Switching from swconfig to DSA

Hello everyone,

yesterday I found out, that my old VLAN configuration from version 19.07 is no longer supported and I have to build it from scratch. Unfortunately, I have not much experience, but I used a guide and here is my result.

Before, here are some information: I am using a Netgear R6220. With this configuration I want to create several VLANs to sepaerate each Interface (lan ports and wifi).

This was my old swconfig:

signal-2021-11-04-194121_0012048×1536 244 KB

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '3 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'
	option vid '2'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '6t'
	option vid '60'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option ports '2 6t'
	option vid '10'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option ports '1 6t'
	option vid '20'

config switch_vlan
	option device 'switch0'
	option vlan '6'
	option ports '0 6t'
	option vid '30'

config switch_vlan
	option device 'switch0'
	option vlan '7'
	option ports '6t'
	option vid '40'

config switch_vlan
	option device 'switch0'
	option vlan '8'
	option ports '6t'
	option vid '50'

This is what I have setup new:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'eth0:t'
        list ports 'lan1:u'

config bridge-vlan
        option device 'br-lan'
        option vlan '2'
        list ports 'eth0:t'
        list ports 'wan:u'

config bridge-vlan                                                                
        option device 'br-lan'                                                    
        option vlan '10'                                                           
        list ports 'eth0:t'                                                       
        list ports 'lan2:u' 

config bridge-vlan                                                                
        option device 'br-lan'                                                    
        option vlan '20'                                                           
        list ports 'eth0:t'                                                       
        list ports 'lan3:u'

config bridge-vlan                                                                
        option device 'br-lan'                                                    
        option vlan '30'                                                           
        list ports 'eth0:t'                                                       
        list ports 'lan4:u'

config bridge-vlan                                                                
        option device 'br-lan'                                                    
        option vlan '40'                                                           
        list ports 'eth0:t'                                                       

config bridge-vlan                                                                
        option device 'br-lan'                                                    
        option vlan '50'                                                           
        list ports 'eth0:t'                                                       

config bridge-vlan                                                                
        option device 'br-lan'                                                    
        option vlan '60'                                                           
        list ports 'eth0:t' 

The VLANs with not specific physical lan port are for the wifi networks.
Any feedback if I have done it correct would be great! Also, if you have any suggestions for improvement.

Thank you and Cheers, Lasko

Mini tutorial for DSA network config might be useful.

@frollic This was the exact guide I was using. Especially "VLAN tagged traffic"

Looks OK - but you haven't shown the full network config

Are you having problems?

Thank you. No, I wanted to understand and built the VLAN config before recreating the interfaces.
This is my full network config:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix ''

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'eth0:t'
        list ports 'lan1:u'

config bridge-vlan
        option device 'br-lan'
        option vlan '2'
        list ports 'eth0:t'
        list ports 'wan:u'

config bridge-vlan                                                                
        option device 'br-lan'                                                    
        option vlan '10'                                                           
        list ports 'eth0:t'                                                       
        list ports 'lan2:u' 

config bridge-vlan                                                                
        option device 'br-lan'                                                    
        option vlan '20'                                                           
        list ports 'eth0:t'                                                       
        list ports 'lan3:u'

config bridge-vlan                                                                
        option device 'br-lan'                                                    
        option vlan '30'                                                           
        list ports 'eth0:t'                                                       
        list ports 'lan4:u'

config bridge-vlan                                                                
        option device 'br-lan'                                                    
        option vlan '40'                                                           
        list ports 'eth0:t'                                                       

config bridge-vlan                                                                
        option device 'br-lan'                                                    
        option vlan '50'                                                           
        list ports 'eth0:t'                                                       

config bridge-vlan                                                                
        option device 'br-lan'                                                    
        option vlan '60'                                                           
        list ports 'eth0:t'

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'br-lan.2'
        option proto 'pppoe'
        option username ''
        option password ''
        option ipv6 'auto'

config interface 'wan6'
        option device 'br-lan.2'
        option proto 'dhcpv6'

config interface 'Lan3'
    option device 'br-lan.20'
        option proto 'static'
        option type 'bridge'
        option ip6assign '60'
        list ipaddr '192.168.3.1/24'

config interface 'LAN2'
        option proto 'static'
        option device 'br-lan.10'
        option type 'bridge'
        option ip6assign '60'
        list ipaddr '192.168.2.1/24'

config interface 'WIFITrusted2'
        option proto 'static'
        option type 'bridge'
        option ip6assign '60'
        list ipaddr '192.168.5.1/24'
        option device 'br-lan.40'

config interface 'WIFIBUSINESS'
        option proto 'static'
        option type 'bridge'
        option ip6assign '60'
        list ipaddr '192.168.6.1/24'
        option device 'br-lan.50'

config interface 'WIFIGUESTS'
        option proto 'static'
        option type 'bridge'
        option ip6assign '60'
        list ipaddr '192.168.7.1/24'
        option device 'br-lan.60'

In DSA, there is no such thing as running VLANs on a CPU port to get them to the switch chip. You're not concerned with exactly how the hardware is built. The CPU connection to the switch, even the fact that there is a switch, is supposed to be abstracted away.

In this particular use case, where all the external ports are untagged and thus present in only one network, DSA configuration can be simplified. Each port can be placed in a network or bridge by its name.

config interface 'guest'
    option device 'lan2'
    option proto 'static'
    ...

This means the lan2 port is the only thing in the guest network. You may want to also have a wifi AP on the guest network, in which case you'd build a bridge:

config device
    option type 'bridge'
    option name 'br-guest'
    list ports 'lan2'
    list ports 'lan3'

config interface 'guest'
    option device 'br-guest'
    ...

Here we have two untagged Ethernet ports for guests (which will hardware switch to each other) and also the possibility to add a wifi interface in the usual way (option network 'guest' in /etc/config/wireless)

What you cannot do is build trunk lines this way.

THIS DOES NOT WORK!
config device
    option type 'bridge'
    option name 'br-guest'
    list ports 'lan2'
    list ports 'lan3.10'
THIS DOES NOT WORK!

bridge-vlans must be used to set up trunk lines, which I won't get into here (see the DSA tutorial).
The one exception to needing bridge-vlans to send tagged packets from a DSA switch is if the port is not in a bridge at all, commonly used to send tagged packets to the ISP modem on the wan port.

config interface 'wan'
    option proto 'dhcp'
    option device 'wan.35'

Thank you very much for the explanation! This was very helpful.
Which means, that I can keep my configuration as this simple:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix ''

config interface 'lan'
        option device 'lan1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'wan'
        option proto 'pppoe'
        option username ''
        option password ''
        option ipv6 'auto'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config interface 'Lan3'
        option device 'lan3'
        option proto 'static'
        option type 'bridge'
        option ip6assign '60'
        list ipaddr '192.168.3.1/24'

config interface 'LAN2'
        option proto 'static'
        option device 'lan2'
        option type 'bridge'
        option ip6assign '60'
        list ipaddr '192.168.2.1/24'

config interface 'WIFITrusted2'
        option proto 'static'
        option type 'bridge'
        option ip6assign '60'
        list ipaddr '192.168.5.1/24'
        
config interface 'WIFIBUSINESS'
        option proto 'static'
        option type 'bridge'
        option ip6assign '60'
        list ipaddr '192.168.6.1/24'

config interface 'WIFIGUESTS'
        option proto 'static'
        option type 'bridge'
        option ip6assign '60'
        list ipaddr '192.168.7.1/24'