MikroTik cAP ac switch/vlan configuration

Hello,

i use several MikroTik cAP ac with OpenWrt as simple access points.

A typical configuration is to have 3 tagged VLANs on the wan port: Admin, Guest and LAN.
The lan port is configured as untagged for Admin network.

Wireless devices/interfaces for Guest and LAN are bridged by unmanaged bridges to corresponding VLAN device/interface.

With OpenWrt 22.03.5 i used the menu "switch" (beside interfaces/devices) to configure this and all seems to work like expected.

With OpenWrt 23.05.0 the menu "switch" is not available anymore.
How can i achieve this configuration in version 23.05.0?

Best regards, Robert

Actual 22.03.5 configuration (/etc/config/network):

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdef:835a:3843::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	option ipv6 '0'
	option bridge_empty '1'
	list ports 'eth0.450'

config interface 'lan'
	option device 'br-lan'
	option proto 'none'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config device
	option name 'eth0'
	option ipv6 '0'

config device
	option type '8021q'
	option ifname 'eth0'
	option vid '410'
	option name 'eth0.410'
	option ipv6 '0'

config interface 'admin'
	option proto 'static'
	option device 'eth0.410'
	option netmask '255.255.255.0'
	option gateway '172.24.1.1'
	option delegate '0'
	list dns '172.24.1.1'
	option ipaddr '172.24.1.21'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '410'
	option description 'Admin'
	option ports '0t 4 5t'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option ports '0t 5t'
	option vid '400'
	option description 'Guest'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option ports '0t 5t'
	option vid '450'
	option description 'LAN'

config device
	option type 'bridge'
	option name 'br-guest'
	list ports 'eth0.400'
	option bridge_empty '1'
	option ipv6 '0'

config interface 'guest'
	option proto 'none'
	option device 'br-guest'
	option defaultroute '0'
	option peerdns '0'
	option delegate '0'

config device
	option name 'eth0.400'
	option type '8021q'
	option ifname 'eth0'
	option vid '400'
	option ipv6 '0'

config device
	option name 'eth0.450'
	option type '8021q'
	option ifname 'eth0'
	option vid '450'
	option ipv6 '0'

config device
	option name 'wlan0'
	option ipv6 '0'

config device
	option name 'wlan0-1'
	option ipv6 '0'

config device
	option name 'wlan1'
	option ipv6 '0'

config device
	option name 'wlan1-1'
	option ipv6 '0'

The ipq40xx target changed from using swconfig, to using DSA, so each port (on the switch chip) is now exposed as a linux device. Your old swconfig stanzas will no longer work.

On cAP ac, these ports are labelled lan, and wan. They show up in ip link show as lan@eth0 and wan@eth0. eth0 is the DSA conduit (root device), so you cannot setup interfaces or VLANs directly on it.
Either use VLAN aware bridge (bridge-vlan stanzas), or setup your VLANs atop the lan or wan devices.

1 Like

As your configuration calls for one of the VLANs (410) to pass through between the two hardware ports, it is necessary to use the bridge-vlan syntax so that hardware switching will work properly. Place both ports in the same bridge then generate vlans within that bridge. There is a GUI page to do this which looks a lot like the old swconfig page.