I have two buildings connected by a wireless bridge using TP-Link C7's. The distance between the buildings, as well as obstructions in-between (pavement etc.) meant that stringing a wire was not possible. The TP-Link are running stock TP-Link software, and are connected using WDS.
The result is that I have a connection between the buildings - everything is on a single network (broadcast domain). The connection is Bldg1CoreSwitch-ethernet-[C71LanPort-WiFi]-[WiFi-C72LanPort]-ethernet-Bldg2CoreSwitch. There are no VLANs involved, DHCP is turned off, NAT and firewall don't matter because the WAN port is not used.
For security and QOS reasons, I need to implement VLANs. No problems implementing them in each building, but now I need the WiFi bridge to act like a VLAN trunk. Essentially, I want the two APs (and the WiFi link) to act like a length of ethernet cable - all the bits that come in one end come squirting out the other. The Core switch at the other end will accept all the bits and do the VLAN processing.
A second option - I have few VLANs, so if the bits come in through the four LAN ports (one VLAN per port), the WiFi is a trunk which is VLAN-tagged, and the C7 at the other end access the trunk over WiFi and splits out the VLANs over the four LAN ports at the other end (basically, each LAN port is an untagged Access port), then that also works. Unfortunately, this uses up a bunch of switch ports, so I would prefer the cable between the C7 and the Core Switch be a tagged VLAN trunk.
MikroTik seems to have some hardware that does this - I was hoping I could flash a *WRT onto the routers and effect the same result.
The solution needs to be wireless - the highly effective, low-tech option of stretching some cable, isn't possible.
I want the two APs (and the WiFi link) to act like a length of ethernet cable - all the bits that come in one end come squirting out the other.
I think you need to use a tunnel protocol such as gre (or gretap?) or vxlan which can carry multiple VLANs, unless you want to configure one SSID for each VLAN.
You clearly didn't try searching. That's already been discussed. The thread is named "Vlan trunk over wlan". If I search for your exact thread name, the first result is this very thread, the second result is the one I'm referring to.
Tagging vlans on the wired part is no problem, you absolutely do not need to break out each port on the C7.
I haven't tried multiple vlans over WDS but I suspect GRE is the way to go as @mikma says. I think you want gretap actually as it's the way that you GRE encapsulate layer 2 ethernet frames.
With WDS, you need a different SSID for each VLAN. It's an "easy" way to go for one or two VLANs.
gretap is much more scalable. I'm running an 802.11s mesh, a gretap link over that, then bridging the VLAN-specific bridge interface to the VLAN-specific side of the gretap interface. @golialive lays out one approach, as previously linked. The one I use is a little simpler, as I bridge directly to @<gretap instance>.<VLAN ID>
Sorry to not have found this, but even if I didn't find the LEDE result you reference, I did try searching. That is how I found LEDE.
The search results depend heavily on the terms used. If you don't use the specific terms, you get results that address the question, but not all the results possible. I didn't use the terms suggested.
Not as simple I wished - it would have been perfect to be able to check a box to configure an AP Bridge to be as dumb as a piece of Ethernet cable (which I realize now, that's what I really want to do). But following the recommendations for GRETAP do essentially this.