That only works if the PC port accepts tagged packets and ignores the tags to process them same as untagged. A more standards-compliant implementation of a PC port could (and should) drop any tagged packets when it is configured for an untagged network.
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix ''
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.50.252'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.50.1'
list dns '192.168.50.1'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config device
option type 'bridge'
option name 'lan8'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
option bridge_empty '1'
The port who is not on br-lan does not work
Present implementations of DSA seem to require that all switchable ports be in the one same "master" bridge in order to configure switching between them. The one exception is you can pull a port out e.g. as a wan that goes only from one Ethernet cable to the CPU. It will not be able to switch to other ports.
1 Like
I want to sabotage dsa switching for one port to pinpoint "driver" that breaks vlan isolation.
I disabled the VLAN on the PC network port and was still able to communicate with the VLAN tagged with pvid on openwrt, and there was no vlanid in capturing packets on the PC network port.