Technicolor AP - Bridged switch not passing VLANs

Hello there, I am trying to configure a Technicolor TG789VAC XTREAM 35b as a dumb AP (running OEM firmware:)

DISTRIB_ID="OpenWrt"
DISTRIB_RELEASE="Attitude Adjustment"
DISTRIB_REVISION="r43446"
DISTRIB_CODENAME="attitude_adjustment"
DISTRIB_TARGET="brcm63xx-tch/VANTW"
DISTRIB_DESCRIPTION="OpenWrt Attitude Adjustment 12.09.1"

The AP is connected to a Pi 5 running OpenWRT, which acts as the router.

I have successfully configured 2 VLANs for a guest network (I'd like both to be managed by the router, so I'd rather not configure firewall on the AP). The VLANs are working well under wifi.

Traffic from the AP is sent to eth1.10 when coming from the main wifi network (and the other switch ports), while traffic from the guest wifi is sent to eth1.20. On the router these are grouped into different bridges and firewall zones.

However, the switch ports don't seem to play well with the setup. Right now, DHCP doesn't seem to work, and even when configuring a static IP I can't reach the gateway (192.168.1.1, the AP is running on 192.168.1.254).

Inspecting with tcpdump reveals that no traffic is being sent to eth1.10 (or eth1.20). If I add eth1 to the lan bridge, the switch ports work again, but now wifi doesn't. Additionally, if I add both the main interface and a VLAN to the router config, I get a loop and things start breaking.

My suspicion is that the switch ports are already being bridged at the hardware or a lower level (ls -l /sys/class/net reveals they all belong to a virtual device, but there doesn't seem to be any pci interface), which is causing the lan bridge to not forward them through the eth1.10 interface.

Is there anything I've missed? Thanks in advance

Pi 5 (Router) /etc/config/network
config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd4f:5498:c312::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.10'
        list ports 'lanuln'
        list ports 'lanint'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '48'

config interface 'wan'
        option proto 'dhcp'
        option device 'wanusb'

config interface 'docker'
        option device 'docker0'
        option proto 'none'
        option auto '0'

config device
        option type 'bridge'
        option name 'docker0'

config device
        option name 'eth0.10'

config device
        option type 'bridge'
        option name 'br-guest'
        option bridge_empty '1'
        list ports 'eth0.20'

config interface 'guest'
        option proto 'static'
        option device 'br-guest'
        option ipaddr '192.168.168.1'
        option netmask '255.255.255.0'
Technicolor (AP) /etc/config/network
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option default_ps '0'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.1.254'
        option gateway '192.168.1.1'
        option dns '192.168.1.1'
        option ip6assign '60'
        list ifname 'eth0'
        list ifname 'eth2'
        list ifname 'eth3'
        list ifname 'eth1.10'
        list ifname 'wl0'

config switch 'bcmsw'
        option reset '1'
        option enable_vlan '0'
        option qosimppauseenable '0'
        option jumbo '0'

config interface 'hotspot'
        option type 'bridge'
        option proto 'static'
        option ip6assign '64'
        option netmask '255.255.255.128'
        option ifname 'wl0_1 eth1.20'
        option force_link '0'
        option ipaddr '192.168.168.254'

config config 'config'

This is beyond ancient and is completely unsupported. This was released in 2012 and would have been EOL'd around a decade ago. This is not safe to use under any circumstances because of the many known security vulnerabilities.

I understand, thanks anyway.

Is my reasoning sound, in your opinion, as far as the general setup goes? I'm going to try this on a newer release (probably on an older Pi) to rule out hardware specific issues.

I don't remember the configuration of such old versions of OpenWrt (the syntax has changed dramatically in the past 12 years!!), so I have no idea if any of that is correct.

Your Pi's config is probably incorrect, too... I didn't even look at it before.

What are the lanuln and lanint ports? Those probably shouldn't be in the bridge here.