How can I recreate this VLAN configuration in v24.10.0 ?
The entire "Switch" menu has disappeared in Luci !
Do I have to make "Bridge" devices or "802.1q" devices in the "Interfaces/Devices" menu ?
When I have tried to make a "Bridge" device on "eth1" and "lan1" with VLAN ID = 4 then I have lost all connectivity to the router that I had on "lan2".
Eventually I had to restart the router. It would not roll back automatically after 2min...
BTW: I use a 24-port managed Ethernet switch connected to the router's port "lan1". I only use wired connections - no WiFi.
@slh
The link to the DSA mini tutorial is out of date.
It does not contain changes made in v24.10.0 and the VLAN screenshots in this tutorial do not exist in v24.10.0.
DSA was introduced in v21.02 and I remind you that I had everything working in v23.05.3. Well past the introduction of the DSA.
How can I recreate the VLAN configuration I had working before in v24.10.0 ?
Where are the settings in Luci that correspond to the config switch and config switch_vlan sections ?
They existed in v23.05.3 but they do not exist in v24.10.0 anymore.
First, create an AP on lan and log into the router by wifi. This is so you won't lose access if Ethernet becomes misconfigured. You can shut down the AP when finished.
Go to Network-Interfaces and click Devices. Click the br-lan Configure button. Add wan as a port so that all the physical Ethernet ports are in the same bridge. This is necessary for hardware switching between the ports to work. Click the Bridge VLAN filtering tab. Check the Enable box at the top. Notice that this page looks and works a lot like the old Switch page. Build out your VLAN table setting ports to tagged untagged or off as needed. Check the local box on all of them. On untagged (access) ports, in their VLAN check both Untagged and Is Primary VLAN. Besides the VLANs you use externally, you will need two VLANs for lan and wan. Conventionally these are numbered 1 and 2 like in swconfig.
Go back to the main Interfaces tab and edit lan. Change the device from br-lan to br-lan.1 In the wan interface change the device from wan to br-lan.2. Make interfaces for all of your other VLANs and attach them with the br-lan.N notation. Even VLANs that only exist for hardware switching between ports still need an Interface of proto Unmanaged or they will not instantiate in the switch.
Click the br-lan Configure button. Add wan as a port so that all the physical Ethernet ports are in the same bridge. This is necessary for hardware switching between the ports to work.
This breaks my brain - what is the sense of merging all the physical ports (including wan) into a huge Bridge device, just to split them into different VLANs in the next step ?
Alas, "merging" is the opposite of "splitting", isn't it ? wtf is going on here ?
Also, what is the use of "hardware switching between the ports" when the packets from the wan port are never just copied to other ports (physical or virtual, vlans) ?
Between wan and other ports, the packets are always PAT/NAT translated by the firewall at Layer 3, they are never switched at Layer 2.
The Bridged AP guide previously implied that it was necessary and it also had many errors. I've just updated it over the past few days... it should now be clear that this is an optional addition, useful if the additional port is needed.
Here is my config.. I created vlans, 10 is iot and 20 is guest. I then put port 2 on the router in the iot vlan. I have two more access points which both have all three vlans for ssids (lan, iot and guest)
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd2e:5786:8da::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.1.2'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'br-wan'
option type 'bridge'
list ports 'wan'
list ports 'sfp'
config interface 'wan'
option device 'br-wan'
option proto 'dhcp'
option broadcast '1'
config interface 'wan6'
option device 'br-wan'
option proto 'dhcpv6'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan2:u*'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'lan2:t'
list ports 'lan3:u*'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'lan2:t'
config interface 'iot'
option proto 'static'
option device 'br-lan.10'
option ipaddr '192.168.10.2'
option netmask '255.255.255.0'
config interface 'guest'
option proto 'static'
option device 'br-lan.20'
option ipaddr '192.168.20.2'
option netmask '255.255.255.0'
Are you talking about an upstream switch, or the one built into this device
According to your config, VLAN 1 is only active on port lan2 as an untagged network. It is not connected to any other ports (but maybe it is connected to a WiFi SSID).
That depends on the chip in your device and except a few device with actually multiple network interface the majority of devices have just a single switch chip exposing like 5 ports. Yeah I hear you in the back. Yes they have different colours but in the end they share the same fate.
To be now able to emulate actual independent layer 2 device i.e. for a router, with one interface at the ISP and one interface in your local network you need two interfaces to route between them.
That's why with the defaults OpenWrt assigns vlan id 1 to lan and id 2 to wan. They are untagged so on the ether it's just a frame. But within the CPU Linux can now seperate those interfaces and do layer 3 shizzle.
Does it help?
Ps and edit: that's why with swconfig you need to add port 0, the CPU, to every vlan.
It helps a little. I understand why OpenWrt assigns vlan id 1 to lan port and id 2 to wan port so the CPU can now separate those interfaces and do layer 3 shizzle.
I still do not understand what is the sense of merging the physical ports into a huge Bridge device.
At the software level, there are two reasons this is done.
AFAIK, the DSA implementation only supports a single bridge per switch chip. (I believe this will change at some point in the future, and it's also possible some devices support multiple bridges on a single switch now, but the 1:1 relationship is guaranteed to work). Therefore, putting all ports into the same bridge allows them all to be assigned to whatever VLANs are desired with a single bridge + bridge VLAN structure.
If desired, the wan port gets added to the bridge to allow it to participate as "just another port" on the switch. This is completely optional and not required, though, and is only necessary if that additional port is needed. Otherwise, just use one of the lan ports to connect to the upstream.
Again, to be able to configure and use all ports on these switchchips.
It's not like that they are individual Network Interface Cards. No they are not. The "interfaces" are just "emulated" (sorry I fail to find a better word here).
Back in the days with swconfig and without VLAN aware bridges in Linux, we needed to create one bridge per VLAN, but the underlying switch-device is/was just one switch.
In the end of the day I think it does not matter, but IMHO, DSA and VLAN-Aware-Bridges really makes everyone's live easier.
I have an upstream switch connected to port 1.