549 25.7 KB

• save but DON'T APPLY now
• on the "Interfaces" tab [Edit] the "LAN" interface and set device to "br-lan.1"

• save but DON'T APPLY yet
• create a new interface "NameAsYouWant", unmanaged, on device "br-lan.11"

• now you can save then [Save & Apply]

With some luck everything will be Ok

Here is the resulting /etc/config/network file :

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdd3:77b2:a5f8::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'wan'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan.1'
        option proto 'dhcp'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'wan'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config bridge-vlan
        option device 'br-lan'
        option vlan '11'
        list ports 'wan:t'
        list ports 'lan1'

config interface 'NameAsYouWant'
        option proto 'none'
        option device 'br-lan.11'

Good luck !