I would be very grateful if you could provide me a configuration file with defined 3 vlans (without losing access to the device) in the dsa style which is currently driving me crazy
lan = vlan 10
iot = vlan 20
guests = vlan 30
this is for an access point dump where 1 cable brings in all vlans from a router still with swconfig
where the following vlans are defined:
vlan 1
vlan 2 = wan
vlan 10 = lan
vlan 20 = iot
vlan 30 = guests
Can we see the complete network config file from the swconfig environment, and then the default config of the same file once you've updated to a version with DSA?
this is the configuration file of an access point dump already done (/etc/config/network)
I have a similar router (same model) that I would like to use as a dump access point connected to a router where the vlans are already defined
if you can send me a configuration file in dsa format
I would be grateful, as I still have to configure the new router but after several attempts I don't know what I'm doing wrong
Well, this looks like swconfig. So resetting (with firstboot) will not get you there (unless you are using a DSA version of OpenWrt and you restored a swconfig file). You need to be running 21.02 or 22.03 (or even 23.05-rc1), depending on your model to be converted to DSA (assuming your device's target architecture has made the transition).
Don't attempt to directly move the entire network config file. You can move segments, but sometimes there are things like MAC addresses and other device specific details that can cause problems if moved directly.
Let's see the default (or hopefully near-default) config from this device. That is a fine template.
With the caveat that I don't know if the logical <-> physical port mapping is 1:1 in the config based around swconfig (I'll assume it is), you'll need to add this to your config file on the DSA side:
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
config bridge-vlan
option device 'br-lan'
option vlan '30'
list ports 'lan1:t'
list ports 'lan4:t'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'lan1:t'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'lan1:t'
list ports 'lan4:t'
config interface 'guest'
option device 'br-lan.30'
option proto 'none'
config interface 'iot'
option device 'br-lan.20'
option proto 'none'
config interface 'admin'
option proto 'static'
option netmask '255.255.255.0'
option ifname 'br-lan.1'
option ipaddr '192.168.1.2'
option gateway '192.168.1.1'
list dns '192.168.1.1'
Then edit the lan interface like this:
config interface 'lan'
option device 'br-lan.10'
option proto 'dhcp'
Just to make sure it is clear, I took the config from the swconfig example and adapted it for DSA. You may want to make more simple changes to start... for example (from a fresh reset/default config), and probably not connected to the rest of the network (a direct connection between your computer and the AP you're trying to conigure should be the only connecitivty for both devices):
Add this:
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
Set up an admin network so you can log in wirelessly. Then no matter what you do to the Ethernet ports you won't lose access.
The admin network consists of an interface with a static /24 IP that is not being used anywhere else in your networks, a DHCPv4 server on that interface, and a wifi AP on that network. The default firewall rule is to allow input so you don't necessarily need to put the admin network in a firewall zone.
I think that DSA (as well as swconfig) on the IPQ4019 was buggy until recent snapshots. The chip has an unconventional internal arrangement of the Ethernet system.
Tagged and untagged on the same port should be avoided unless you have to connect to someone else's system that requires it. It does not work on all hardware.
Without knowing the mapping between uci port numbers (0 1 2 3 4) to DSA port names (wan lan1 lan2 lan3 lan4), it is not possible to give him the right configuration.
The OP will have to figure that out for themselves. But, fortunately, with DSA, the port numbers in the config should match up with the ports as physically labeled on the device... so it should be easy for them to identify the intent (ports are used for what purposes) and adjust if necessary.
It doesn't have to have a firewall zone, but if you use lan a PC connected to the admin AP will be allowed to route to your other networks and the Internet. If left unspecified you can use it to log into the router but it won't be allowed to forward anywhere.
In your picture, leave Device unspecified. The only hardware interface will be wireless, and those are attached to networks later via the wifi configuration. In the wireless configuration of the admin AP, choose admin as the Network.
I configured the wan interface in static ip by connecting a pc directly to the wan port and then I have not lost the connection
for people who might have the same problem in the future
this is a solution that allows you to make all the changes without being cut off from the system
