Problem with setting an implicit VLAN explicitly

I would like to separate some devices on my LAN into VLANs and since I so far did not succeed, I decided to do just a very simple task - configuring VLAN tagging for my default network explicitly. And failed at that too. I have read the wiki many times but I do not see anything wrong and I do not have console access to my device so I could actually check what is happening. The only thing I can see, after changing the settings is that I can no longer connect to the device.

I am running a recent master branch (OpenWrt SNAPSHOT, r23300-86bc525d00) in a custom built image on TP-Link Archer AX23.

This is a original config snippet from my /etc/config/network:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix '<removed>::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface        lan
        option ifname   'br-lan'
        option proto    static
        option ipaddr   192.168.6.10
        option netmask  255.255.255.0
        option ip6assign '60'

From what I understood from the different wikis (as the DSA config is not currently documented in the etc/config/network/ wiki) is the following config should explicitly set a VLAN with ID 99 for my default network. On the the outside however everything should work the same way:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix '<removed>::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config bridge-vlan
        option device 'br-lan'
        option vlan '99'
        list ports 'lan1:u*'
        list ports 'lan2:u*'
        list ports 'lan3:u*'
        list ports 'lan4:u*'

config interface        lan
        option ifname   'br-lan.99'
        option proto    static
        option ipaddr   192.168.6.10
        option netmask  255.255.255.0
        option ip6assign '60'

I believe I must be missing something obvious since not even this simple thing does work, but I cannot figure it out. The firewall or dnsmasq are configured to operate on "logical" zones, lan in this case, and should not be affected.
Also if someone knows how to get some debugging info from the device over an SSH connection before it disconnects, I would appreciate it.

This should be option device 'br-lan.99'

3 Likes

Great, this did the trick! I needed to change all the other "interface" definitions where I used iface with physical wifi interface (e.g. phy0-ap0) and then it started working as expected.
It is interesting that the config with iface options worked fine so far (without any VLAN).

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.