Questions regarding DSA VLAN on OpenWrt 21

OpenWrt version: 21.02.3
Device: Linksys WRT3200ACM

1- Can someone please explain in details the purpose of adding/omitting eth0 from a bridge VLAN?

2- How to configure VLAN tagging on wifi? On the wifi configuration it is possible to select networks, but this does not let the administrator to configure tagging, nor access control on multiple VLANs if they're within the same interface.

3- it seems it is possible to use VLAN 1. I know this is something that should be avoided, but maybe in this particular device it actually may have some practical use?

With DSA the CPU ports are handled implicitly by the kernel, the DSA master device (eth0) should be left alone. Only move port netdevs (lan1, lan2, wan etc.) into bridges/bridge vlans.

Select a network using a bridge VLAN device, the wifi netdev will then be added to the underlying bridge as untagged port in the bridge VLAN of the target networks device.

Example:

# /etc/config/network

config device
  option name br-lan
  option type bridge
  option vlan_filtering 1

config bridge-vlan
  option device br-lan
  option vlan 10
  list ports lan1:t
  list ports lan2:t
  list ports lan3

config interface guest
  option device br-lan.10
  option proto static
  option ipaddr 10.10.0.0/8
# /etc/config/wireless
config wifi-device radio0
 ...

config wifi-iface
  option device radio0
  option mode ap
  ...
  option network guest  # will inherit br-lan.10, move wlanX into br-lan
  ...                   # and add as untagged port to bridge-vlan 10

On the devices I use here, VLAN 1 is just an ordinary VLAN ID like any other, but apparently some devices do have quirks with VLAN 1 being special. Simply avoid it if you can to minimize the probability of issues.

5 Likes

So, it is not possible to later see the wifi port in the VLAN config in LuCi, nor tag the VLAN traffic on wifi?
I'm wondering if I could configure the wifi port as we can do with the physical ethernet ports in the VLAN config page on LuCi.