Vlans in non-bridged wifi networks

Almost. That new wlan0.101 interface itself is not VLAN-tagged (it is just named like a VLAN-tagged interface in that example, that name is arbitrary, it can also be "refrigerator" if you feel like it).

The VLAN comes into play when hostapd then creates a bridge containing that new (untagged) wifi interface and an actually VLAN-tagged interface built using the VLAN ID and the vlan_tagged_interface parameter.

Alternatively, hostapd can put that wifi interface into an existing bridge using the optional third parameter in the respective line in vlan_file. (In this case I'm not entirely sure what the given VLAN ID actually does other than provide separate identifications.)

Also note that, apparantly, it works slightly differently if one doesn't directly use the wpa_psk_file et al, and instead defines everything using UCI. Then the new wifi interface actually seems to get VLAN-tagged although I really have no idea how, for all the world it looks like the UCI parameters are just parsed into temporary wpa_psk_file and vlan_file files with the same parameters in hostapd's configuration. Maybe some detail causes hostapd to behave slightly differently, more investigation is required.

As nice and convenient all of this is, documentation about its behaviour is still not 100% exhaustive, we are still finding out things by trial and error.

2 Likes