u/MeiTheRumi

OpenWrt, VLAN, and DSA

Second post, but it's also about support. It's also a different topic, which is why I made another. Thank you for reading in advance (and pardon my extremely confusing wording!)

OpenWrt has the ability to either define a VLAN as a device or to tag VLAN on a bridge device. Now, I'm fairly certain I have no clue how VLAN tagging works, because when I tried to use the latter method, it always results in no communication. But when I use the former, it works completely fine and VLAN tagging works cromulently.

For context:

Linksys MR8300 with OpenWrt 25.12.0 in a RoaS with an Aruba Instant On 1830 connected to it via 3 LAN ports in a software bridge.

All 3 LAN ports on the Aruba side are trunk ports with the VLAN tags 1, 50, 60, 70, 80, and 90.

I want to define VLANs 50, 60, 70, 80, and 90 to 5 separate interfaces. Using software VLANs with the bridge as a base device works; using the bridge itself for VLAN tagging, then defining the resulting software VLANs as network devices does not work.

The configuration for all 3 ports on the bridge VLAN are the same with the VLAN tags and configuration as: 50, u* / 60, u / 70, u / 80, u / 90, u.

No communication is established when the bridge VLAN method was used. Ping does not work, either.

What am I missing?

reddit.com
u/MeiTheRumi — 3 days ago

Setting Up VLAN With WeeFee™

First post here, sorry if it's a support post. I'm kinda at my wits' end!

The idea is simple:

I want to set up a VLAN with a (illegal, I know, it's just a placeholder) of 99999. It connects the router containing OpenWrt and a bunch of other LAN stuff. This is on top of an untagged bridge (let's call this B) encapsulating all of the LAN ports outside of WAN. Now, I also want the wireless receiver to ALSO connect via that same VLAN. But I'm not sure on the whole procedure of it.

I have done it once but it's a mess where (I think) I have a VLAN device (called A) on the wireless receiver, a VLAN device on B, then a bridge on both A and B, while setting VLAN Filtering to ON and Untagged Primary on A while Tagged on B. It feels too complicated and... Janky for lack of a better term?

On LuCI (ideally) or on SSH, what is the exact configuration I need to do?

On another note, are there any better solutions for safe OpenWrt management outside of "disable LuCI and only operate via SSH then use libpam"? I want to include 2FA but there's luci-app-2fa which revolves around plugins... And I have no clue on how to even work with plugins. Outside of the existing software manager.

Oh, and another note, has anyone ever tried VLAN with a ZoneDirector and Ruckus APs? It's a nightmare and I'm not sure if I want to touch it. If anyone had experience, please do let me know how it went! Maybe it'll give me the confidence to do it myself.

Thank you in advance!

reddit.com
u/MeiTheRumi — 7 days ago