I have a ZyXEL NWA50AX Pro. I'm a bit confused how to setup VLAN tagging. I will have a DHCP client for managment on VLAN 32, an SSID linked to VLAN 34, and another SSID linked to VLAN 35. Nothing is untagged. There seem to be two ways to do it (or I am very confused).
Method 1:
Create VLAN "devices" for each VLAN with eth0 as the parent: eth0.32, eth0.34, eth0.35
Create an interface for eth0.32 as a DHCP client
Create a bridge for each of eth0.34 and eth0.35
Connect the SSIDs to the br-34 and br-35
Method 2(?):
Create a single bridge with port eth0 in it
Go to the "Bridge VLAN filtering" tab and enter in my VLANs as tagged
Not sure how this works from here?
Mainly I am confused on the difference between creating VLAN devices vs adding a parent device to a bridge and using the VLAN settings for the bridge.
Let’s see your current config - that will help us show you the method.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'REDACTED/48'
# NOTE: This is a temporary/default device just for configuring right now
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
# NOTE: This is a temporary/default interface just for configuring right now
config interface 'lan'
option device 'br-lan'
option proto 'dhcp'
config device
option type '8021q'
option ifname 'eth0'
option vid '32'
option name 'eth0.32'
config device
option type '8021q'
option ifname 'eth0'
option vid '34'
option name 'eth0.34'
config device
option type '8021q'
option ifname 'eth0'
option vid '35'
option name 'eth0.35'
config interface 'mynet_mgmt'
option proto 'dhcp'
option device 'eth0.32'
config device
option type 'bridge'
option name 'br-mynet-lan'
list ports 'eth0.34'
config device
option type 'bridge'
option name 'br-mynet-iot'
list ports 'eth0.35'
config interface 'mynet_lan'
option proto 'none'
option device 'br-mynet-lan'
config interface 'mynet_iot'
option proto 'none'
option device 'br-mynet-iot'
Do I need the bridges? It looks like I can create an interface directly for any 802.1q device (without a bridge_ and I can assign an SSID to any interface (doesn't have to be an interface with a bridge).
Should I have one bridge and use the "VLAN Bridge Filtering" tab options? Unsure what that does.
You can do either way, best to stick with defaults, i.e fat bridge with vlans for partitions in DSA, or multiple bridges bridging ethX.vlan in swconfig. No benefit or loss doing vice-versa.
If this was a multi-port device where I was trying to have it act as a switch would it make more sense to use the other method? Since the other method makes a single bridge interface, would I have to create tagged devices with the bridge as the parent in that case (to assign them to SSIDs and interfaces)?
For this use I don't care so much that is secret as much as I would rather not flood my neighbors' SSID list with 3 or 4 SSIDs lol.
You can connect wifi to a bridge without ports ("bring up empty bridge") or br-lan vlan without physical cables, the routing and nat will be done this way too.