Xiaomi Router 3G V2 - VLAN with DSA

I installed the latest snapshot with DSA enabled; my own build; sources from OpenWrt github.

[    0.000000] Linux version 5.4.31 (dl3it-mi3g@mySpace) (gcc version 8.4.0 (Ope
nWrt GCC 8.4.0 r12869-85aef6f627)) #0 SMP Thu Apr 9 07:54:02 2020
[    0.000000] SoC Type: MediaTek MT7621 ver:1 eco:3
[    0.000000] printk: bootconsole [early0] enabled
[    0.000000] CPU0 revision is: 0001992f (MIPS 1004Kc)
[    0.000000] MIPS: machine is Xiaomi Mi Router 3G v2

When I enable a VLAN with

ip link add link lan1 name lan1.117 type vlan id 117
ip link set lan1 up
ip link set lan1.117 up
ip addr add 192.168.117.7/24 dev lan1.117

I get no ip connection. Using tcpdump on the router (tcpdump -i lan1 -e), I can see that packets are transmitted with valid VLAN added.
When checking the transmitted packets witch another PC connected to the same segment, I can see that the packets transmitted by the router don't have a VLAN tag added.
The router accepts only packets with correct VID (good).
The tags get lost when transmitted by interfaces type IFACEx.VID. Same behaviour for bridges with linked VLAN interfaces (eg. br0.VID).
Where is my misunderstanding of this VLAN DSA stuff ?

Trying this kind of config with a PC, everything works as expected.

Thanks...

Hi
same problem here with rb750gr3, same MT7621

Vlans are working with kernel 4.x / swconfig
but with 5.x and DSA there is no joy

same problem in this thread:

I have a working solution meanwhile... I will post details tomorrow; hoping to get some input from people who have experience with DSA... Maybe we can use this thread to explain a bit the way how to configure the switches correctly, as (for me understandable) documentation is pretty rare...
My router is up and running with 5 VLAN, trunk and access port, 8 WIFIs... Took me some hours

as promised, I will post some details of my solution.
disclaimer:
this is my solution at the moment, that came up after several hours of trial and error. This is no law. I am happy about any comment that helps us to understand how dsa switch config really works.

What I have:
Router: Xiaomi Router 3G V2 (or similar), 3 ethernet ports, named LAN1, LAN2 and WAN.

What I wanted to have: 5 VLANs on port WAN (117, 178, 119, 120, 128) tagged, VLAN 117 on port LAN1 untagged, LAN2 currently unused; some WIFIs, linked to the appropriate VLANs

What I did:
/etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdd4:59f1:e12d::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'br0.117'
	option proto 'static'
	option ipaddr '192.168.117.7'
	option netmask '255.255.255.0'
	option gateway '192.168.117.1'

config interface 'lan6'
	option proto 'dhcpv6'
	option ifname '@lan'
	option reqprefix 'no'

config interface 'media'
	option type 'bridge'
	option ifname 'br0.118'
	option proto 'static'
	option ipaddr '192.168.118.7'
	option netmask '255.255.255.0'
	option gateway '192.168.118.1'

config interface 'media6'
	option proto 'dhcpv6'
	option ifname '@media'
	option reqprefix 'no'

config interface 'gast'
	option type 'bridge'
	option ifname 'br0.119'
	option proto 'static'
	option ipaddr '192.168.119.7'
	option netmask '255.255.255.0'
	option gateway '192.168.119.1'

config interface 'iot'
	option type 'bridge'
	option ifname 'br0.120'
	option proto 'static'
	option ipaddr '192.168.120.7'
	option netmask '255.255.255.0'
	option gateway '192.168.120.1'

config interface 'iot6'
	option proto 'dhcpv6'
	option ifname '@iot'
	option reqprefix 'no'

config interface 'rapw'
	option type 'bridge'
	option ifname 'br0.128'
	option proto 'static'
	option ipaddr '192.168.128.7'
	option netmask '255.255.255.0'
	option gateway '192.168.128.1'

config interface 'rapw6'
	option proto 'dhcpv6'
	option ifname '@rapw'
	option reqprefix 'no'

config interface 'gast6'
	option proto 'dhcpv6'
	option ifname '@gast'
	option reqprefix 'no'

The device br0 needs to bet set up separately. After br0 is brought up, netifd creates the links to br0.VID automatically.

/etc/config/setup:

#!/bin/ash

sleep 20
logger -t brsetup "Setup: started..."

# The master interface needs to be brought up before the slave ports.
ip link set eth0 up

# bring up the slave interfaces
ip link set lan1 up
ip link set lan2 up
ip link set wan up

# create bridge
ip link add name br0 type bridge

# activate VLAN filtering
ip link set dev br0 type bridge vlan_filtering 1

# bring up the bridge
ip link set dev br0 up

logger -t brsetup "Setup: Sleep started..."
sleep 5

# add ports to bridge
ip link set dev lan1 master br0
ip link set dev lan2 master br0
ip link set dev wan master br0

# tag traffic on ports
bridge vlan add dev wan vid 117
bridge vlan add dev wan vid 118
bridge vlan add dev wan vid 119
bridge vlan add dev wan vid 120
bridge vlan add dev wan vid 128
bridge vlan del dev wan vid 1
bridge vlan add dev lan1 vid 117 pvid untagged
bridge vlan del dev lan1 vid 1
bridge vlan del dev lan2 vid 1

# tag traffic on bridge
bridge vlan add dev br0 self vid 117
bridge vlan add dev br0 self vid 118
bridge vlan add dev br0 self vid 119
bridge vlan add dev br0 self vid 120
bridge vlan add dev br0 self vid 128
bridge vlan del dev br0 self vid 1

# activate vlan filtering on briges
# (not quite sure if this is really needed... but it's for free :-) )
ip link set dev br-lan type bridge vlan_filtering 1
ip link set dev br-media type bridge vlan_filtering 1
ip link set dev br-gast type bridge vlan_filtering 1
ip link set dev br-iot type bridge vlan_filtering 1
ip link set dev br-rapw type bridge vlan_filtering 1

logger -t brsetup "Setup: done..."

The script is executed from hotplug; I decided to use the ifup condition of lo as trigger condition; therefor you find some sleeps in the script. The better solution would be to call parts of the script depending on netifd actions.
The "sleep 5" after bringing up br0 seems to be pretty important. If br0 comes up, netifd activates all the interfaces defined in /etc/config/network. Without sleep, the connections did not work.

/etc/hotplug.d/iface/99-lan:

[ "${ACTION}" = "ifup" ] && {
	logger -t brsetup "hotplug: Device: ${DEVICE} / Action: ${ACTION}"
	[ "${DEVICE}" = "lo" ] && {
		/etc/config/setup
	}
} 

It creates some bridges and new ports...

root@test:~# bridge v
port	vlan ids
lan2	None
lan1	 117 PVID Egress Untagged

wan	 117
	 118
	 119
	 120
	 128

br-lan	 1 PVID Egress Untagged

br-gast	 1 PVID Egress Untagged

br-iot	 1 PVID Egress Untagged

br-rapw	 1 PVID Egress Untagged

br0	 117
	 118
	 119
	 120
	 128

br0.119	 1 PVID Egress Untagged

br0.120	 1 PVID Egress Untagged

br0.117	 1 PVID Egress Untagged

br-media	 1 PVID Egress Untagged

br0.118	 1 PVID Egress Untagged

br0.128	 1 PVID Egress Untagged

wlan0	 1 PVID Egress Untagged

wlan0-1	 1 PVID Egress Untagged

wlan0-2	 1 PVID Egress Untagged

wlan0-3	 1 PVID Egress Untagged

wlan1	 1 PVID Egress Untagged

wlan1-1	 1 PVID Egress Untagged

wlan1-2	 1 PVID Egress Untagged

wlan1-3	 1 PVID Egress Untagged

root@test:~# bridge link
3: lan2@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100 
4: lan1@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100 
5: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 4 
18: br0.119@br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-gast state forwarding priority 32 cost 100 
19: br0.120@br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-iot state forwarding priority 32 cost 100 
20: br0.117@br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-lan state forwarding priority 32 cost 100 
22: br0.118@br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-media state forwarding priority 32 cost 100 
23: br0.128@br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-rapw state forwarding priority 32 cost 100 
43: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-lan state forwarding priority 32 cost 100 
44: wlan0-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-gast state forwarding priority 32 cost 100 
45: wlan0-2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-iot state forwarding priority 32 cost 100 
46: wlan0-3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-rapw state forwarding priority 32 cost 100 
53: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-lan state forwarding priority 32 cost 100 
54: wlan1-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-gast state forwarding priority 32 cost 100 
55: wlan1-2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-iot state forwarding priority 32 cost 100 
56: wlan1-3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-rapw state forwarding priority 32 cost 100 

root@test:~# ip -d link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0 minmtu 0 maxmtu 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:9e brd ff:ff:ff:ff:ff:ff promiscuity 4 minmtu 68 maxmtu 1500 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 portname p6 
3: lan2@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br0 state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:9e brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 0 maxmtu 65535 
    bridge_slave state disabled priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8002 port_no 0x2 designated_port 32770 designated_cost 0 designated_bridge 8000.50:D2:F5:26:B3:9E designated_root 8000.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 portname p2 switchid 00000000 
4: lan1@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br0 state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:9e brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 0 maxmtu 65535 
    bridge_slave state disabled priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 8000.50:D2:F5:26:B3:9E designated_root 8000.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 portname p3 switchid 00000000 
5: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:9f brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 0 maxmtu 65535 
    bridge_slave state forwarding priority 32 cost 4 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8003 port_no 0x3 designated_port 32771 designated_cost 0 designated_bridge 8000.50:D2:F5:26:B3:9E designated_root 8000.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 portname p4 switchid 00000000 
8: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:9e brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535 
    bridge forward_delay 200 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32767 vlan_filtering 1 vlan_protocol 802.1Q bridge_id 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer   48.37 vlan_default_pvid 1 vlan_stats_enabled 0 vlan_stats_per_port 0 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 0 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 16 mcast_hash_max 512 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
9: br-gast: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:9e brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535 
    bridge forward_delay 200 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32767 vlan_filtering 1 vlan_protocol 802.1Q bridge_id 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer  181.98 vlan_default_pvid 1 vlan_stats_enabled 0 vlan_stats_per_port 0 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 0 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 16 mcast_hash_max 512 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
10: br-iot: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:9e brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535 
    bridge forward_delay 200 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32767 vlan_filtering 1 vlan_protocol 802.1Q bridge_id 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer  197.34 vlan_default_pvid 1 vlan_stats_enabled 0 vlan_stats_per_port 0 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 0 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 16 mcast_hash_max 512 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
11: br-rapw: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:9e brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535 
    bridge forward_delay 200 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32767 vlan_filtering 1 vlan_protocol 802.1Q bridge_id 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer   68.39 vlan_default_pvid 1 vlan_stats_enabled 0 vlan_stats_per_port 0 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 0 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 16 mcast_hash_max 512 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
17: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:9e brd ff:ff:ff:ff:ff:ff promiscuity 5 minmtu 68 maxmtu 65535 
    bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 1 vlan_protocol 802.1Q bridge_id 8000.50:D2:F5:26:B3:9E designated_root 8000.50:D2:F5:26:B3:9E root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer   90.63 vlan_default_pvid 1 vlan_stats_enabled 0 vlan_stats_per_port 0 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 1 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 16 mcast_hash_max 4096 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
18: br0.119@br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-gast state UP mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:9e brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 0 maxmtu 65535 
    vlan protocol 802.1Q id 119 <REORDER_HDR> 
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8002 port_no 0x2 designated_port 32770 designated_cost 0 designated_bridge 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
19: br0.120@br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-iot state UP mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:9e brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 0 maxmtu 65535 
    vlan protocol 802.1Q id 120 <REORDER_HDR> 
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8002 port_no 0x2 designated_port 32770 designated_cost 0 designated_bridge 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
20: br0.117@br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:9e brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 0 maxmtu 65535 
    vlan protocol 802.1Q id 117 <REORDER_HDR> 
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8003 port_no 0x3 designated_port 32771 designated_cost 0 designated_bridge 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
21: br-media: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether e2:a7:1c:64:29:64 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535 
    bridge forward_delay 200 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32767 vlan_filtering 1 vlan_protocol 802.1Q bridge_id 7fff.E2:A7:1C:64:29:64 designated_root 7fff.E2:A7:1C:64:29:64 root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer   30.63 vlan_default_pvid 1 vlan_stats_enabled 0 vlan_stats_per_port 0 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 0 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 16 mcast_hash_max 512 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
22: br0.118@br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-media state UP mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:9e brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535 
    vlan protocol 802.1Q id 118 <REORDER_HDR> 
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 7fff.E2:A7:1C:64:29:64 designated_root 7fff.E2:A7:1C:64:29:64 hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
23: br0.128@br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-rapw state UP mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:9e brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 0 maxmtu 65535 
    vlan protocol 802.1Q id 128 <REORDER_HDR> 
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8002 port_no 0x2 designated_port 32770 designated_cost 0 designated_bridge 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
43: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:a0 brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 256 maxmtu 2304 
    bridge_slave state forwarding priority 32 cost 100 hairpin on guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast on neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
44: wlan0-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-gast state UP mode DEFAULT group default qlen 1000
    link/ether 52:d2:f5:26:b3:a0 brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 256 maxmtu 2304 
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
45: wlan0-2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-iot state UP mode DEFAULT group default qlen 1000
    link/ether 56:d2:f5:26:b3:a0 brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 256 maxmtu 2304 
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
46: wlan0-3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-rapw state UP mode DEFAULT group default qlen 1000
    link/ether 5a:d2:f5:26:b3:a0 brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 256 maxmtu 2304 
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
53: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
    link/ether 50:d2:f5:26:b3:a1 brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 256 maxmtu 2304 
    bridge_slave state forwarding priority 32 cost 100 hairpin on guard off root_block off fastleave off learning on flood on port_id 0x8002 port_no 0x2 designated_port 32770 designated_cost 0 designated_bridge 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast on neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
54: wlan1-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-gast state UP mode DEFAULT group default qlen 1000
    link/ether 52:d2:f5:26:b3:a1 brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 256 maxmtu 2304 
    bridge_slave state forwarding priority 32 cost 100 hairpin on guard off root_block off fastleave off learning on flood on port_id 0x8003 port_no 0x3 designated_port 32771 designated_cost 0 designated_bridge 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast on neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
55: wlan1-2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-iot state UP mode DEFAULT group default qlen 1000
    link/ether 56:d2:f5:26:b3:a1 brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 256 maxmtu 2304 
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8003 port_no 0x3 designated_port 32771 designated_cost 0 designated_bridge 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
56: wlan1-3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-rapw state UP mode DEFAULT group default qlen 1000
    link/ether 5a:d2:f5:26:b3:a1 brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 256 maxmtu 2304 
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8003 port_no 0x3 designated_port 32771 designated_cost 0 designated_bridge 7fff.50:D2:F5:26:B3:9E designated_root 7fff.50:D2:F5:26:B3:9E hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 

What I (think I have) learned:

• with DSA, you get names for every port of your switch like LANx, WAN
• direct interaction with eth0 or eth0.VID seems to be unnecessary
• these new ports claim to be usable as standard ethernet ports, but obviously they are not... see post 1 of this thread
• putting these ports into a bridge makes them magically work

The good thing of this setup is the remaining usability of the LUCI network config. You can define your WIFIs and add them to networks as before.

What could be improved:

• split the script up into parts and integrate them into netifd
• investigate the performance of the WAN port; seems to be a bit slow
• most likely much more

This link was just posted on the ERX-SFP thread.

https://lore.kernel.org/netdev/20200414063408.4026-1-dqfext@gmail.com/T/#u

There should be a patch coming down the line sometime which should make things easier/better (maybe).

Thanks for the great info. I look forward to trying it out.

I patched my kernel.
Unfortunately, I don't see any difference regarding the behaviour. Using LANx.VID in- or outside of a bridge still does not work. The only working scenario is deriving a tagged interface from a bridge that contains the "plain" interface (e.g. LAN1). Same as before...

Either my attempt to patch the kernel failed, or I must have missed something...

Hi to all

yes, it is working with patch @pmelange pointed out

i made a modification by hand in kernel source files, and wooow
dotted names working
i tried so far only on wan interface

wan.200 , wan.100 and yes, everything is fine

here is the patch properly formatted for latest git

diff --git a/drivers/net/dsa/mt7530.c b/drivers/net/dsa/mt7530.c
index cd67c4b..b9ecc2b 100644
--- a/drivers/net/dsa/mt7530.c
+++ b/drivers/net/dsa/mt7530.c
@@ -857,8 +857,9 @@ mt7530_port_set_vlan_unaware(struct dsa_switch *ds, int port)
         */
        mt7530_rmw(priv, MT7530_PCR_P(port), PCR_PORT_VLAN_MASK,
                   MT7530_PORT_MATRIX_MODE);
-       mt7530_rmw(priv, MT7530_PVC_P(port), VLAN_ATTR_MASK,
-                  VLAN_ATTR(MT7530_VLAN_TRANSPARENT));
+       mt7530_rmw(priv, MT7530_PVC_P(port), VLAN_ATTR_MASK | PVC_EG_TAG_MASK,
+                  VLAN_ATTR(MT7530_VLAN_TRANSPARENT) |
+                  PVC_EG_TAG(MT7530_VLAN_EG_CONSISTENT));

        for (i = 0; i < MT7530_NUM_PORTS; i++) {
                if (dsa_is_user_port(ds, i) &&
@@ -874,8 +875,8 @@ mt7530_port_set_vlan_unaware(struct dsa_switch *ds, int port)
        if (all_user_ports_removed) {
                mt7530_write(priv, MT7530_PCR_P(MT7530_CPU_PORT),
                             PCR_MATRIX(dsa_user_ports(priv->ds)));
-               mt7530_write(priv, MT7530_PVC_P(MT7530_CPU_PORT),
-                            PORT_SPEC_TAG);
+               mt7530_write(priv, MT7530_PVC_P(MT7530_CPU_PORT), PORT_SPEC_TAG
+                            | PVC_EG_TAG(MT7530_VLAN_EG_CONSISTENT));
        }
 }

@@ -901,8 +902,9 @@ mt7530_port_set_vlan_aware(struct dsa_switch *ds, int port)
        /* Set the port as a user port which is to be able to recognize VID
         * from incoming packets before fetching entry within the VLAN table.
         */
-       mt7530_rmw(priv, MT7530_PVC_P(port), VLAN_ATTR_MASK,
-                  VLAN_ATTR(MT7530_VLAN_USER));
+       mt7530_rmw(priv, MT7530_PVC_P(port), VLAN_ATTR_MASK | PVC_EG_TAG_MASK,
+                  VLAN_ATTR(MT7530_VLAN_USER) |
+                  PVC_EG_TAG(MT7530_VLAN_EG_DISABLED));
 }

 static void
@@ -1390,6 +1392,10 @@ mt7530_setup(struct dsa_switch *ds)
                        mt7530_cpu_port_enable(priv, i);
                else
                        mt7530_port_disable(ds, i);
+
+               /* Enable consistent egress tag */
+               mt7530_rmw(priv, MT7530_PVC_P(i), PVC_EG_TAG_MASK,
+                          PVC_EG_TAG(MT7530_VLAN_EG_CONSISTENT));
        }

        /* Setup port 5 */
diff --git a/drivers/net/dsa/mt7530.h b/drivers/net/dsa/mt7530.h
index b7cfb3d..399382b 100644
--- a/drivers/net/dsa/mt7530.h
+++ b/drivers/net/dsa/mt7530.h
@@ -172,9 +172,16 @@ enum mt7530_port_mode {
 /* Register for port vlan control */
 #define MT7530_PVC_P(x)                        (0x2010 + ((x) * 0x100))
 #define  PORT_SPEC_TAG                 BIT(5)
+#define  PVC_EG_TAG(x)                 (((x) & 0x7) << 8)
+#define  PVC_EG_TAG_MASK               PVC_EG_TAG(7)
 #define  VLAN_ATTR(x)                  (((x) & 0x3) << 6)
 #define  VLAN_ATTR_MASK                        VLAN_ATTR(3)

+enum mt7530_vlan_port_eg_tag {
+       MT7530_VLAN_EG_DISABLED = 0,
+       MT7530_VLAN_EG_CONSISTENT = 1,
+};
+
 enum mt7530_vlan_port_attr {
        MT7530_VLAN_USER = 0,
        MT7530_VLAN_TRANSPARENT = 3,

You don't have to create br0 separately.
You can reuse br-lan, when adding new interfaces, use @lan.vid as interface in physical setting.

I'm not sure, if I got the point exactly, but I tried it anyway

/etc/config/network:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdd4:59f1:e12d::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'lan1 lan2 wan'
        option proto 'static'
        option ipaddr '192.168.117.7'
        option netmask '255.255.255.0'
        option gateway '192.168.117.1'

config interface 'lan6'
        option proto 'dhcpv6'
        option ifname '@lan'
        option reqprefix 'no'

config interface 'media'
        option type 'bridge'
        option ifname '@lan.118'
        option proto 'static'
        option ipaddr '192.168.118.7'
        option netmask '255.255.255.0'
        option gateway '192.168.118.1'

config interface 'media6'
        option proto 'dhcpv6'
        option ifname '@media'
        option reqprefix 'no'

config interface 'gast'
        option type 'bridge'
        option ifname '@lan.119'
        option proto 'static'
        option ipaddr '192.168.119.7'
        option netmask '255.255.255.0'
        option gateway '192.168.119.1'

config interface 'iot'
        option type 'bridge'
        option ifname '@lan.120'
        option proto 'static'
        option ipaddr '192.168.120.7'
        option netmask '255.255.255.0'
        option gateway '192.168.120.1'

config interface 'iot6'
        option proto 'dhcpv6'
        option ifname '@iot'
        option reqprefix 'no'

config interface 'rapw'
        option type 'bridge'
        option ifname '@lan.128'
        option proto 'static'
        option ipaddr '192.168.128.7'
        option netmask '255.255.255.0'
        option gateway '192.168.128.1'

config interface 'rapw6'
        option proto 'dhcpv6'
        option ifname '@rapw'
        option reqprefix 'no'

config interface 'gast6'
        option proto 'dhcpv6'
        option ifname '@gast'
        option reqprefix 'no'

/etc/config/setup: (started as before, triggered by ifup lo)

#!/bin/ash
sleep 5

# activate VLAN filtering
ip link set dev br-lan type bridge vlan_filtering 1
ip link set dev br-media type bridge vlan_filtering 1
ip link set dev br-gast type bridge vlan_filtering 1
ip link set dev br-iot type bridge vlan_filtering 1
ip link set dev br-rapw type bridge vlan_filtering 1

sleep 2

# setup bridge
bridge vlan del dev br-lan self vid 1
bridge vlan add dev br-lan self vid 117 pvid untagged
bridge vlan add dev br-lan self vid 118
bridge vlan add dev br-lan self vid 119
bridge vlan add dev br-lan self vid 120
bridge vlan add dev br-lan self vid 128

# tag traffic on ports
bridge vlan del dev wan vid 1
bridge vlan add dev wan vid 117
bridge vlan add dev wan vid 118
bridge vlan add dev wan vid 119
bridge vlan add dev wan vid 120
bridge vlan add dev wan vid 128
bridge vlan del dev lan1 vid 1
bridge vlan add dev lan2 vid 117 pvid untagged
bridge vlan del dev lan2 vid 1

root@test:/# bridge v
port    vlan ids
lan2     117 PVID Egress Untagged

lan1    None
wan      117
         118
         119
         120
         128

br-lan   117 PVID Egress Untagged
         118
         119
         120
         128

br-gast  1 PVID Egress Untagged

br-lan.119       1 PVID Egress Untagged

br-iot   1 PVID Egress Untagged

br-lan.120       1 PVID Egress Untagged

br-media         1 PVID Egress Untagged

br-lan.118       1 PVID Egress Untagged

br-rapw  1 PVID Egress Untagged

br-lan.128       1 PVID Egress Untagged

wlan0    1 PVID Egress Untagged

wlan1    1 PVID Egress Untagged

wlan0-1  1 PVID Egress Untagged

wlan0-2  1 PVID Egress Untagged

wlan0-3  1 PVID Egress Untagged

wlan1-1  1 PVID Egress Untagged

wlan1-2  1 PVID Egress Untagged

wlan1-3  1 PVID Egress Untagged

It works. The only remaining issue is a bad throughput. While I got with kernel 4.14.xxx and no dsa ~800-900MB/s in both directions, I still get ~800MB/s with 'iperf3 -c xxx', but only ~250MB/s with 'iperf3 -c xxx -R'. This is significant lower...
The firewall settings are the same.

BTW., enabling IGMP snooping results in an immediate kernel crash...

You have duplicated bridges. Only br-lan is required.

The other bridges are currently used to bridge the VLANs and the WIFIs... So you mean I should avoid these additional bridges and put the WIFIs directly in br-lan, assign the IP-addresses directly to them and let them join a VLAN ? In other words, I don't need anymore the interfaces @lan.VID as local interfaces as needed in times before dsa, but instead can cofigure the WIfI interfaces directly ? Will try this...

ok... next try

(the shrinked) /etc/config/network:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdd4:59f1:e12d::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'lan1 lan2 wan'
	option proto 'static'
	option ipaddr '192.168.117.7'
	option netmask '255.255.255.0'
	option gateway '192.168.117.1'
	option ip6assign '64'

bridge config:

port	vlan ids
lan2	 117 PVID Egress Untagged

lan1	 117 PVID Egress Untagged

wan	 117
	 118
	 119
	 120
	 128

br-lan	 117 PVID Egress Untagged
	 118
	 119
	 120
	 128

wlan0	 117 PVID Egress Untagged

wlan1	 117 PVID Egress Untagged

wlan0-1	 119 PVID Egress Untagged

wlan0-2	 120 PVID Egress Untagged

wlan0-3	 128 PVID Egress Untagged

wlan1-1	 119 PVID Egress Untagged

wlan1-2	 120 PVID Egress Untagged

wlan1-3	 128 PVID Egress Untagged

and the setup script:

#!/bin/ash

# triggered by ifup lo; wait for WLAN1 coming up, after DFS scan
sleep 90

# activate VLAN filtering
ip link set dev br-lan type bridge vlan_filtering 1

sleep 2

# add WIFIs to bridge
ip link set dev wlan0 master br-lan
ip link set dev wlan0-1 master br-lan
ip link set dev wlan0-2 master br-lan
ip link set dev wlan0-3 master br-lan
ip link set dev wlan0 master br-lan
ip link set dev wlan1-1 master br-lan
ip link set dev wlan1-2 master br-lan
ip link set dev wlan1-3 master br-lan

sleep 2

# setup bridge
bridge vlan del dev br-lan self vid 1
bridge vlan add dev br-lan self vid 117 pvid untagged
bridge vlan add dev br-lan self vid 118
bridge vlan add dev br-lan self vid 119
bridge vlan add dev br-lan self vid 120
bridge vlan add dev br-lan self vid 128

# tag traffic on ports
bridge vlan add dev wan vid 117
bridge vlan add dev wan vid 118
bridge vlan add dev wan vid 119
bridge vlan add dev wan vid 120
bridge vlan add dev wan vid 128
bridge vlan del dev wan vid 1
bridge vlan add dev lan1 vid 117 pvid untagged
bridge vlan del dev lan1 vid 1
bridge vlan add dev lan2 vid 117 pvid untagged
bridge vlan del dev lan2 vid 1

# tag traffic on WIFIs
bridge v d dev wlan0 vid 1
bridge v d dev wlan0-1 vid 1
bridge v d dev wlan0-2 vid 1
bridge v d dev wlan0-3 vid 1
bridge v d dev wlan1 vid 1
bridge v d dev wlan1-1 vid 1
bridge v d dev wlan1-2 vid 1
bridge v d dev wlan1-3 vid 1
bridge v a dev wlan0 vid 117 pvid untagged
bridge v a dev wlan1 vid 117 pvid untagged
bridge v a dev wlan0-1 vid 119 pvid untagged
bridge v a dev wlan1-1 vid 119 pvid untagged
bridge v a dev wlan0-2 vid 120 pvid untagged
bridge v a dev wlan1-2 vid 120 pvid untagged
bridge v a dev wlan0-3 vid 128 pvid untagged
bridge v a dev wlan1-3 vid 128 pvid untagged

Works. Much simpler...

The throughput ist back at 800-900MB/s.
In this dumb AP setup, I can live without local interfaces without an IP address. The main router will get interfaces with static addresses to make the DHCP/DNS work; so also here no extra bridges needed.
No more LUCI config, but a somehow smart solution...

ok... I have done some intensive testing with the latest kernel 5.4.34. It contains the patch mentioned above.

bridge setup:

port	vlan ids
lan2	 117 PVID Egress Untagged

lan1	 117 PVID Egress Untagged

wan	 117
	 118
	 119
	 120
	 128

br-lan	 117 
	 118
	 119
	 120
	 128

wlan0	 117 PVID Egress Untagged

wlan1	 117 PVID Egress Untagged

wlan0-1	 119 PVID Egress Untagged

wlan0-2	 120 PVID Egress Untagged

wlan0-3	 128 PVID Egress Untagged

wlan1-1	 119 PVID Egress Untagged

wlan1-2	 120 PVID Egress Untagged

wlan1-3	 128 PVID Egress Untagged

WAN: trunk port
LAN1/2: PCs connected
wlanx: WIFI AP
Firewall on/off; no difference

What is working:

• routing from WAN to LAN1/LAN2
• access from WAN to the router

What is not working:

• access from LANx to router
• all WIFIs; DHCP request is received by main DHCP server (...1), answer can bee seen on br-lan, but does not arrive on wlanx
• sometimes, DHCP starts working and WIFI is usable... this can be triggered sometimes by changing any configuration on the bridge, or by ifup/ifdown lan, or whatever... can not be reliably reproduced...

What I noticed:

• when doing a ping from LANx to the router, it is received by the router CPU and answered, but the answer is transmitted on br-lan without VLAN tag and therefor not visible on LANx. When setting LANx to PVID only (no untagged), the answer is transmitted and communication with the router is possible from LANx ports; unfortunately (and obviously) the routing from WAN to LANx is broken...

Conclusion:
Either I am still doing something wrong (and I would be very happy to understand what I am doing wrong), or the dsa stuff is unusable together with netifd (this means that all devices that are only supported by snapshots are unusable with current snapshots, as long as you need VLAN support)

Does anyone have a working setup with some more complex routing than "WAN to LANx" ?

You should either use pvid untagged on br-lan's vid 117, or use br-lan.117 as router's LAN

quick answer for ethtool:

root@test:~# ethtool -i wan
driver: dsa
version: 
firmware-version: N/A
expansion-rom-version: 
bus-info: platform
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no
root@test:~# ethtool -i lan1
driver: dsa
version: 
firmware-version: N/A
expansion-rom-version: 
bus-info: platform
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no
root@test:~# ethtool -i lan2
driver: dsa
version: 
firmware-version: N/A
expansion-rom-version: 
bus-info: platform
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no
root@test:~# 

I redo some tests with the pvid vs pvid untagged.

this is my test config:

/etc/config/network:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdcb:eb55:c2b2::/48'

config interface 'sw'
	option type 'bridge'
	option ifname 'lan1 lan2 wan'
	option proto 'static'

config interface 'lan'
	option type 'bridge'
	option ifname 'br-sw.117'
	option proto 'static'
	option netmask '255.255.255.0'
	option gateway '192.168.117.1'
	option igmp_snooping '1'
	option ipaddr '192.168.117.9'
	list dns '192.168.117.1'
	option ip6assign '64'

and the bridge:

root@test:~# bridge v
port	vlan ids

lan2	 117 PVID

lan1	 117 PVID Egress Untagged

wan	 100
	 117
	 118
	 119
	 120
	 128

br-sw	 100
	 117
	 118
	 119
	 120
	 128

br-lan	 1 PVID Egress Untagged

br-sw.117	 1 PVID Egress Untagged

wlan0	 117 PVID Egress Untagged

wlan1	 117 PVID Egress Untagged

wlan0-1	 119 PVID Egress Untagged

wlan0-2	 120 PVID Egress Untagged

wlan0-3	 128 PVID Egress Untagged

wlan1-1	 119 PVID Egress Untagged

wlan1-2	 120 PVID Egress Untagged

wlan1-3	 128 PVID Egress Untagged

root@test:~# brctl show
bridge name	bridge id		STP enabled	interfaces
br-lan		7fff.50d2f506f310	no		br-sw.117
br-sw		7fff.50d2f506f310	no		wlan0-3
							wlan0-1
							wlan1-2
							lan2
							wlan0
							wan
							wlan0-2
							wlan1-3
							wlan1
							wlan1-1
							lan1

and the setup:

#!/bin/ash

# activate VLAN filtering
ip link set dev br-sw type bridge vlan_filtering 1

# setup bridge
bridge vlan del dev br-sw self vid 1
bridge vlan add dev br-sw self vid 100
bridge vlan add dev br-sw self vid 117
bridge vlan add dev br-sw self vid 118
bridge vlan add dev br-sw self vid 119
bridge vlan add dev br-sw self vid 120
bridge vlan add dev br-sw self vid 128

# tag traffic on ports
bridge vlan add dev wan vid 100
bridge vlan add dev wan vid 117
bridge vlan add dev wan vid 118
bridge vlan add dev wan vid 119
bridge vlan add dev wan vid 120
bridge vlan add dev wan vid 128
bridge vlan del dev wan vid 1
bridge vlan add dev lan1 vid 117 pvid
bridge vlan del dev lan1 vid 1
bridge vlan add dev lan2 vid 117 pvid
bridge vlan del dev lan2 vid 1

# wlan stuff omitted...

PC and router are in the same network (192.168.117.0/24). Router can be reached from wan side in both tests.

test 1:
switch (tagged 117, 118, ..., PVID 1) <-> (if: wan) router (if: lan1, only PVID) <-> (no vlan) PC

lan1	 117 PVID Egress

PC has no connection at all to the network.

test 2:
switch (tagged 117, 118, ..., PVID 1) <-> (if: wan) router (if: lan1, PVID untagged) <-> (no vlan) PC

lan1	 117 PVID Egress Untagged

PC has full connection, but cannot reach the router interface. The router cannot reach the PC.

Following the explanation in advanced-802-1q-protocol-management-for-dsa-switch it should show the same behaviour. The router should be accessible form lan1 side.

For the Wifis: all wlanx-y (vid != vid of router interface br-sw.117) get dhcp and connection. The wlanx with vid == router vid br-sw.117 get no dhcp. DHCP on interface LAN is deactivated.

I have an alternative configuration set up, with a setup which is a little bit more complicated. Take a look at ER-X-SFP: VLANs not working properly with kernel 5.4

The switch configuration is working. But the routing does not work.
Use a e.g. phone connected to wifi at another ap. Switch on this router and wait until wifi is up. Then connect phone to the routers wifi. DHCP request goes to the main server, is answered, but the answer is not routed by the router. It is not seen on the routers interfaces. After some time, or when using a random mac address, it suddenly starts working... Fast transition impossible... Works with kernel 4.xxx perfectly.
I gave up wasting time with this buggy dsa stuff... I can't understand why this software has been released in snapshots. It is not supported by (L)uci, bricks most devices that are only supoorted by snapshots, und doesn't even work. Not to mention, that there is no usable documentation for people, that are not involved in kernel development.
Btw... Kernel warnings happen regularly with dsa... When using igmp snooping, while reading the fdb from switch, or just inbetween...

Applied these patches:

Unfortunately, no improvement when roaming WIFI clients to the router. The DHCP answers are still ignored.
If you roam within the same VLAN, with the same MAC address, the answer is ignored. When changing the VLAN and/or the MAC of the roaming device, the DHCP answer is routed immediately...

Hello,

The version of my Xiaomi WiFi Router 3G V2 is:

Capture733×337 22.4 KB

How to update my router to the last version (a version that works ) ?