It looks like the rpi4 has no built in switch so requires special non-DSA config, I think?
As per the title, I've used this links in the thread above to build an rpi config, for a router with 2 phy i/f's each trunking VLAN 10. See attached image for detail.
I'll add another VLAN for guest later when the first one works. As follows, is this config correct? I'm not sure if the devices need to be explicitly tagged @dev_odyssey
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option device ‘br-lan’
option ipaddr '192.168.1.1'
config device
option type '8021q'
option ifname 'eth1'
option vid '10'
option name 'eth1.10'
config device
option type '8021q'
option ifname 'eth2'
option vid '10'
option name 'eth2.10'
config device
option type 'bridge'
option name 'br-lan'
list ports 'eth1.10'
list ports 'eth2.10'
I made a video that might help you with this, feel free to watch it. The description includes working configs that you can use as examples.
Anyway, it seems like your config is for your RPi 4 OpenWrt router, but if not, please clarify what that config is for.
As of now, you have one VLAN per ethernet interface, VLAN 10 on eth1 and eth2. You also seem to be doing this in the non DSA configuration, so be sure to check out that specific link in the video (or below)
From the looks of it, after doing a couple passes, it seems to make sense, and I think it would work, though I'm not 100% sure. Have you tried it out yet? As for the AP endpoints, be sure that you untag that traffic on the interface, making them VLAN aware.
Curious to see how this works as I personally haven't tried creating a bridge between two VLAN interfaces, that reside on two different physical ports, at least with OpenWrt.
If this doesn't work, it may be easier to just get an inexpensive managed switch as @darksky recommended, put that in between your APs, and untag the right ports and send that traffic over to the APs. Given the limited number of native ports on an RPi 4, it would probably make the most sense to get a managed switch, especially when you want to add more ethernet devices to your network.
Thanks for the hints. I've been using your guides from day one already. I got the Rpi going in the end. Its not complete yet, while I resolve a wlan problem on the rt3200 dumb ap. But traffic from an untagged lan port on the rt3200 crosses the vlan through the router to the internet and back fine.
@realreform Awesome! I'm glad my content has been helping you out
Also great to hear you got the RPi end working as expected, with the untagged traffic moving via the VLAN and lan port from your rt3200 through the Pi, and the internet.
What's the issue with the wlan? Is it related to the VLAN you've created? Maybe I have 2 cents I can offer here.
In the DSA device (RT3200) you should have set up bridge-vlans inside a single master bridge. Each interface (layer 3 network, e.g. config interface 'lan') is attached to one of the bridge-vlans with option device br-lan.X with X being the VLAN number. When a wifi AP wifi-iface is added with Network matching one of the interface names, it will become part of that bridge-vlan.
Thank you for this. I believe I've configured it as you suggest as below. But its still not working. Please is it possible to suggest how I modify the UCI config to get it running as you suggest?
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd34:514c:bc94::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.2'
option device 'br-lan.10'
config interface 'guest'
option proto 'static'
option device 'guest'
option ipaddr '192.168.3.2'
option netmask '255.255.255.0'
config device
option type 'bridge'
option name 'guest'
list ports 'lan3'
list ports 'lan4'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'lan1:t'
list ports 'lan2:u*'
Use one bridge with all the Ethernet ports. Everything Ethernet related will be a bridge-vlan within that single bridge. I usually name it br-eth instead of br-lan to emphasize that functionality.
This seems to be the only way that DSA will get hardware switching to work properly.
Thanks. Thought so. I have found an error in my firewall config I'll try out later. Not sure why this would affect only the wlan ports and not the lan ports using the same network interface. Though I know they are structurally different.
You should explicitly state the tagged/untagged status of port lan2. Right now, it is presumably untagged, but set it as lan2:u* to make it explicit.
Then, once that is done, plug a device into port 2 or port 3 and see if it gets a DHCP address. Report back on the status there, and also please post your /etc/config/dhcp file.
