Local option in bridge vlan filtering

What is the purpose of "Local" checkbox in bridge vlan filtering ?

I have dumb AP with one bridge br-lan and get only tagged VLANs on wan iface.
One of those vlans is used for mgmt and it gets his ip via dhcp even when local is off.
Others are unmanaged and used for iot/guest/blablah. Routing and dhcp is done elsewhere.

Is local there so i can make subinterfaces on br-lan.VID# ?
For example br-lan.100.99 ?

It seems that it does not affect anything if i use it or not ?

Local option will automatically assign the specified VLAN ID to the bridge interface and create a VLAN interface of the bridge interface. So the router can use the VLAN interface to be involved in that VLAN.

If you don't want the router to be involved in that VLAN, you can disable this option and run service network restart for this change to take effect.

1 Like

It means VLAN x only exists on the local device. Specifically, it doesn't add it to the bridge (i.e. so that you can configure ports with said VLAN).

This is a good description. Also see the example provided here: https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial#security_considerations_with_vlans

It shouldn't affect anything - it's local.

I also found this link to be helpful: https://www.startpage.com/do/dsearch?query=end-to-end+vs+local+vlans

And it must be enabled for me to be able to get to AP via mgmt vlan on wan port (which is part of br-lan).
For other VLANs that are used only for WiFi it can be disabled.
now we know. :slight_smile:

Luckily i have a "backdoor" local wifi ssid "{uci get system.@system[0].hostname}".

I have thought that the "local" tick box introduces the vlan to the cpu. You can then create a interface using that vlan.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.