In OpenWrt version 21.02, the configuration method for switch/vlan has changed. Instead of using swconfig, it has been changed to DSA, and as a result, the method for configuring switch/vlan has also changed.
What is DSA?
DSA stands for Distributed Switch Architecture, which is a Linux kernel subsystem for network switches. It is the upstream replacement for OpenWrt’s swconfig framework, and many new routers use DSA drivers instead of swconfig drivers. In DSA, each switch port is a separate Linux interface. This means that the ip/ifconfig commands will show interfaces like lan1, lan2, wan, etc. DSA switch ports can be used as independent interfaces (a common solution for WAN) or bridged using Linux bridge interfaces. In the latter case, the switch can still route traffic at the hardware level, so performance is not affected. Each port can only be part of one bridge at most.
Simple Port Bridging
In the simplest case, switch ports are bridged using Linux bridge interfaces, and OpenWrt configures this interface using the IP protocol. In this case, all devices connected to the bridged ports can communicate with each other and with the router itself. Example:
| 123456789101112 | config device option name 'br-lan' option type 'bridge' list ports 'lan1' list ports 'lan2' list ports 'lan3' list ports 'lan4'config interface 'lan' option device 'br-lan' option proto 'static' option ipaddr '192.168.1.1' option netmask'255.255.255.0' |
Multiple Networks (Using Bridges)
By using multiple bridging interfaces, the switch can be configured to group selected ports into separate networks. With separated firewall zones, devices connected to different port groups will not be able to communicate with each other. Example:
| 1234567891011121314151617181920 | config device option name 'br-home' option type 'bridge' list ports 'lan1' list ports 'lan2'config device option name 'office' option type 'bridge' list ports 'lan3' list ports 'lan4'config interface 'home' option device 'br-home' option proto 'static' option ipaddr '192.168.1.1' option netmask'255.255.255.0'config interface 'office' option device 'office' option proto 'static' option ipaddr '192.168.13.1' option netmask'255.255.255.0' |
Multiple Networks (Using VLAN)
A single bridge can also be used to separate (group) ports with multiple VLANs. This requires assigning interfaces to the correct software VLAN. Example:
| 123456789101112131415161718192021222324252627 | config device option name 'br-lan' option type 'bridge' list ports 'lan1' list ports 'lan2' list ports 'lan3' list ports 'lan4'config bridge-vlan option device 'br-lan' option vlan '1' list ports 'lan1' list ports 'lan2'config bridge-vlan option device 'br-lan' option vlan '2' list ports 'lan3' list ports 'lan4'config interface 'home' option device 'br-lan.1' option proto 'static' option ipaddr '192.168.1.1' option netmask'255.255.255.0'config interface 'office' option device 'br-lan.2' option proto 'static' option ipaddr '192.168.13.1' option netmask'255.255.255.0' |
VLAN Tagged Traffic
With the correct bridging VLAN configuration, selected ports can also handle VLAN tagged traffic. This also requires assigning OpenWrt interfaces to the correct software VLAN. Example: Port lan4 uses tagged packets of VLAN 1 and has a PVID of 2.
| 1234567891011121314151617181920212223 | config device option name 'br-lan' option type 'bridge' list ports 'lan1' list ports 'lan2' list ports 'lan3' list ports 'lan4'config bridge-vlan option device 'br-lan' option vlan '1' list ports 'lan1' list ports 'lan2' list ports 'lan3' list ports 'lan4:t'config bridge-vlan option device 'br-lan' option vlan '2' list ports 'lan4:u*'config interface 'lan' option device 'br-lan.1' option proto 'static' option ipaddr '192.168.1.1' option netmask'255.255.255.0' |