1- Can someone please explain in details the purpose of adding/omitting eth0 from a bridge VLAN?
2- How to configure VLAN tagging on wifi? On the wifi configuration it is possible to select networks, but this does not let the administrator to configure tagging, nor access control on multiple VLANs if they're within the same interface.
3- it seems it is possible to use VLAN 1. I know this is something that should be avoided, but maybe in this particular device it actually may have some practical use?
With DSA the CPU ports are handled implicitly by the kernel, the DSA master device (eth0) should be left alone. Only move port netdevs (lan1, lan2, wan etc.) into bridges/bridge vlans.
Select a network using a bridge VLAN device, the wifi netdev will then be added to the underlying bridge as untagged port in the bridge VLAN of the target networks device.
option name br-lan
option type bridge
option vlan_filtering 1
option device br-lan
option vlan 10
list ports lan1:t
list ports lan2:t
list ports lan3
config interface guest
option device br-lan.10
option proto static
option ipaddr 10.10.0.0/8
config wifi-device radio0
option device radio0
option mode ap
option network guest # will inherit br-lan.10, move wlanX into br-lan
... # and add as untagged port to bridge-vlan 10
On the devices I use here, VLAN 1 is just an ordinary VLAN ID like any other, but apparently some devices do have quirks with VLAN 1 being special. Simply avoid it if you can to minimize the probability of issues.
So, it is not possible to later see the wifi port in the VLAN config in LuCi, nor tag the VLAN traffic on wifi?
I'm wondering if I could configure the wifi port as we can do with the physical ethernet ports in the VLAN config page on LuCi.