[OpenWrt-Devel] DSA vlan configuration

Bjørn Mork bjorn at mork.no
Thu Jun 4 09:06:37 EDT 2020

Did some quick experiments on my WRT1900ACv1 (Mamba) now that DSA is
finally in master... 

I wonder if I have understood this correctly:
1) vlan_filtering is required when bridging tagged and untagged DSA
   ports, and
2) all bridge ports, including the wireless VIFs, must be configured
   with the correct VIDs when vlan_filtering is enabled

An if so, how are we supposed to configure that?

I guess a real example helps illustrating the problem.  My example
network has 3 bridges, each connecting a set of untagged ports/VIFs with
one specific tagged vlan on the "wan" port:

config interface 'lan'
        option type 'bridge'
        option ifname 'wan.7 lan2 lan3 lan4'
        option proto 'none'

config interface 'antiboks'
        option ifname 'wan.8'
        option type 'bridge'
        option proto 'none'

config interface 'oob'
        option ifname 'wan.203 lan1'
        option type 'bridge'
        option proto 'static'
        option ipaddr ''
        option netmask ''
        option dns ''
        option dns_search 'mork.no'

(I realize that this could be merged to a single bridge wth
vlan_filtering, but that doesn't really change the configuration

For now I have just hardcoded bridge, port and VIF names in a simple
script.  But this is obviously not a workable permanent solution..

# 1. enable vlan filtering on all bridges
for b in lan antiboks oob; do
  echo 1 >/sys/class/net/br-$b/bridge/vlan_filtering

# 2. configure the vlans for each bridge port
for p in wan.7 wlan0 wlan1 lan2 lan3 lan4; do
  bridge vlan add vid 7 pvid untagged dev $p
  bridge vlan del vid 1 dev $p
for p in wan.8 wlan0-1 wlan1-1; do
  bridge vlan add vid 8 pvid untagged dev $p
  bridge vlan del vid 1 dev $p
for p in wan.203 wlan0-2 lan1; do
  bridge vlan add vid 203 pvid untagged dev $p
  bridge vlan del vid 1 dev $p

# 3. configure vlan for local bridge interfaces
bridge vlan add vid 203 pvid untagged dev br-oob self
bridge vlan del vid 1 dev br-oob self

The working result is:

root at wrt1900ac-1:/# brctl show
bridge name     bridge id               STP enabled     interfaces
br-antiboks             7fff.b4750e60b7e5       no              wlan0-1
br-lan          7fff.b4750e60b7e5       no              lan4
br-oob          7fff.b4750e60b7e5       no              wlan0-2

root at wrt1900ac-1:/# grep . /sys/class/net/*/bridge/vlan_filtering 

root at wrt1900ac-1:/# bridge vlan
port    vlan ids
lan4     7 PVID Egress Untagged

lan3     7 PVID Egress Untagged

lan2     7 PVID Egress Untagged

lan1     203 PVID Egress Untagged

br-antiboks      1 PVID Egress Untagged

wan.8    8 PVID Egress Untagged

br-lan   1 PVID Egress Untagged

wan.7    7 PVID Egress Untagged

br-oob   203 PVID Egress Untagged

wan.203  203 PVID Egress Untagged

wlan1    7 PVID Egress Untagged

wlan0    7 PVID Egress Untagged

wlan0-1  8 PVID Egress Untagged

wlan0-2  203 PVID Egress Untagged

wlan1-1  8 PVID Egress Untagged


openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list