Migrating to DSA - bridging across VLANs (not ports)?

Hi -

I'm running an Edgerouter with 5 LAN ports and no firewall. In my 19.07 configuration, I have each of the switch ports configured to accept one or more vlans. (e.g. port 1 accepts untagged vlan 2, port 2 accepts untagged vlan 4, port 3 accepts tagged vlans 3 & 4, and port 4 accepts tagged vlans 5 & 6).

In summary, I have vlans 2,3,4,5,6 spread out across multiple physical switch ports.

Then, my br-lan device is set up to bridge across all the VLANS 2,3,4,5,6, combining them together. (It doesn't bridge the physical ports, it bridges the vlans)

I do this so I can use ebtables to filter traffic between the vlans (at layer 2) to ensure that only certain devices can reach each other. Basically, I am using OpenWRT as a mac layer filtering device between my various VLANs and it works very well for this purpose under 19.07. (Thank you developers!!!)

I am trying to upgrade to 22.03 and I have run into difficulty because the configuration for 22.03 seems to conflate the switch and the bridge into a single configuration, when, as I see it, they are logically separate things. Basically, it seems to assume that the bridge will be bridging across all the physical switch ports, which is not what I want to do.

Am I misinterpreting this? To summarize: I want to assign VLANs across the physical switch ports and then create a bridge across all the VLANs. It's straightforward under 19.07 because I can configure the switch separately from the bridge. I don't understand how to do this under 22.03. Can anyone help me?

Thanks
-Dan

You now need to differentiate between L2 and L3 routing. Before in swconfig this was a big mess without borders.
Now with dsa it has been separated according to the standards.

So you can’t separate vlans from ports since it is all on L2 routing level, actually you never has been able to do that.

Can’t you just make a bridge with all the ports and in that bridge make the vlans that connect as you which to the ports you want.

Have you read the dsa manual in the user guide on the webbpage?

With DSA, each port is its own netdevice on 22.03 - you should be able to simply bridge VLAN devices. E.g. instead of a br-lan bridge over lan1, lan2, lan3, lan4 you could bridge lan1.20, lan1.30, lan2.20, lan2.50 etc.

Without knowing your old configuration in more detail, it is not possible to be more specific unfortunately.

Thank you. I’m starting to think that I need to create a second bridge device. I’ll keep the default one to configure the switch (which also creates the bridge.1 bridge.2 etc. vlan interfaces) and then create a second to bridge across all those vlan interfaces?

I think I need the first one across all the switch ports in order to expose the UI to configure the switch? And then I need a second to bridge my vlans. Does that sound right? (In 19.07 I only needed one bridge because the switch config was exposed separately)

I got it set up using a second bridge device. Not sure if there is a simpler solution, but this seems to be working so far. :crossed_fingers:

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.