Need help with DSA port assignments about unusual behaviour

catdogmaus · December 27, 2022, 2:13pm

I installed openwrt a month ago and I don't have much experience.
I have a router with 4 lan ports. I divided my network into three, main, quest and IoT. When I moved the 4th port with my IoT server to IoT interface, for some inexplicable reason, the devices behind the port 1, 2 and 3 stopped working, even though I didn't touch there anything. When I moved the 4th port back to the lan, the other ports started working again. A result that does not make any sense.
here is the setup where all ports work

root@WRT1900ac:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd27:f9b5:7706::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config device
        option name 'lan1'
        option macaddr '94:10:xxx'

config device
        option name 'lan2'
        option macaddr '94:10:xxx'

config device
        option name 'lan3'
        option macaddr '94:10:xxx'

config device
        option name 'lan4'
        option macaddr '94:10:xxx'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'wan'
        option macaddr '94:10:xxx'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config interface 'Quest'
        option proto 'static'
        option ipaddr '10.20.30.40'
        option netmask '255.255.255.0'
        option device 'br-quest'

config interface 'IOT'
        option proto 'static'
        option ipaddr '172.16.0.1'
        option netmask '255.255.255.0'
        option device 'br-iot'

config device
        option type 'bridge'
        option name 'br-quest'

config device
        option type 'bridge'
        option name 'br-iot'

here is the setup where 1,2,3 refuse to work

root@WRT1900ac:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd27:f9b5:7706::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config device
        option name 'lan1'
        option macaddr '94:10:3e:xxx'

config device
        option name 'lan2'
        option macaddr '94:10:3e:xxx'

config device
        option name 'lan3'
        option macaddr '94:10:3e:xxx'

config device
        option name 'lan4'
        option macaddr '94:10:3e:xxx'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'wan'
        option macaddr '94:10:3e:xxx'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config interface 'Quest'
        option proto 'static'
        option ipaddr '10.20.30.40'
        option netmask '255.255.255.0'
        option device 'br-quest'

config interface 'IOT'
        option proto 'static'
        option ipaddr '172.16.0.1'
        option netmask '255.255.255.0'
        option device 'br-iot'

config device
        option type 'bridge'
        option name 'br-quest'

config device
        option type 'bridge'
        option name 'br-iot'
        list ports 'lan4'

pavelgl · December 27, 2022, 3:23pm

It appears that you cannot have two separate bridges running on this device.

github.com/openwrt/openwrt

Linksys WRT1900ACS v2 - 21.02 - Unable to activate VLAN

opened 07:43AM - 08 Apr 22 UTC

Berbe

target/mvebu release/21.02

_Originally posted on the [forum](https://forum.openwrt.org/t/linksys-wrt1900acs…-v2-swconfig-to-dsa-unable-to-reimplement-configuration/124375) I am submitting this here as it feels it might be a bug and not a mere configuration error_ I switched from v19.07 to v21.02 on my Linksys WRT1900ACS v2, and I am now trying to reimplement VLANs I was using on the old system on the new one. I must point out I read: * [DSA Mini-Tutorial](https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial) * [Converting to DSA](https://openwrt.org/docs/guide-user/network/dsa/converting-to-dsa) The conversion page takes the example of the basic VLAN layout in swconfig and [explains how to implement it in DSA](https://openwrt.org/docs/guide-user/network/dsa/converting-to-dsa#swconfig_dsa_vlan_configuration_comparison). The steps are: 1. Adding the `wan` `Network device` to the `br-lan` `Bridge device` 2. Adding `lan[1-3]` ports (`lan4` is excluded, belonging to another `Bridge device`) to VLAN №1 as `untagged`, `Primary VLAND ID` 3. Adding `wan` port to VLAN №2 as `untagged`, `Primary VLAND ID` 4. Assigning `br-lan.1` VLAN `Device` to `lan` `Interface` Here are the changes recorded before attempting to apply them: ``` uci add network bridge-vlan # =cfg0da1b0 uci set network.@bridge-vlan[-1].device='br-lan' uci set network.@bridge-vlan[-1].vlan='1' uci add_list network.@bridge-vlan[-1].ports='lan1:u*' uci add_list network.@bridge-vlan[-1].ports='lan2:u*' uci add_list network.@bridge-vlan[-1].ports='lan3:u*' uci add network bridge-vlan # =cfg0ea1b0 uci set network.@bridge-vlan[-1].device='br-lan' uci set network.@bridge-vlan[-1].vlan='2' uci add_list network.@bridge-vlan[-1].ports='wan:u*' uci del network.cfg030f15.ports uci add_list network.cfg030f15.ports='lan1' uci add_list network.cfg030f15.ports='lan2' uci add_list network.cfg030f15.ports='lan3' uci add_list network.cfg030f15.ports='wan' uci set network.lan.device='br-lan.1' ``` However, whenever I try to set this up through LuCI, the configuration fails to apply. Loads of kernel log messages (`dmesg`) coming from the `mv88e6085 f1072004.mdio-mii:00` facility. Here are the ones catching my attention: ``` [34215.573306] mv88e6085 f1072004.mdio-mii:00: p0: hw VLAN 1 already used by port 1 in br-lan [34215.614448] mv88e6085 f1072004.mdio-mii:00 lan4: failed to initialize vlan filtering on this port ``` IIRC, with `swconfig`, IIRC ports 0 & 1 were the 2 CPUs. I got 2 devices: * `br-lan` on ports `lan[1-3]` (+ `wan` for the needs of VLAN, following the conversion instructions from `swconfig`), used by a `lan` interface * `br-lanp` on port `lan4` used by a `lanp` interface I did not set VLAN up on the `br-lanp`, so why is anything attempted with `lan4`? The conflict on the CPU confuses me too. The `lan` interface is being used by 2 wireless ESSID, one on each radio (`radio0` 802.11nac & `radio1` 802.11bgn). Might be where the struggle comes from? <details> <summary>Full log (centered on an attempt to set the VLANs up)</summary> ``` [34213.976667] br-lan: port 6(wan) entered blocking state [34213.981831] br-lan: port 6(wan) entered disabled state [34213.988749] device wan entered promiscuous mode [34213.997321] mv88e6085 f1072004.mdio-mii:00: p6: already a member of VLAN 1 [34214.004245] br-lan: port 6(wan) entered blocking state [34214.009414] br-lan: port 6(wan) entered forwarding state [34214.030230] br-lan: port 6(wan) entered disabled state [34214.035455] br-lan: port 5(wlan0) entered disabled state [34214.040832] br-lan: port 4(wlan1) entered disabled state [34214.064358] device lan1 left promiscuous mode [34214.068818] br-lan: port 1(lan1) entered disabled state [34214.134109] device lan2 left promiscuous mode [34214.138565] br-lan: port 2(lan2) entered disabled state [34214.201712] device lan3 left promiscuous mode [34214.206167] br-lan: port 3(lan3) entered disabled state [34214.263382] device wan left promiscuous mode [34214.267742] br-lan: port 6(wan) entered disabled state [34214.314950] device wlan0 left promiscuous mode [34214.319448] br-lan: port 5(wlan0) entered disabled state [34214.382998] device wlan1 left promiscuous mode [34214.387504] br-lan: port 4(wlan1) entered disabled state [34214.519661] mv88e6085 f1072004.mdio-mii:00 lan4: configuring for phy/gmii link mode [34214.529809] 8021q: adding VLAN 0 to HW filter on device lan4 [34214.535602] br-lanp: port 2(lan4) entered blocking state [34214.540936] br-lanp: port 2(lan4) entered disabled state [34214.551488] device lan4 entered promiscuous mode [34214.567290] mv88e6085 f1072004.mdio-mii:00: p6: already a member of VLAN 1 [34214.598136] br-lanp: port 1(wlan0-1) entered disabled state [34214.605690] device lan4 left promiscuous mode [34214.610135] br-lanp: port 2(lan4) entered disabled state [34214.681726] device wlan0-1 left promiscuous mode [34214.686419] br-lanp: port 1(wlan0-1) entered disabled state [34214.812688] mv88e6085 f1072004.mdio-mii:00 lan1: configuring for phy/gmii link mode [34214.824640] 8021q: adding VLAN 0 to HW filter on device lan1 [34214.876842] br-lan: port 1(lan1) entered blocking state [34214.882099] br-lan: port 1(lan1) entered disabled state [34214.888031] device lan1 entered promiscuous mode [34214.896763] mv88e6085 f1072004.mdio-mii:00: p6: already a member of VLAN 1 [34214.923314] mv88e6085 f1072004.mdio-mii:00: p6: already a member of VLAN 1 [34214.936967] mv88e6085 f1072004.mdio-mii:00: port 6 failed to delete f6:5c:69:07:be:ca vid 2 from fdb: -95 [34214.946672] mv88e6085 f1072004.mdio-mii:00 lan2: configuring for phy/gmii link mode [34214.959031] 8021q: adding VLAN 0 to HW filter on device lan2 [34214.971709] mv88e6085 f1072004.mdio-mii:00: port 6 failed to add c4:41:1e:30:40:ff vid 2 to fdb: -95 [34215.016006] br-lan: port 2(lan2) entered blocking state [34215.021262] br-lan: port 2(lan2) entered disabled state [34215.027606] device lan2 entered promiscuous mode [34215.036406] mv88e6085 f1072004.mdio-mii:00: p6: already a member of VLAN 1 [34215.054226] mv88e6085 f1072004.mdio-mii:00: p6: already a member of VLAN 1 [34215.061582] mv88e6085 f1072004.mdio-mii:00 lan3: configuring for phy/gmii link mode [34215.073983] 8021q: adding VLAN 0 to HW filter on device lan3 [34215.124528] br-lan: port 3(lan3) entered blocking state [34215.129785] br-lan: port 3(lan3) entered disabled state [34215.136322] device lan3 entered promiscuous mode [34215.145050] mv88e6085 f1072004.mdio-mii:00: p6: already a member of VLAN 1 [34215.162830] mv88e6085 f1072004.mdio-mii:00: p6: already a member of VLAN 1 [34215.169861] br-lan: port 4(wan) entered blocking state [34215.175041] br-lan: port 4(wan) entered disabled state [34215.181823] device wan entered promiscuous mode [34215.190480] mv88e6085 f1072004.mdio-mii:00: p6: already a member of VLAN 1 [34215.263984] br-lan: port 5(wlan0) entered blocking state [34215.269338] br-lan: port 5(wlan0) entered disabled state [34215.274796] device wlan0 entered promiscuous mode [34215.292674] br-lan: port 6(wlan1) entered blocking state [34215.298034] br-lan: port 6(wlan1) entered disabled state [34215.303461] device wlan1 entered promiscuous mode [34215.337834] br-lan: port 6(wlan1) entered blocking state [34215.343173] br-lan: port 6(wlan1) entered forwarding state [34215.348719] br-lan: port 5(wlan0) entered blocking state [34215.354054] br-lan: port 5(wlan0) entered forwarding state [34215.359588] br-lan: port 4(wan) entered blocking state [34215.364753] br-lan: port 4(wan) entered forwarding state [34215.377365] br-lanp: port 1(wlan0-1) entered blocking state [34215.382985] br-lanp: port 1(wlan0-1) entered disabled state [34215.388787] device wlan0-1 entered promiscuous mode [34215.395222] br-lanp: port 1(wlan0-1) entered blocking state [34215.400848] br-lanp: port 1(wlan0-1) entered forwarding state [34215.494075] mv88e6085 f1072004.mdio-mii:00 lan4: configuring for phy/gmii link mode [34215.506511] 8021q: adding VLAN 0 to HW filter on device lan4 [34215.556184] br-lanp: port 2(lan4) entered blocking state [34215.561523] br-lanp: port 2(lan4) entered disabled state [34215.567477] device lan4 entered promiscuous mode [34215.573306] mv88e6085 f1072004.mdio-mii:00: p0: hw VLAN 1 already used by port 1 in br-lan [34215.614448] mv88e6085 f1072004.mdio-mii:00 lan4: failed to initialize vlan filtering on this port [34215.635145] br-lanp: port 2(lan4) entered blocking state [34215.640486] br-lanp: port 2(lan4) entered disabled state [34215.647538] mv88e6085 f1072004.mdio-mii:00: p0: hw VLAN 1 already used by port 1 in br-lan [34215.694396] mv88e6085 f1072004.mdio-mii:00 lan4: failed to initialize vlan filtering on this port [34215.715138] br-lanp: port 2(lan4) entered blocking state [34215.720476] br-lanp: port 2(lan4) entered disabled state [34215.727511] mv88e6085 f1072004.mdio-mii:00: p0: hw VLAN 1 already used by port 1 in br-lan [34215.774393] mv88e6085 f1072004.mdio-mii:00 lan4: failed to initialize vlan filtering on this port [34215.795186] br-lanp: port 2(lan4) entered blocking state [34215.800534] br-lanp: port 2(lan4) entered disabled state [34215.807662] mv88e6085 f1072004.mdio-mii:00: p0: hw VLAN 1 already used by port 1 in br-lan [34215.844394] mv88e6085 f1072004.mdio-mii:00 lan4: failed to initialize vlan filtering on this port [34215.873836] br-lanp: port 1(wlan0-1) entered disabled state [34215.881417] device wlan0-1 left promiscuous mode [34215.886138] br-lanp: port 1(wlan0-1) entered disabled state [34216.049700] br-lanp: port 1(wlan0-1) entered blocking state [34216.055350] br-lanp: port 1(wlan0-1) entered disabled state [34216.061141] device wlan0-1 entered promiscuous mode [34216.068336] br-lanp: port 1(wlan0-1) entered blocking state [34216.073951] br-lanp: port 1(wlan0-1) entered forwarding state [34216.124494] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready [34304.373049] br-lan: port 6(wlan1) entered disabled state [34304.378425] br-lan: port 5(wlan0) entered disabled state [34304.383785] br-lan: port 4(wan) entered disabled state [34304.414469] device lan1 left promiscuous mode [34304.418921] br-lan: port 1(lan1) entered disabled state [34304.457020] device lan2 left promiscuous mode [34304.461485] br-lan: port 2(lan2) entered disabled state [34304.516709] device lan3 left promiscuous mode [34304.521156] br-lan: port 3(lan3) entered disabled state [34304.576288] device wan left promiscuous mode [34304.580641] br-lan: port 4(wan) entered disabled state [34304.632116] device wlan0 left promiscuous mode [34304.636628] br-lan: port 5(wlan0) entered disabled state [34304.683119] device wlan1 left promiscuous mode [34304.687621] br-lan: port 6(wlan1) entered disabled state [34304.864277] mv88e6085 f1072004.mdio-mii:00 lan4: configuring for phy/gmii link mode [34304.876681] 8021q: adding VLAN 0 to HW filter on device lan4 [34304.924166] br-lanp: port 2(lan4) entered blocking state [34304.929505] br-lanp: port 2(lan4) entered disabled state [34304.939432] mv88e6085 f1072004.mdio-mii:00: p6: already a member of VLAN 1 [34304.960546] br-lanp: port 1(wlan0-1) entered disabled state [34304.968128] br-lanp: port 2(lan4) entered disabled state [34305.038031] device wlan0-1 left promiscuous mode [34305.042708] br-lanp: port 1(wlan0-1) entered disabled state [34305.165564] mv88e6085 f1072004.mdio-mii:00 lan1: configuring for phy/gmii link mode [34305.178168] 8021q: adding VLAN 0 to HW filter on device lan1 [34305.229975] br-lan: port 1(lan1) entered blocking state [34305.235243] br-lan: port 1(lan1) entered disabled state [34305.241129] device lan1 entered promiscuous mode [34305.249809] mv88e6085 f1072004.mdio-mii:00: p6: already a member of VLAN 1 [34305.272380] mv88e6085 f1072004.mdio-mii:00 lan2: configuring for phy/gmii link mode [34305.284754] 8021q: adding VLAN 0 to HW filter on device lan2 [34305.339960] br-lan: port 2(lan2) entered blocking state [34305.345222] br-lan: port 2(lan2) entered disabled state [34305.351410] device lan2 entered promiscuous mode [34305.360031] mv88e6085 f1072004.mdio-mii:00: p6: already a member of VLAN 1 [34305.369786] mv88e6085 f1072004.mdio-mii:00 lan3: configuring for phy/gmii link mode [34305.382151] 8021q: adding VLAN 0 to HW filter on device lan3 [34305.434552] br-lan: port 3(lan3) entered blocking state [34305.439803] br-lan: port 3(lan3) entered disabled state [34305.446343] device lan3 entered promiscuous mode [34305.454951] mv88e6085 f1072004.mdio-mii:00: p6: already a member of VLAN 1 [34305.464556] br-lan: port 4(wan) entered blocking state [34305.469719] br-lan: port 4(wan) entered disabled state [34305.476537] device wan entered promiscuous mode [34305.485082] mv88e6085 f1072004.mdio-mii:00: p6: already a member of VLAN 1 [34305.503238] br-lan: port 5(wlan0) entered blocking state [34305.508577] br-lan: port 5(wlan0) entered disabled state [34305.514024] device wlan0 entered promiscuous mode [34305.527765] br-lan: port 6(wlan1) entered blocking state [34305.533132] br-lan: port 6(wlan1) entered disabled state [34305.538566] device wlan1 entered promiscuous mode [34305.560918] br-lan: port 6(wlan1) entered blocking state [34305.566265] br-lan: port 6(wlan1) entered forwarding state [34305.571797] br-lan: port 5(wlan0) entered blocking state [34305.577141] br-lan: port 5(wlan0) entered forwarding state [34305.582669] br-lan: port 4(wan) entered blocking state [34305.587838] br-lan: port 4(wan) entered forwarding state [34305.596676] br-lanp: port 1(wlan0-1) entered blocking state [34305.602288] br-lanp: port 1(wlan0-1) entered disabled state [34305.608135] device wlan0-1 entered promiscuous mode [34305.614094] br-lanp: port 1(wlan0-1) entered blocking state [34305.619712] br-lanp: port 1(wlan0-1) entered forwarding state [34305.695564] device wan left promiscuous mode [34305.699970] br-lan: port 4(wan) entered disabled state [34305.777955] mv88e6085 f1072004.mdio-mii:00 lan4: configuring for phy/gmii link mode [34305.790310] 8021q: adding VLAN 0 to HW filter on device lan4 [34305.843136] br-lanp: port 2(lan4) entered blocking state [34305.848476] br-lanp: port 2(lan4) entered disabled state [34305.855723] mv88e6085 f1072004.mdio-mii:00: p0: hw VLAN 1 already used by port 1 in br-lan [34305.902952] mv88e6085 f1072004.mdio-mii:00 lan4: failed to initialize vlan filtering on this port [34305.923565] br-lanp: port 2(lan4) entered blocking state [34305.928900] br-lanp: port 2(lan4) entered disabled state [34305.936001] mv88e6085 f1072004.mdio-mii:00: p0: hw VLAN 1 already used by port 1 in br-lan [34305.982943] mv88e6085 f1072004.mdio-mii:00 lan4: failed to initialize vlan filtering on this port [34306.003529] br-lanp: port 2(lan4) entered blocking state [34306.008869] br-lanp: port 2(lan4) entered disabled state [34306.015954] mv88e6085 f1072004.mdio-mii:00: p0: hw VLAN 1 already used by port 1 in br-lan [34306.062942] mv88e6085 f1072004.mdio-mii:00 lan4: failed to initialize vlan filtering on this port [34306.083447] br-lanp: port 2(lan4) entered blocking state [34306.088782] br-lanp: port 2(lan4) entered disabled state [34306.095810] mv88e6085 f1072004.mdio-mii:00: p0: hw VLAN 1 already used by port 1 in br-lan [34306.142941] mv88e6085 f1072004.mdio-mii:00 lan4: failed to initialize vlan filtering on this port [34306.171826] br-lanp: port 1(wlan0-1) entered disabled state [34306.179325] device wlan0-1 left promiscuous mode [34306.184006] br-lanp: port 1(wlan0-1) entered disabled state [34306.305884] br-lanp: port 1(wlan0-1) entered blocking state [34306.311501] br-lanp: port 1(wlan0-1) entered disabled state [34306.317299] device wlan0-1 entered promiscuous mode [34306.325143] br-lanp: port 1(wlan0-1) entered blocking state [34306.330758] br-lanp: port 1(wlan0-1) entered forwarding state ``` </details>

Try using bridge VLAN filtering.

catdogmaus · December 27, 2022, 4:56pm

Can you or someone else guide me how to achieve the same result with filtering as with bridging. My router maintenance skills don't extend beyond the basics. I think that my possibility of screwing up here is too big to try alone.

pavelgl · December 27, 2022, 5:22pm

Run the following commands:

uci add network bridge-vlan
uci set network.@bridge-vlan[-1].device='br-lan'
uci set network.@bridge-vlan[-1].vlan='1'
uci add_list network.@bridge-vlan[-1].ports='lan1'
uci add_list network.@bridge-vlan[-1].ports='lan2'
uci add_list network.@bridge-vlan[-1].ports='lan3'
uci set network.lan.device='br-lan.1'

uci add network bridge-vlan
uci set network.@bridge-vlan[-1].device='br-lan'
uci set network.@bridge-vlan[-1].vlan='10'
uci add_list network.@bridge-vlan[-1].ports='lan4'
uci set network.IOT.device='br-lan.10'

Then run uci export network and look for the following changes:

config bridge-vlan
		option device 'br-lan'
		list ports 'lan1'
		list ports 'lan2'
		list ports 'lan3'
		option vlan '1'
	
config bridge-vlan
		option device 'br-lan'
		list ports 'lan4'
		option vlan '10'

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
		
config interface 'IOT'
        option proto 'static'
        option ipaddr '172.16.0.1'
        option netmask '255.255.255.0'
        option device 'br-lan.10'

Restart the network service.

If everything is fine, save the changes using uci commit network.
Otherwise, reboot the device.

catdogmaus · December 27, 2022, 6:05pm

The result was some of the desired changes, but not all, in my opinion. I dare not proceed without inspection or I will be locked out
here is all the actual result

root@WRT1900ac:~# uci add network bridge-vlan
cfg10a1b0
root@WRT1900ac:~# uci set network.@bridge-vlan[-1].device='br-lan'
root@WRT1900ac:~# uci set network.@bridge-vlan[-1].vlan='1'
root@WRT1900ac:~# uci add_list network.@bridge-vlan[-1].ports='lan1'
root@WRT1900ac:~# uci add_list network.@bridge-vlan[-1].ports='lan2'
root@WRT1900ac:~# uci add_list network.@bridge-vlan[-1].ports='lan3'
root@WRT1900ac:~# uci set network.lan.device='br-lan.1'
root@WRT1900ac:~# uci add network bridge-vlan
cfg11a1b0
root@WRT1900ac:~# uci set network.@bridge-vlan[-1].device='br-lan'
root@WRT1900ac:~# uci set network.@bridge-vlan[-1].vlan='10'
root@WRT1900ac:~# uci add_list network.@bridge-vlan[-1].ports='lan4'
root@WRT1900ac:~# uci set network.IOT.device='br-lan.10'
root@WRT1900ac:~# uci export network
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd27:f9b5:7706::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config device
        option name 'lan1'
        option macaddr '94:10:3e:a2:01:71'

config device
        option name 'lan2'
        option macaddr '94:10:3e:a2:01:71'

config device
        option name 'lan3'
        option macaddr '94:10:3e:a2:01:71'

config device
        option name 'lan4'
        option macaddr '94:10:3e:a2:01:71'

config interface 'lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option device 'br-lan.1'

config device
        option name 'wan'
        option macaddr '94:10:3e:a2:01:71'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config interface 'Quest'
        option proto 'static'
        option ipaddr '10.20.30.40'
        option netmask '255.255.255.0'
        option device 'br-quest'

config interface 'IOT'
        option proto 'static'
        option ipaddr '172.16.0.1'
        option netmask '255.255.255.0'
        option device 'br-lan.10'

config device
        option type 'bridge'
        option name 'br-quest'

config device
        option type 'bridge'
        option name 'br-iot'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan4'

pavelgl · December 27, 2022, 6:11pm

It looks fine. Restart the network service.

If you lose access for some reason, power off/on the device and the previous configuration will be restored.

catdogmaus · December 27, 2022, 6:24pm

just to be clear, by restart u mean restart router

pavelgl · December 27, 2022, 6:28pm

Run /etc/init.d/network restart.
If you don't lose access, run uci commit network.
Otherwise, turn off/on the power.

catdogmaus · December 27, 2022, 6:37pm

Thanks. I got it to work. I also made a little modification and marked all vlan1 ports as primary vlan. As far as I understand, when I ever want to add an access point I need to mark that port as tagged.

system · January 6, 2023, 6:37pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.