VLAN across LAN/WAN port bridge

Installing and Using OpenWrt Network and Wireless Configuration
1

I have a GL.iNet GL-A1300 that I need to use all 3 of the on-board ports (WAN, LAN1, LAN2) as local ports with two VLANs. I have been able to set up just the LAN ports with VLAN support without issue, but I am running in to issues adding the WAN port in the mix.

My current setup is instead of using the eth0 port i'm using the br-lan (which is a bridge of eth0 and eth1). When it was linked to eth0, i was getting DHCP on LAN1 and LAN2, but not on WAN. Linked to br-lan, no ports give DHCP addresses.

Can anyone give me a picture of what the interface/device/switch settings need to be?

2

Please help with ubus call system board

3 
	"kernel": "5.4.179",
	"hostname": "GL-A1300",
	"system": "ARMv7 Processor rev 5 (v7l)",
	"model": "GL.iNet GL-A1300",
	"board_name": "glinet,gl-a1300",
	"release": {
		"distribution": "OpenWrt",
		"version": "21.02.2",
		"revision": "r16495-bf0c965af0",
		"target": "ipq40xx/generic",
		"description": "OpenWrt 21.02.2 r16495-bf0c965af0"
	}
}
4

Worth upgrading to 23.05(.5)
old style swconfig bridge config cannot be migrated, so save config backup and type back via UI.
now with DSA br-lan has vlan-s that can be tagged/striped to ports more like on other switches.

5

edit: never mind, it looks like it took over eth1 where that used to be something else.

Well upgrading to 23.05 is making it so my USB ethernet adapter no longer shows up. Kernel module is installed, and cat /sys/kernel/debug/usb/devices shows the driver correctly. It used to show up as LAN3.

T:  Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=480  MxCh= 0
D:  Ver= 2.00 Cls=ff(vend.) Sub=ff Prot=00 MxPS=64 #Cfgs=  1
P:  Vendor=05ac ProdID=1402 Rev= 0.01
S:  Manufacturer=Apple Inc.      
S:  Product=Apple USB Ethernet Adapter
S:  SerialNumber=1F4B5B
C:* #Ifs= 1 Cfg#= 1 Atr=a0 MxPwr=250mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=00 Driver=asix
E:  Ad=81(I) Atr=03(Int.) MxPS=   8 Ivl=128ms
E:  Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
6

Try to be accurate about capitalisation.

7

Were you using a GL build before? Web suggests the Apple adapter is an Asix chip, but the particular vid:pid may not be in the generic driver.

8

yeah, was using a gl build before, but had to load the driver to use it. The naming changed which threw me off. I have all the devices now set now, but am at a loss on how to assign the VLans to the specific ports now.

Current configuration:
LAN1, LAN2, and WAN are all registering on the br-lan (, all getting IP addresses. I have two VLANS created off the br-lan. (br-lan.10 and .11). Both have interfaces created for them that are giving out DHCP. How to do assign the vlans to the ports tagged and untagged? i tried setting VLAN Filtering on br-lan, but the configuration doesn't stick. (LuCi UI says not accepted and i should revert)

9

Preferably be logged into the router by wifi so you don't lose access if the Ethernet ends up temporarily in an unusable configuration.

On the bridge filtering page, create two VLANs 1 and 2 these are traditionally the lan and wan. Set the wan port to untagged with a star in bridge-VLAN 2. Set the ports you have ordinary lan devices connected to to be untagged in vlan 1. Ports that you are going to "trunk" to another VLAN-aware device should be tagged in all the relevant VLANs, and off in the ones that you don't need to forward onto that cable. Now very important before applying those changes, edit the lan and wan interfaces to use br-lan.1 and br-lan.2 as their Device respectively.

I'm not sure how in Luci to add a USB-Ethernet to one of the bridge-vlans. In CLI you would just list it as an additional Port in the bridge-vlan block. It can be tagged or untagged. Untagged means it should be only in one VLAN.

10

my setup is unique enough where that's not an issue. my overall setup plan is:

Wireless 1: VLAN.1, administration.
LAN1 VLAN.11 untagged (Dante audio over ethernet only)
LAN2 VLAN.10 untagged (Accessory control)
WAN VLAN.10 untagged, .11 tagged (computer port. Dante needs to be untagged because of software requirement)
Wireless 2: VLAN.10 untagged.
USB ethernet: VLAN.2 Internet Uplink for updates, rarely used. Most of the time won't be plugged in.

11

The USB adapter doesn't need to be part of any VLAN or bridge then, you can just specify its name directly as the wan Device.

In OpenWrt, the term VLAN is specific to tagged packets inside an Ethernet switch or on an Ethernet cable. Networks that are logically separate from each other are called interfaces. Only when an Interface involves Ethernet then it is attached to a VLAN.

12

Gotcha. the gl.iNet firmware actually put them on VLANs. I was assuming that was an OpenWRT requirement.

13

I'm creating new interfaces for the .10 and .11 VLANs, so setting the LAN and WAN interfaces shouldn't be necessary. But as soon as save and load the settings with the VLAN Filtering enabled on br-lan, i lose all LAN connectivity (no DHCP addresses given out anymore.

15

OK, Here's my current config to try to make sense of this. With these settings, I'm seeing LAN1 and LAN2 get an IP Address from br-lan.1, and WAN is getting the IP address from br-lan.11. Definitely at a loss here..

-interfaces removed for mac addresses-

Screenshot 2024-10-14 at 6.17.19 PM
Screenshot 2024-10-14 at 6.17.19 PM898×500 30.8 KB

16

Let's take a look at the text config...

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
17

After a bit more fiddling, i have all the untagged ports working now, but the tagged port is not (note: this has changed from the above pictures)

Here are the text configs as requested:

root@OpenWrt:~# ubus call system board
{
	"kernel": "5.15.167",
	"hostname": "OpenWrt",
	"system": "ARMv7 Processor rev 5 (v7l)",
	"model": "GL.iNet GL-A1300",
	"board_name": "glinet,gl-a1300",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.5",
		"revision": "r24106-10cc5fcd00",
		"target": "ipq40xx/generic",
		"description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
	}
}
root@OpenWrt:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdaf:e841:321d::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'wan'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.8.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth1'
	option proto 'dhcpv6'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '11'
	option name 'br-lan.11'
	option ipv6 '0'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '10'
	option name 'br-lan.10'
	option ipv6 '0'

config interface 'Music_Accessory'
	option proto 'static'
	option device 'br-lan.10'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option defaultroute '0'

config interface 'Music_Dante'
	option proto 'static'
	option device 'br-lan.11'
	option ipaddr '192.168.11.1'
	option netmask '255.255.255.0'
	option defaultroute '0'
	option delegate '0'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'

config bridge-vlan
	option device 'br-lan'
	option vlan '11'
	list ports 'lan1'
	list ports 'wan:u*'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'lan2:u*'
	list ports 'wan:t'
18

What do you mean by this? What is connected to the wan port?

19

I'm using a laptop with an ethernet adapter set to bind to both untagged and VLAN tagged as ID 10. I verified that the VLAN tagging works on the laptop with my home network, which I have set up in the same way. the VLAN tagged port is not getting an IP address.

20

Please verify:

  • connecting to port lan 1 gets proper connectivity to vlan 11
  • Connecting to port lan 2 gets proper connectivity to vlan 10
  • Connecting to the wan port gets proper connectivity on the untagged vlan (11), but vlan 10 (tagged) is not connecting?
21

Correct. And by connecting, i mean DHCP address acquired.