u/MeiTheRumi

Second post, but it's also about support. It's also a different topic, which is why I made another. Thank you for reading in advance (and pardon my extremely confusing wording!)

OpenWrt has the ability to either define a VLAN as a device or to tag VLAN on a bridge device. Now, I'm fairly certain I have no clue how VLAN tagging works, because when I tried to use the latter method, it always results in no communication. But when I use the former, it works completely fine and VLAN tagging works cromulently.

For context:

Linksys MR8300 with OpenWrt 25.12.0 in a RoaS with an Aruba Instant On 1830 connected to it via 3 LAN ports in a software bridge.

All 3 LAN ports on the Aruba side are trunk ports with the VLAN tags 1, 50, 60, 70, 80, and 90.

I want to define VLANs 50, 60, 70, 80, and 90 to 5 separate interfaces. Using software VLANs with the bridge as a base device works; using the bridge itself for VLAN tagging, then defining the resulting software VLANs as network devices does not work.

The configuration for all 3 ports on the bridge VLAN are the same with the VLAN tags and configuration as: 50, u* / 60, u / 70, u / 80, u / 90, u.

No communication is established when the bridge VLAN method was used. Ping does not work, either.

What am I missing?

First post here, sorry if it's a support post. I'm kinda at my wits' end!

The idea is simple:

I want to set up a VLAN with a (illegal, I know, it's just a placeholder) of 99999. It connects the router containing OpenWrt and a bunch of other LAN stuff. This is on top of an untagged bridge (let's call this B) encapsulating all of the LAN ports outside of WAN. Now, I also want the wireless receiver to ALSO connect via that same VLAN. But I'm not sure on the whole procedure of it.

I have done it once but it's a mess where (I think) I have a VLAN device (called A) on the wireless receiver, a VLAN device on B, then a bridge on both A and B, while setting VLAN Filtering to ON and Untagged Primary on A while Tagged on B. It feels too complicated and... Janky for lack of a better term?

On LuCI (ideally) or on SSH, what is the exact configuration I need to do?

On another note, are there any better solutions for safe OpenWrt management outside of "disable LuCI and only operate via SSH then use libpam"? I want to include 2FA but there's luci-app-2fa which revolves around plugins... And I have no clue on how to even work with plugins. Outside of the existing software manager.

Oh, and another note, has anyone ever tried VLAN with a ZoneDirector and Ruckus APs? It's a nightmare and I'm not sure if I want to touch it. If anyone had experience, please do let me know how it went! Maybe it'll give me the confidence to do it myself.

Thank you in advance!