Starter VLAN Tagging for DSA Router


Hello. Can anyone recommend or give a very simple example of basic tagging with all 'untagged' ports on a couple of vlans? I'm working with a traditional DSA router (non-dumb-access point), and looking to create 1 VLAN for the LAN interface, and another to use on another interface. I believe 2 such VLANS represent the minimum config to use VLANs, and would like to create VLANS that use all 5 physical ports pictured above.

Have successfully setup VLANS on routers with swconfig, and have setup VLANS on a DSA router used as a dumb access point, but when working with a traditional DSA router, everything I have entered on the 'Bridge VLAN filtering' page locks me out and tells me to revert when I change the LAN interface device to use one of the new vlan bridges.

In photo above, I added the WAN port into the tagging config on the "Bridge device: br-lan" --> "general device options" tab. Not sure if that's important.

With SwConfig, the whole setup was almost entirely preconfigured, making it easy to expand on the example that was already there. VLAN1 was primary, VLAN2 was for the WAN, and trunk port was created. All that was needed was a basic knowledge of how tagged and untagged ports function.

I don't mind the way the "Bridge VLAN filtering" page for br-lan device replaces the old switch page. Just need the very most basic config to start with that doesn't say to revert. Hopefully this is quick for someone who knows the formula. Many Thanks.

You are getting locked out because you need to move the LAN interface onto br-lan.1 before clicking apply.

  1. Create VLAN ID 1
  2. lan1 untag
  3. click save ( DO NOT CLICK SAVE & APPLY)
  4. go to interfaces -> edit LAN -> change device to br-lan.1
  5. now click SAVE & APPLY

under DSA your VLAN interfaces are going to be named after the bridge that is going to be doing the VLAN filtering.


Yes what @papdee said.
If your router has wifi it is advisable to log in via wifi so you don't get locked out while configuring the Ethernet ports.
Once you have migrated the default lan to a vlan configuration, go back to the Bridge VLAN Filtering tab and add another VLAN number it 2 and check the local box and add at least one port untagged. Make sure that port is Not Member of VLAN 1, as a port can only be untagged in one VLAN. Then create an additional lan-like network interface and use br-lan.2 as its device.

Many thanks. That worked, and is so simple. Was aware not to apply changes until after setting LAN interface device to br-lan.1, but previously hadn't entered a working vlan config before changing LAN interface. Sometimes solution is so simple. VLAN configs I had tried previously might have overcomplicated it. Many thanks.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.