VLANs over multiple networks using DSA

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi,

I have two networks, 'br-lan' and 'br-novpn', associated with each network incorporating both switch ports and Wi-Fi networks. Each network has a VLAN associated with it and switch ports are untagged. I would like for the switch ports on one of the networks to also work with tagged packets for the other network. Here are the relevant sections of /etc/config/network:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan4'

config bridge-vlan
        option device 'br-lan'
        option vlan '9'
        list ports 'lan1:u*'
        list ports 'lan4:u*'

#config bridge-vlan
#       option device 'br-lan'
#       option vlan '12'
#       list ports 'lan1:t'
#       list ports 'lan4:t'

config interface 'lan'
        option device 'br-lan.9'
        option proto 'static'
        option ipaddr '172.24.1.1'
        option netmask '255.255.255.0'
        option ip6assign '64'
        option ip6hint '1'
        option ip6ifaceid '::1'
        list dns '::1'

config device
        option name 'br-novpn'
        option type 'bridge'
        list ports 'lan2'

config bridge-vlan
        option device 'br-novpn'
        option vlan '12'
        list ports 'lan2:u*'

config interface 'novpn'
        option device 'br-novpn.12'
        option proto 'static'
        option ipaddr '172.24.2.1'
        option netmask '255.255.255.0'
        option ip6assign '64'
        option ip6hint '2'

The commented out bridge-vlan section is what I hoped would get tagged packets working. Unfortunately, if I uncomment this section, the 'br-novpn' switch port, lan2, stops responding to DHCP requests.

I'd like to understand why this is. Can anyone explain either (1) where I've gone wrong or (2) whether this is a bug?

Thanks,

rah

2

fix vlan to 9

3

Why do you suggest that? What do you believe that will achieve? I don't think that will do what I want.

4 
config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
	    list ports 'lan4'

config bridge-vlan
        option device 'br-lan'
        option vlan '9'
        list ports 'lan1:u*'
        list ports 'lan4:u*'

config bridge-vlan
       option device 'br-lan'
       option vlan '12'
       list ports 'lan1:t'
       list ports 'lan2:u*'
       list ports 'lan4:t'

config interface 'lan'
        option device 'br-lan.9'
        option proto 'static'
        option ipaddr '172.24.1.1'
        option netmask '255.255.255.0'
        option ip6assign '64'
        option ip6hint '1'
        option ip6ifaceid '::1'
        list dns '::1'

config interface 'novpn'
        option device 'br-lan.12'
        option proto 'static'
        option ipaddr '172.24.2.1'
        option netmask '255.255.255.0'
        option ip6assign '64'
        option ip6hint '2'
1 Like
5

I suggest that because you are using vlan 12 here:

6

Thanks for the suggestion. Could you possibly explain why you're suggesting to do it this way?

I'd like to understand why my configuration doesn't work and whether it's a bug.

7

I don't understand. That doesn't make sense.

8

The ports must be members of the same bridge if you want to use bridge vlan filtering. In your case you want to use vlan 12 on two separate bridges.

https://openwrt.org/docs/guide-user/network/dsa/converting-to-dsa#bridge_all_switch_ports

9

That's fine, networking is not for everyone.
Fixed :kissing_heart:

2 Likes