I trying to use radius-assigned dynamic vlan on latest BB (14.07, r42801).
It _almost_ work: user authenticated, attributes received successfully, interface wlan0.39 (I assign user to the vlan 39) successfully created, bridge breth0.39 created too and wlan0.39 added to it, and.. thats all.
Interface eth0.39 does not created, and, of course, not added to the bridge.

root@ap:~# cat /etc/config/wireless  | grep vlan
        option dynamic_vlan '1'
        option vlan_tagged_interface 'eth0'

root@ap:~# cat /var/run/hostapd-phy0.conf | grep vlan
dynamic_vlan=1
vlan_naming=1
vlan_tagged_interface=eth0

root@ap2:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br-lan          7fff.1caff773d358       no              eth0
breth0.39               8000.1caff773d358       no              wlan0.39

Any idea what I missing ? Ofc I can create interface and even bridge manually, but this is not normal function, I presume.

Update: if I try to manually add eth0.39 later then get error
root@ap:~# vconfig add eth0 39
vconfig: ioctl error for add: File exists

Adding other interface worked:
root@ap:~# vconfig add eth0 40
root@ap:~#

But:
root@ap:~# ifconfig eth0.39 up
ifconfig: SIOCGIFFLAGS: No such device
root@ap:~# ifconfig eth0.40 up
ifconfig: SIOCGIFFLAGS: No such device

Well, problem is found. My system (ar231x-based) create vlanXX interfaces by default, not ethX.XX:

root@ap:~# ls /proc
1            4            7            diskstats    loadavg      stat
1037         42           760          driver       meminfo      sys
1082         427          783          eth0.36      misc         sysvipc
143          428          79           eth0.37      modules      uptime
172          45           80           eth0.38      mounts       version
2            460          977          filesystems  mtd          vlan39
220          47           bus          fs           net          vmstat
221          492          cmdline      interrupts   partitions
3            5            cpuinfo      iomem        self
342          513          crypto       ioports      slabinfo
345          6            devices      kmsg         softirqs
root@ap:~#

Check eth0.36-38 and vlan39 entries. Changing vlan_naming variable to 0 fix this bug,
but suddently found another - vlan_naming does not read from config, created ticket about it.
So fix /lib/netifd/hostapd.sh by self (change default vlan_naming, for example) or wait for fix.

Vlan naming can be set by command vconfig  set_name_type DEV_PLUS_VID_NO_PAD, possibly this command should be added to the netifd script.

Did you got it working, after fixing hostapd.sh?
I'm trying to set up dynamic vlan on BB Final (r42625) and also don't get the interface assigned to the bridge.
The naming problem don't affects my system, but it's still not working.

Would by nice if you could post your configs, if dynamic vlan works on your system.

Are you sure ? Check /proc after connect attempt.

I manually applied https://dev.openwrt.org/changeset/42787

        option dynamic_vlan '1'
        option vlan_naming '0'
        option vlan_tagged_interface 'eth0'

Yes, i have no vlanXX devices in /proc. Only eth0.X devices.

But i don't understand how the bridging works. I have br-lan and breth0.X.
Shouldn't the dynamic interface somehow be bridged to the existing interfaces? Or am i missing someting?

Yes, hostapd automatically bridge them.

root@ap:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br-lan          7fff.1caff773d358       no              eth0
breth0.39               8000.1caff773d358       no              vlan39
                                                        wlan0.39

(Last edited by _DS_ on 11 Oct 2014, 08:29)

Is there a possibility to get the dynamic interface added to an existing bridge like br-lan? Or, how do i get the traffic from the dynamic vlan to my wired network?

Sorry, forget to answer. No, you will need to patch hostapd for correct bridge naming (br-lan instead of brlan).

Thank you for your answer. So it seams to me, that the dynamic vlan feature is still not full implemented in BB, is it?

Well, I using it for now without problems.
Usually you have one wpa-enterprise protected network interface, one non-encrypted interface for guests and management for AP itself. Why you need to add clients to br-lan (where they can connect to AP's ssh and web) instead of other vlan ?

I think, i had different expectations.
At the moment (without dyn. vlans), I have two SSIDs. One for private use (connected to br-lan) and the other one for guests (connected to br-guest). Both are encrypted WIFIs.
With dynamic vlans, i expected to use one SSID and put guest users to a guest vlan (only wan access) and some users in the private network, where they can connect to the wired network and to the AP's ssh and web interface.

I have been working on improving documentation on the wireless 802.1x capabilities of OpenWRT and now have some information on the wiki about dynamic vlan support which may be of assistance to you. http://wiki.openwrt.org/doc/howto/wirel … rity.8021x There will be additional enhancements to the page over time too.

Thank you very much BenFranske! The documentation you posted was exactly what i was looking for.

Note if you have some problems that some of the functionality isn't available unless you're on CC/trunk as I had some patches go in December to implement some of the interface naming parts.

I've followed your doc on stock 14.07, and I'm close but not quite there. After my wireless client connects, they are assigned vlan 11 from RADIUS, and "brctl show" shows:
bridge name    bridge id        STP enabled    interfaces
br-vlan11        7fff.e8de27c407f0    no        eth0.11
breth0.11        8000.e8de27c407f1    no        wlan0.11

I've tried setting vlan_naming '0' in my /etc/config/wireless, and then tried manually changing "set_default vlan_naming 0" in /lib/netifd/hostapd.sh

But I still always see wlan0.11 joining a new bridge named breth0.11 when my wireless client connects, rather than joining br-vlan11. any help would be appreciated.

I was able to get the vlan_naming to take effect. I had to patch some changes from r43473: https://dev.openwrt.org/browser/trunk/p … ?rev=43473

notably the lines with vlan_naming in them :-)

Now when the wireless client connects they are joined to the br-vlan11 bridge.

Ben, is there some way I can help merge my changes into the current release of hostapd-common? I'd hate to make someone else have to do what I did to get this working.

My changes were already approved and merged into trunk back in December. The fact you found them in r43473 is because they are already there. Openwrt has not historically done backports so they will never be available for people running 14.07 but if you try running 15.05 they should be included and no manual patching will be needed.

You would be a prime candidate to install the now available 15.05-RC1 and test that functionality!

Cool, I didn't see that rc1 came out already. That's great news.

Unfortunately I had tried configuring trunk and dynamic vlans wasn't working for me. I'll try rc1 tomorrow and see if I have any better luck.