Router with Wireless bridge-vlan support

DSA Distributed Switch Architecture is the upstream replacement for swconfig Core support and netifd should be working. Missing: LuCI (Wireless bridge-vlan support), documentation.

I am a little bit confused, does the note above mean, that Wireless bridge-vlan support is not supported until now?

At the moment I use a NetGear Nighthawk X4S (R7800) as Bridge Master and 2 TP-Link Archer C7 as Bridge Clients without VLAN.

I would like to use all 3 with VLAN (own network for Wifi and own for LAN).

So do I need new routers?

As I understand it, that wireless bridge-vlan support refers to the connection between a wireless interface and the DSA-managed bridge within a router.

It does not refer to a WDS bridge, and it will not bring support for VLAN tagging on WDS links.

Not if you are happy with their performance so far.

Although I was tempted to say yes, and you can send the R7800 my way.

I am not sure if I understood you correctly.

There is the following hardware,
Netgear R7800 (Nighthawk X4S AC2600) as Wireless Bridge Master

2 TP-Link Archer C7 AC1750 v5 as Wireless Bridge Clients

2 TP-Link TL-WR1043ND v1.8 as Wireless Bridge Clients (could be replaced if needed)

1 Mikrotik RouterBOARD 4011iGS+RM (AL21400) - https://mikrotik.com/product/rb4011igs_rm will be used as Firewall, RouterOS 6.48.2 is used

1 Mikrotik Switch CRS326-24G-2S+IN (98DX3236) - https://mikrotik.com/product/crs326_24g_2s_in will be used as Switch, RouterOS 6.48.2 is used

1 FRITZ!Box 6890 LTE
https://en.avm.de/products/fritzbox/fritzbox-6890-lte/details/ using DSL, VDSL2 or LTE for ISP connection

All wireless bridge clients are configured simularly:
eg Archer C7
WLAN Access Point for mobile phones, a.s.o
LAN conncetion between the C7 and a DVB enigma box (eg)

I would like to have the AP with mobile phones in 192.168.133.x
and the DVB box in 192.168.111.x

Remember the C7 ist wireless connected to a Netgear R7800 master.

The R7800 can be configured as needed, but the WLAN has also to be in 192.168.133.x and the LAN in 192.168.111.x

The R7800 should be connected to the firewall Mikrotik RB4011 and the Firewall should be connected to the switch Mikrotik CRS326. Mikrotik devices use RouterOS 6.48.2. The firewall RB4011 should allow which devices / networks may have connections, mainly there should be a connection from the LAN 192.168.111.x to WLAN 192.168.333.x but not the other way. So there should be no WLAN access allowed ftom WLAN to LAN.

So please tell me, if this is possible or not with the existing hardware. If not, can this wireless bridge be done with another hardware.

and it will not bring support for VLAN tagging on WDS links.

So if I understand this correctly, the above szenario cannot be setup. If this is true, I have to rethink the whole network setup and I have no idea, how to have separate nets for LAN and WLAN with a wireless bridge.

For a small number of VLANs, like in your case, just create one SSID per VLAN.
As the number of VLANs grows, consider using a tunnel instead, for example based on GRE.

Sorry, I don't understand this. SSID is related for me to Wifi / WLAN. The DVB box is simply connected to the LAN-port of the wireless-bridged C7.

How can I create a SSID for a LAN port?

If you want the WDS link to carry two VLANs (LAN=VLAN1, WLAN=VLAN3), then create two SSIDs in AP mode on the R7800 and connect each Client Router/AP to both of them.
Basically, you will be running two WDS links in parallel, and each of them carries exactly one VLAN.
This works without VLAN tagging on the WDS links.

Thanks, it is getting more understandable for me, the 2 SSIDs are related to the R7800 and the LAN of the client uses WLAN. The good news is, that it can be done. Now I have to play.

Don't know, if this is better discussed here or in the other thread. Is there a cheaper device than an Archer C7 to play with VLAN - #21 by linuxuser The question is, is a MikroTik RB2011UiAS-2HnD-IN suitable as master (DSA in the future)? To avoid double discussion please answer in the other thread.