[RFC PATCH v2 0/1] Introduce UCI support for configuring DSA VLAN filter rules

Felix Fietkau nbd at nbd.name
Fri Mar 26 08:42:38 GMT 2021 

On 2021-03-26 09:34, Martin Schiller wrote:
> On 2020-07-24 19:13, Felix Fietkau wrote:
>> On 2020-07-24 18:44, Jo-Philipp Wich wrote:
>>> Hi Felix,
>>> 
>>>> [...]
>>>> 
>>>> For a simple default config, you could have this:
>>>> 
>>>> # network
>>>> config device
>>>         option type bridge  # I assume this is needed as well
>>>> 	option name switch0
>> Correct.
>> 
>>>> config bridge-vlan
>>>> 	option vlan 1
>>>> 	option ports "lan1 lan2 lan3 lan4"
>>>> 
>>>> config interface lan
>>>> 	option ifname switch0.1
>>>> 
>>>> 
>>>> # wireless
>>>> 
>>>> config wifi-iface
>>>> 	option network lan
>>>> 
>>>> 
>>>> In this case, wlan0 would be added to switch0 and set to VLAN 1 
>>>> untagged
>>>> by default.
>>>> 
>>>> If you want it on VLAN 10 tagged/PVID instead, you could do:
>>>> 	option network-vlan "10:t*"
>>>> 
>>>> 
>>>> What do you think?
>>> 
>>> I did think about it some more, also in context of a LuCI 
>>> implementation and
>>> the special role of wifi and I am convinced now that this approach 
>>> generally
>>> makes sense.
>>> 
>>> However for the vlan I wonder if we should simply use "option vid 10" 
>>> since
>>> setting anything besides an egress untagged pvid does not make sense 
>>> for wifi.
>> I think more complex VLAN settings make sense for WDS if you want to
>> carry multiple networks over the link.
>> 
>>> So your second example above would become:
>>> 
>>>   config wifi-iface
>>>     option network lan
>>>     option vid 10  # instead of inheriting vid 1, use 10 as pvid
>>> 
>>> 
>>> Also, just to clarify... assuming a:
>>> 
>>>   config interface foo
>>>     option ifname somevlanbridge0.456
>>> 
>>> and an wifi iface without an explicit vid override:
>>> 
>>>   config wifi-iface
>>>     option network foo
>>> 
>>> ... we would inherit vid 456 and set as pvid, right? Or are we are 
>>> always
>>> going to default to 1?
>> It would inherit 456 to keep it in sync with the VLAN based network.
>> 
> 
> Is this functionality already integrated?
> I am testing with a xrx200 based system with the DSA mainline driver and
> a wifi interface and have the problem that the wlan0 interface is added
> to the bridge switch0 but the bridge vlan configuration for the wlan0
> interface is not set.
It's handled differently now.

You can set lan's ifname to switch0.1 (without option type bridge) and
use 'option network lan' in the wifi-iface. It will detect that the lan
ifname is a vlan on top of a vlan-filtering bridge and will add wlan0 to
switch0 and make it a member of lan's vlan.

- Felix

More information about the openwrt-devel mailing list