VLANs in OpenWrt 21

On my Archer C7 the br-lan does not have multiple lan ports bridged. Instead it only shows a "Switch VLAN" named eth0.1. I still have the Network->Switch menu item but no checkbox to "bridge interfaces" from the old guide.
Here is what worked for me:
In Network->Switch select "Add VLAN", then make sure it is tagged on the CPU(eth0). This will create another "Switch VLAN" under Network->Interfaces->Devices. Create a new Interface with a static adress and select eth0.3 (or whatever "Switch VLAN" was created). Select IP range, firewall, etc. and don't forget to enable DHCP. From there it seems identical to OpenWRT 19.

Why should one enable bridge VLAN filtering when it causes issues or doesn't work with older devices? Wouldn't it be safer always to create a separate bridge for each VLAN device?

In devices i can't see physical ports.tp-link openwrt 22.03.5

I learn something new every time I watch this video. Just an average user with 4G internet trying to figure out how to set up vlan's on a network with 4G router and an 8 port switch and a few wireless access points! Appreciate you taking the time to try and simplify basic knowledge of how the internet works in your home and how to protect yourself from doing something that may not help your internet security which is important today to know that there is a lot more going on behind the screen than most understand and could be more harmful than you know!

the delay between what youre talking about and whats happening on screen is so annoying and hard to follow. Add on the tangents you constantly go on and it's just unwatchable as a guide.

Thanks so much Marc for the OpenWRT Videos. I have just got started in this world of using old hardware. I have three Netgear WAC 104 access points running ver 22 and followed your video on fast roaming, what a difference in my wifi cheers. The call to action, yes Proxmox container with a lan to cover containers into a vpn would be amazing too see.

An easier way around talking about Linux config files is to pronounce etc as "et see" (like Etsy). It always bugged me when I had to say "e" "t" "c" and felt relieved when learned about the "et see" pronunciation. Tiny but goodie!

So I am running this with a openWRT 22.03, with a tplink sg108e. My managed switch is what my main desktop is connected to, a long with various servers. I can't seem to figure out the proper configuration...

I want the router to give access to all VLANs through port 1, to the managed switch. I than want the switch to receive all data through port 8. Give access to a VLAN 40 on port 1 & 2 (preferably with the end device not being tagged), VLAN 50 on port 3 (again untagged), VLAN 30 on port 4 (untagged), VLAN 60 on ports 5/6/7 untagged, than VLAN 10 tagged on port 7 (management port). This way I can tag my network to hope over into management and manage my network, but be blocked from my firewall if I try to do that from VLAN 60.

Having a real hard time with this.

Hello OneMarcFifty, I've been seeing a lot of your videos for a while now, they are truly amazing, but with this one I had one problem, whenever I set my VLAN to an interface, and assigned that interface to a Wi-Fi, that Wi-Fi would not be able to connect to anything, it does give out the IP Address, but doesn't connect, I'm guessing it's something related to my interface not being a bridge, and I'm not entirely sure if this assumption is right, do you have any idea on how to fix this? I'm on a banana pi r3, snapshot version.

I already have a router on raspberry Pi. My ISP's modem is in bridgemode. I use a USB adapter as WAN port and the ethernetport for the LAN side. And I run a VPN so all traffic in my local network uses vpn on internet, very safe.

Now I have the opportunity to switch to a cyber ISP. However they only ship a wifi modem/router which I cannot set to bridge. The only opportunity is to leave out the modem completely and setup a VLAN with the media convertor and the raspberry PI VPN router.

So I am very very much interested in a video how to set this up

Mediaconverter <-> VLAN <-> WAN port Raspberry Pi with WRT | Wireguard VPN interface <-> Local network

Thank you for making a video with openwrt and raspberry Pi!

Please can you send a link to or paste your uci config?

Thank you for making this video! I was clicking around the LuCI web interface for quite a bit without finding where to configure VLANs. Also, the official documentation does not seem to be very updated around configuring VLANs in newer versions of OpenWRT. Thanks again!

Yes please I am going through everything you said to do on raspberry pi

I have a 3370 with OpenWRT and did an upgrade this week from the old "Switch based VLAN" to the new DSA. I see a performance impact when i used bridged vlan filtering. Currently i'm trying to find out how to implement the old vlan method on the new version.

What would the br-lan Bridge VLAN filtering table settings look like for a router with 4 ports: VLAN 99 for the LAN zone includes ports 1-2-3, VLAN 3 for the IoT zone includes port 4 (I have an unmanaged switch plugged in here for IoT wired devices), and VLAN 4 for the GUEST zone?

Was solving a deep understanding problem from us, but we needed to skip back a lot of times. Thank you!

dear OneMarcFifty
in my router , wdr4300 running openwrt 21
there is switch menu on network tab,
should i use 21 DSA metod or 19 openwrt version methode?

I've been playing with OpenWRT for many years but I still have a very tenuous grasp of concepts like "bridge", "interface" and so on. I've watched your videos several times but still cannot get these structures clear in my mind. I get terribly confused as you describe things. It's very frustrating.

If you don't mind my saying so, I've noticed that sometimes you're describing something that doesn't correlate with what's appearing on screen. My brain has a hard time following you through this discontinuity.

Also, a few times during the video you're on topic A then suddenly shift to tangential topic B and then back to A. I'm really struggling, here.

Why this is more complicated than the older versions, instead of simplify they make it harder!

Openwrt in vm with hardware passthrough will be interesting. E.g. how to get a native lan to lan throughput in guest os, virtually separate router that connect ISP, and use vm for dedicated remote management machine, etc

This was very helpful

Hi Marc,

I was updating my routers to openwrt22.03, but I found no issue configuring vlans in the same way as on openwrt19.07. Do I miss something?

You answered what I was wanting with my previous comment, Thanks, you do an amazing job. I know this is an older video but OpenWRT on a Raspberry Pi would be awesome.

A single video with a managed switch, openwrt router, and proxmox would be fantastic!

Great video, as always. Combined this with the Firewall video to set up some medium and low security networks for multiple SSID APs. Thanks!

Yes, please :) Videos with adguard and Proxmox will be interesting :) Thank you in advance :)

OneMarcFifty = NeMarkfuffzig?

Hi great Video, but i Like to see the guest Wifi over Wireguard (mulvad) (because germany ;) Pls can you Help.

Hi, good video, however, I'm still unable to get VLANs working on my Nanopi R4SE even though I've played the video several times, specially the 'DSA and bridges' chapter...
The nanoPi has eth0 on WAN interface and eth1 on the LAN one. No switch fabric whatsoever, so DSA not really used. Just the new, brainhurting WoW, as far as I understood.
What I'd like to achieve is to define VLAN10 as the WAN network and VLAN1 as the LAN network. Both of these VLANs should go out through a trunk on eth1 (in other words, tagged).
I've successfully created eth0.10, eth1.1 and eth1.10. The corresponding VLAN1 and VLAN10 interfaces were 'automagically' created. Good, but... What next?
What exactly do I need to bridge now? Not clear to me...
Any hint?

Wow!! This is really an amazing video. You do such a great job explaning it. You have great visual aids, the pacing is good too, and you answer almost every question I have all whilst highlighting difference between popular versions of OpenWRT. You condensed down what could have taken hours or days to piece together into a 30 minute video.

THANK YOU! I've been sitting for hours trying to figure this out, and it finally dropped when watching this

I was a fool to think that I had managed to configure 21.03 with DSA by myself: 21.03 on FB4020 does still have a "switch" menu: I didn't realize that it's not a real DSA thing. Now I got EdgeRouter X and was shocked to find out that I'm clueless! Thank you so much for your great video! Now I can start!

Hello, about your call to action : i have internet outages many times, so i use iphone on the PC as internet source. I would like to distribute internet to all devices at home from my iphone. And i have a synology ds918+ nas. So i would like to 1/ have a openwrt VM on synology nas (virtual machine manager) 2/ use OpenWrt VM for all services instead of my internet box 3/ use iphone as second internet access when my box is down 4/ when iphone act as internet source i don't want to plug it directly to the nas but plug it in my PC ot use it as wifi access point wich is distributed to the OpenWrt VM as second WAN. (because the nas is in the electric box in the appartment entrance, and i want not to go there every time i want read my messages in the iphone). Please do a series of videos : 1/ fresh openwrt VM install into synology nas (virtual machine manager) 2/ configure VM as main router instead of internet box 3/ usb over IP iphone from PC to openwrt VM 3/ dual WAN : iphone + internet box 4/ using iphone as second WAN : 4.1 plugged into PC and usb over ip to the openwrt VM or 4.2 iphoine wifi acces point acting as second WAN for the openwrt VM 5/ third WAN : vpn+killswitch for qbittorrent docker containers managed by the openwrt VM :) - best regards

im on the latest version of Openwrt, i recreated the same vlan configuration as yours. i then added an access point(non openwrt router) on lan 2, with untagged and pvid checked, however, i couldn’t access my pihole web gui that is connected on my access point… but i can ping them when i’m connected on my main router

Thank you very much for videos. Cheers.

Many thanks for these excellent videos. If you are still thinking about future topics for videos, support for the Redmi AX6000 was recently merged. This device looks promising. 802.11ax and potentially better range than the Belkin RT3200 thanks to its external antenna array. SoC is more powerful as well. A video on OW installation and comparison to the RT3200 would be a great one IMO.

best video i've seen today, thanks 😎

Thank you, that was a great wrap up. Being new to OpenWrt and its terminology this helped so much more than the written DSA guide on the docs 🙂

You don’t mention the case of a port that is untagged in one VLAN and tagged in one or
more addition VLANs that Openwrt and most smart switches fully support.

Great content...

Your way of explaining things is the perfect match for my way of understanding things. Thank you so much for having this channel. I'm learning so much about home networking.

How do i know if a router supports DSA? I want to buy one which supports this…
By the way; great videos Marc!

When no VLAN filtering is active on a bridge device, all ports part of the bridge are trunks, i.e. all untagged and tagged packages are passed along. On the bridge an interface (a subnet denoted by an UCI network.interface) can be created on the bridge as well as (software) 802.1q devices, either explicitly or implictily as custom device for an interface. For a reason that I do not fully understand one cannot succesfully connect a WLAN device to the latter software 802.1q device; but can connect though a WLAN to a bridge device over one or more of such software 802.1q devices. Any idea why ?

Might be worth to make short video on DHCP configs - to make sure, for example, that static hosts with permanent flag are not shared with guest network...

Very good guide, good work Mark

I just installed OpenWRT 22.03 on my Zyxel Armor Z2 ... and it seems I can configure VLANs both in the switch menu (as I used to) and in the VLAN filtering menu.
Although ... they are separate. I can't see the VLANs on the switch in the other menu.

Would be great to have a video with Raspberry Pi running PiHole / DHCP + AdGuard + WireGuard ! You rock !

Super video! Thanks to you I now managed to get my perfect home setup running:
- main router (WRT-3200, wifi off due to buggy drivers, vlan filtering)
- dumb AP1 (Ubiquiti UniFi 6 LR: 2.4G/5G internal-wlan/guest-wlan, vlan filtering, fast roaming)
- dumb AP2/switch (WRT-1900 ACS: 2.4G/5G internal-wlan/guest-wlan, vlan filtering, fast roaming)