@jow has recently added LuCI support for DSA configs. DSA is upstream Linux solution for controlling switches.
OpenWrt targets that seem to be using DSA:
If you happen to have device using DSA and you can install the latest master - please test it. Install LuCI and see if you can configure switch, ports, interfaces.
We need some testing before proceeding with the 21.02 releases.
MT7621 uses DSA as well.
ipq806x is only about to migrate to DSA with the pending bump to kernel v5.10, which is currently still being debugged for weird behaviour on e.g. the nbg6817 (qcom-smem, the automatic partition parser, and the qca8337 switch not working yet (reporting a wrong switch ID and not passing data through)).
I'm planning to test the 5.10 kernel on an r7500v2 soon. Is there a specific/different luci package I need to select at build time to test the luci DSA config? I'd like it to be included in the build as I'm expecting to not have internet access initially.
Also is the luci config ready for AP only configs with VLANs?
EDIT: based on the responses below, I changed my initial "hand" config for /etc/config/network - see my posts below.
An example from a mvebu device.
The plain luci/ luci-ssl meta-packages should pull in everything necessary, https://github.com/openwrt/luci/pull/4307 has some (older) screenshots of the DSA configuration pages. It's a little complex to wrap your head around at first, but you should be able to get it working
--
Disclaimer: I haven't been able to really test it myself so far.
Tested vlan and interface management on an 8 port Netgear GS108T-v3 (realtek target). Looks very good from the superficial tests I did.
If MT7621 should be tested as well I can help with testing on a Xiaomi Redmi AC2100.
For those wanting to test this on 21.02 already (and rolling their own), looks like you need PR 4307 as linked to by slh and this legacy bridge fix if you use it on non-DSA devices:
I was able to boot, run, and config DSA for my AP 2 VLAN network (see here) on my r7500v2 using kernel 5.10.26. I started with a partially functional hand network/system config and then used the luci interface to adjust it a bit to get it fully working.
The adjustment was figuring out how to forward my 2 VLAN trunk line coming in on the wan port out of one of the lan ports to a downstream AP. The luci interface made this easy to figure out.
While my network did come up initially it was not stable wrt ipv4 (not sure why yet, but I don't think it's related to using luci to adjust the config). My testing window closed for the day and I don't want to get into configuring DSA on ipq806x devices in this thread.
I'll post again after some additional testing but it may be a few weeks.
During a subsequent test event (configuration details here), I tried to set stp and igmp snooping via luci for the one bridge defined and lost connectivity to the device. Using a serial cable to access the device, I could see that theses options were not enabled from the luci attempt. However, I was able to set these options in /etc/config/network and restart the network through the command line without issue.
The logs I saved around the time of this event don't show anything useful; however, another user observed a similar issue here.
I won't have an opportunity to test DSA/luci again until the weekend...
HTH
I opened an issue on GitHub. LAN interface issue
After a few tests on a Xiaomi R4A Gigabit running a recent trunk build the steps I take to get a VLAN 20 tag on WAN:
Go to Network --> Interfaces --> Devices --> Add device configuration and create a software VLAN (802.1q) with device type WAN and VLAN id 20, save & apply.
Go to Network --> Interfaces --> Edit WAN --> Physical Settings --> Enable Bridge Interfaces --> Add the new software VLAN WAN.20 I just created to the new bridge, save & apply.
Network config:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd4a:c9cd:3076::/48'
option packet_steering '1'
config interface 'lan'
option type 'bridge'
option ifname 'lan1 lan2'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option proto 'dhcp'
option peerdns '0'
list dns '8.8.8.8'
list dns '8.8.4.4'
option type 'bridge'
option ifname 'wan wan.20'
config interface 'wan6'
option ifname 'wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config device
option type '8021q'
option ifname 'wan'
option vid '20'
option name 'wan.20'
This setup seems to work for me, if I don't bridge the WAN and the new software VLAN WAN.20 LuCI wants to remove the option VID from it for some reason.
Also a bug I've come across in Network --> Interfaces --> Devices --> select edit on a device and without changing any settings just press save, LuCI wants to create a new empty network device:
That‘s a rather unusual approach. Usually it should be enough to simply edit the physical wan interface and set it to custom „wan.20“. The VLAN device will be implicitly created.
Yeah I know.
I did it first like you say and it also works fine and I get Internet access but some LuCI bugs are present.
The new software VLAN entries don't get automatically added to network config, it does get created and enabled as I get Internet access but it's not actually visable in the file, if I go to Network --> Devices and select edit on the software VLAN then press save, without changing anything, LuCI then wants to apply the new entries to the network config file.
Network config before but with Internet access:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd4a:c9cd:3076::/48'
option packet_steering '1'
config interface 'lan'
option type 'bridge'
option ifname 'lan1 lan2'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option proto 'dhcp'
option peerdns '0'
list dns '8.8.8.8'
list dns '8.8.4.4'
option ifname 'wan.20'
config interface 'wan6'
option ifname 'wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
Network config after save/apply
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd4a:c9cd:3076::/48'
option packet_steering '1'
config interface 'lan'
option type 'bridge'
option ifname 'lan1 lan2'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option proto 'dhcp'
option peerdns '0'
list dns '8.8.8.8'
list dns '8.8.4.4'
option ifname 'wan.20'
config interface 'wan6'
option ifname 'wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config device
option name 'wan.20'
option type '8021q'
option ifname 'wan'
option vid '20'
The edit/save without manually changing any settings bug occurs also on the other network interface devices present and it adds/removes some settings without you actually changing anything, lan 1, lan2, etc.
This is not a bug. Netifd implicitly creates the corresponding VLAN device if some option ifname xxx.yy is present somewhere, explicit config device sections are not needed for that. They are only required if you want to override some settings of the VLAN interface, such as the VLAN protocol (e.g. 1ad vs. 1q or other properties like multicast support etc.)
Will look into that one, although it is harmless. Essentially it'll create an empty config device section that has no effect without further settings.
on an Netgear r6260:
Interfaces —> Lan —> Bridge VLAN Filtering the Dismiss button only works after you did some changes. On the other Tabs it is always working.
But I'm not overriding any VLAN settings, I'm just pressing edit then save and LuCI wants to add configuration changes to network config.
Kia Ora,
Just rolled a 21.02 today for WRT190ACS. Everything is default for the model except I added the advanced reboot pkg
Using LuCI I have created a second interface assigned to lan2 (tamariki), which works fine. However when I try to bridge the wlan0 (kids wifi) connection to lan2 the lan2 interface gets disabled - port light in router goes out. wlan0 works fine.
Looking at /etc/config/network & ./wireless all looks OK however when I run "brctl show" lan2 is absent from the bridge br-tamariki
root@OpenWrt:~# brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.<hidden> no lan3
lan1
br-tamariki 7fff.<hidden> no wlan0
If I bridge wlan0 to br-lan, then all interfaces appear
root@OpenWrt:~# brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.<hidden> no wlan0
lan3
lan1
How do I get br-tamariki to bridge lan2 and wlan0? I cannot seem to see a config file for this.
Here is my ./network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fddb:782a:c615::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option ifname 'lan1 lan3'
config interface 'wan'
option proto 'dhcp'
option ifname 'wan.10'
config device 'wan_wan_dev'
option name 'wan'
option macaddr '<hidden>'
config interface 'wan6'
option proto 'dhcpv6'
option auto '0'
option ifname 'wan.10'
option reqaddress 'none'
option reqprefix 'auto'
config interface 'tamariki'
option proto 'static'
option ifname 'lan2'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
and here is my ./wireless (just in case 
) where wlan0 is bridged lan2
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
option htmode 'VHT80'
option country 'AU'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option macaddr '<hidden>'
option ssid 'Bunny_Tamariki'
option encryption 'psk2+ccmp'
option key '***'
option wpa_disable_eapol_key_retries '1'
option network 'tamariki'
config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
option htmode 'HT20'
option disabled '1'
option country 'AU'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
option macaddr '<hidden>'
Apologies in advance as this may be slightly off topic; sound like a rant; and not offer any solution.
Any recommendations on where to from here would be greatly appreciated.
I have tried looking to in way to create the bridge between lan and wlan in the hopes of advising what was done to possibly enable a solution that could be baked in to LuCI to help others.
I have tried using brctl however I just cannot get it to work - as soon as a bridge is created to wlan outside of br-lan, the lan ports become disabled.
In my searches what I am finding is that there are (too?) many possible paths to travel to try to resolve the issue. There are so many different packages that may be able to offer a solution but none that explicitly say, "hey I work with bridging lan to wlan using DSA" (I could be searching for the wrong thing admittedly).
Again, recommendations are welcome!