hello, I have been an openwrt user for many years now. I mainly use Linksys WRT3200ACM without any issues. Recently I wanted to try and setup a network with multiple SSIDs, with each on a separate VLAN. It looks like DSA is an improvement in this recently so I have updated my device to run OpenWRT 24.10.3.
Let me quickly point out I only use OpenWRT as an access point. I don't use it as internet gateway, router, DHCP server, etc.
Reading the product page I thought this device had two ethernet ports internally. However only /sys/class/net/eth0 exists. There is no /sys/class/net/ entry for any other ethernet ports that I can see. So if I understand correctly there is a Marvell switch between the ports on the box & the CPU ethernet port. The marvell switch would be configured in EDSA mode it seems and then each ethernet frame arrives wrapped in a EDSA header. The linux kernel unpacks this and then is able to treat each port on the switch as a separate device which is now called lan0, lan1, lan2, etc. My preference would be to somehow disable DSA and just have the internal switch function as a dumb switch and have the CPU eth on one port. I don't see an option to do this however.
What I want is to use one of the ports, say lan1 as a trunk port. The idea is I would have the following usage of lan1
- lan1, untagged - goes to 'wifinetworkA'
- lan1, VLAN tag 50 - goes to 'wifinetworkB'
- lan1, VLAN tag 51 - goes to 'wifinetworkC'
so if a packet arrives from the lan with VLAN tag 50 it goes only to wifinetworkB. If a packet arrives from wifinetworkB it would be tagged with VLAN tag 50 and sent on the LAN
I am able to edit /etc/config/network and add entries like this
config interface 'lankids'
option device 'br-lan.51'
option proto 'static'
option ipaddr '10.235.236.2'
option netmask '255.255.255.0'
config interface 'lanhome'
option device 'br-lan.50'
option proto 'static'
option ipaddr '10.235.235.2'
option netmask '255.255.255.0'
config device
option name 'br-lan.50'
option type '8021q'
option ifname 'br-lan'
option vid '50'
option ipv6 '0'
config device
option name 'br-lan.51'
option type '8021q'
option ifname 'br-lan'
option vid '51'
option ipv6 '0'
Afterwards I can use Luci to define new wifi networks. When I did this I got new entries in /etc/config/wireless like this
config wifi-iface 'wifinet2'
option device 'radio1'
option mode 'ap'
option ssid 'mywifinetwork'
option encryption 'psk2'
option key 'somepasswordforyou'
option network 'lanhome'
My phone sees the new AP. I installed tcpdump and can use it to see packets arrive on the interfaces that get generated with names like phy-XXX. However no packets ever go in / out on the br-lan.50 or br.lan-51 interfaces. I'm also monitoring the lan port with another linux PC capturing packets. It never gets any VLAN tagged frames.
So either I am missing something here or making this more complex than needed?