VLAN interface - How to avoid double tagging on packet already been tagged?

Installing and Using OpenWrt Network and Wireless Configuration
1

I have an ethernet interface, e.g eth0, and I want to allow traffic of both main network and "guest" network to flow through eth0 interface, but the traffic of guest network would be VLAN tagged with VID 10, and the main network traffic is remained untagged.
So I created a new bridge device br-guest, also created a VLAN interface eth0.10 bound to eth0 and add eth0.10 to br-guest.

config device 'eth0_10'
        option name 'eth0.10'
        option ifname 'eth0'
        option type '8021q'
        option vid '10'

config interface 'guest'
        option bridge_empty '1'
        option defaultroute '0'
        option type 'bridge'
        option ifname 'eth0.10'

On the wireless side, I have a wireless interface wifi2 for the guest SSID. wifi2 is also added to br-guest:

bridge                                   interfaces
br-guest                                 eth0.10
                                         wifi2

My problem is the packet from guest wifi client already have a VLAN tag with VID 10 when it comes to wifi2, so when it is forwarded outside via eth0.10, it will add 1 more VLAN tag with the same VID, which is not what I want.

How can I tell eth0.10 to stop adding 1 more tag if the packet has already been tagged with VID 10?

2

As far as vlan functionality goes.
Well, you haven’t made a device, and you haven’t made a bridge either.

The device is supposed to be the bridge. And then you need a “bridge-vlan” setup.

The interface is only for the L3 settings.

https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial

But what is on the other side of the eth cable?

3

Well, I got all the VLAN and the bridge settings working for the br-guest and eth0.10. I may omitted some UCI settings in the text to keep it short. The only problem is traffic from guest client got double tagged when it goes out of eth0.

For what's on the other side of the eth0 cable, consider it's a generic router. My device is working as a bridge only, being a WiFi extender for the router.

4

Do you have to use vlan over wifi ? Can't just make more wireless networks ?

5

Wifi have no technical way to have vlan as a wireless function.

7

Nevermind I see what flygarn12 is saying.

Your config should look more like this:

config device
        option type 'bridge'
        option name 'guest-br'
        list ports 'eth0.10'

config interface 'guest'
        option proto 'none'
        option device 'guest-br'

The proto option doesn't have to be 'none' (unmanaged), i'm just not sure about what you're trying to do with your setup. With that config style you don't even have to create the 'eth0.10' vlan interface separately, Openwrt just does it automatically.