2023/05/24 - openwrt: Migrating to DSA

After upgrading the routers in my home network to the latest openwrt-22.03 version, one of my routers, the avm 7360sl, moved to the new distributed switch architecture (DSA).

In my home network I currently run two separate networks each with their own VLANs and an additional access point (archer c7) to extend the wifi range. The access point and the avm router are connected via tagged ports transferring tagged ethernet packets (VLAN trunk). In the figure below the network setup is shown.

Since the avm box moved from swconfig to DSA I had to migrate my current VLAN setup on the avm box.

The description below documents this setup, and may be of help to anybody :^)

AVM 7360SL

With DSA the switch ports appear as own devices, here the lanX devices.

VLANs are directly configured on the bridge devices and appear as sub-devices of the bridge. See above, the br-lan.10 and br-lan.20 which correspond to the VLANs 10 and 20. The Local setting of the VLAN controls if the corresponding sub-device is created or not.

The lan1 port is configured as tagged (T) for our VLANs. This means for outgoing packets the VLAN tag is not removed and incoming packets should be tagged. Additionally, we configured that incoming packets that are untagged should be tagged with VLAN 99 primary VLAN (U|*). This port is used as VLAN trunk to connect the access point.

For the configuration nothing has changed, besides using the new bridge sub-devices.

Archer C7

For completeness of the setup, the following shows the configuration of the access point.

The access point defines two networks lan and guest similar to the networks defined on the router above. The interfaces bridge the following devices together:

NOTE: The guest interface is setup as unmanaged because it does not need an IP address, since nobody connected to the guest network should be able to connect to the access point. The access point also does not define any firewall rules, as all firewall rules are centrally defined on the avm box.

The switch is configured as shown below. The two interesting configurations are that the CPU (eth0) interface is tagged for all VLANs and that the LAN1 port is tagged as well.

Similar to the avm setup above, the LAN1 port is tagged for our VLANs and hence used as VLAN trunk to connect to the avm router.

The eth0 port is tagged, such that we get sub-devices eth0.10 and eth0.20 for use in our different networks.

References