mirror of
https://dev.iopsys.eu/feed/iopsys.git
synced 2026-01-27 17:37:18 +01:00
8.4 KiB
8.4 KiB
Bridge VLAN Filtering - Mixed Mode Examples
Overview
The brvlan:mixed mode provides flexible control over which ports are tagged vs untagged in a bridge VLAN configuration. This is useful for complex scenarios where different ports need different VLAN tagging behavior.
Syntax
Basic Mixed Mode (Default Behavior)
brvlan:mixed:VID
Behavior: WAN tagged, LAN ports untagged (same as brvlan:wan-tagged:VID)
Custom Mixed Mode (Specify Tagged Ports)
brvlan:mixed:VID:TAGGED_PORTS
Behavior: Ports listed in TAGGED_PORTS are tagged, all others are untagged
TAGGED_PORTS Format: Same as port list specification (LAN1-LAN2-WAN, WAN, etc.)
Examples
Example 1: Basic Mixed Mode (WAN Tagged by Default)
Scenario: Internet service where WAN needs VLAN 100, LAN ports untagged
uci set netmode.global.mode='advanced'
uci set netmode.mode_4_supprted_args_1.value='internet'
uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:100'
uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN'
uci commit netmode && service netmode restart
Result:
config interface 'internet'
option device 'br-internet.100'
option proto 'dhcp'
config device br_internet
option name 'br-internet'
option type 'bridge'
option vlan_filtering '1'
list ports 'eth0' # LAN1
list ports 'eth1' # LAN2
list ports 'ae_wan' # WAN
config bridge-vlan brvlan_100_internet
option device 'br-internet'
option vlan '100'
list ports 'eth0:u' # LAN1 untagged
list ports 'eth1:u' # LAN2 untagged
list ports 'ae_wan:t' # WAN tagged
Example 2: Only Specific LAN Ports Tagged
Scenario: Enterprise network where LAN1 and WAN are tagged, LAN2 and LAN3 are untagged
uci set netmode.global.mode='advanced'
uci set netmode.mode_4_supprted_args_1.value='corporate'
uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:200:LAN1-WAN'
uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-LAN3-WAN'
uci commit netmode && service netmode restart
Result:
config interface 'corporate'
option device 'br-corporate.200'
option proto 'dhcp'
config device br_corporate
option name 'br-corporate'
option type 'bridge'
option vlan_filtering '1'
list ports 'eth0' # LAN1
list ports 'eth1' # LAN2
list ports 'eth2' # LAN3
list ports 'ae_wan' # WAN
config bridge-vlan brvlan_200_corporate
option device 'br-corporate'
option vlan '200'
list ports 'eth0:t' # LAN1 tagged (specified)
list ports 'eth1:u' # LAN2 untagged
list ports 'eth2:u' # LAN3 untagged
list ports 'ae_wan:t' # WAN tagged (specified)
Example 3: All LAN Ports Tagged, WAN Untagged
Scenario: Reverse scenario where LAN ports carry VLAN tags but WAN doesn't
uci set netmode.global.mode='advanced'
uci set netmode.mode_4_supprted_args_1.value='service'
uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:300:LAN1-LAN2-LAN3'
uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-LAN3-WAN'
uci commit netmode && service netmode restart
Result:
config bridge-vlan brvlan_300_service
option device 'br-service'
option vlan '300'
list ports 'eth0:t' # LAN1 tagged
list ports 'eth1:t' # LAN2 tagged
list ports 'eth2:t' # LAN3 tagged
list ports 'ae_wan:u' # WAN untagged
Example 4: Only WAN Tagged (Explicit)
Scenario: Same as wan-tagged but using mixed mode explicitly
uci set netmode.global.mode='advanced'
uci set netmode.mode_4_supprted_args_1.value='iptv'
uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:1510:WAN-n'
uci set netmode.mode_4_supprted_args_3.value='LAN3-LAN4-WAN'
uci commit netmode && service netmode restart
Result:
config interface 'iptv'
option device 'br-iptv.1510'
option proto 'none'
config bridge-vlan brvlan_1510_iptv
option device 'br-iptv'
option vlan '1510'
list ports 'eth2:u' # LAN3 untagged
list ports 'eth3:u' # LAN4 untagged
list ports 'ae_wan:t' # WAN tagged
Example 5: Multi-Service with Different Tagging
Scenario: Internet with LAN1+WAN tagged, IPTV with only WAN tagged
uci set netmode.global.mode='advanced'
uci set netmode.mode_4_supprted_args_1.value='internet,tv'
uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:1499:LAN1-WAN,brvlan:mixed:1510:WAN-n'
uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-WAN,LAN3-LAN4-WAN'
uci commit netmode && service netmode restart
Result:
Internet Service (VLAN 1499):
config bridge-vlan brvlan_1499_internet
option device 'br-internet'
option vlan '1499'
list ports 'eth0:t' # LAN1 tagged
list ports 'eth1:u' # LAN2 untagged
list ports 'ae_wan:t' # WAN tagged
TV Service (VLAN 1510):
config bridge-vlan brvlan_1510_tv
option device 'br-tv'
option vlan '1510'
list ports 'eth2:u' # LAN3 untagged
list ports 'eth3:u' # LAN4 untagged
list ports 'ae_wan:t' # WAN tagged
Example 6: Trunk Port Configuration
Scenario: LAN1 as trunk port (tagged), others as access ports (untagged)
uci set netmode.global.mode='advanced'
uci set netmode.mode_4_supprted_args_1.value='vlan100'
uci set netmode.mode_4_supprted_args_2.value='brvlan:mixed:100:LAN1'
uci set netmode.mode_4_supprted_args_3.value='LAN1-LAN2-LAN3-LAN4'
uci commit netmode && service netmode restart
Result:
config bridge-vlan brvlan_100_vlan100
option device 'br-vlan100'
option vlan '100'
list ports 'eth0:t' # LAN1 tagged (trunk port)
list ports 'eth1:u' # LAN2 untagged (access port)
list ports 'eth2:u' # LAN3 untagged (access port)
list ports 'eth3:u' # LAN4 untagged (access port)
Comparison: Mixed Mode vs Other Modes
| Mode | Syntax | Tagged Ports | Untagged Ports |
|---|---|---|---|
| tagged | brvlan:tagged:100 |
ALL | None |
| wan-tagged | brvlan:wan-tagged:100 |
WAN only | All LAN |
| mixed (default) | brvlan:mixed:100 |
WAN only | All LAN |
| mixed (custom) | brvlan:mixed:100:LAN1-WAN |
LAN1, WAN | All others |
Use Cases
Use Case 1: DMZ Configuration
- LAN1: Tagged (DMZ network with VLAN tag)
- LAN2-4: Untagged (local network)
- WAN: Tagged (ISP requirement)
brvlan:mixed:100:LAN1-WAN
Use Case 2: Guest Network
- LAN1-2: Tagged (guest WiFi APs that handle VLANs)
- LAN3-4: Untagged (local devices)
- WAN: Untagged (local ISP connection)
brvlan:mixed:50:LAN1-LAN2
Use Case 3: Managed Switch Uplink
- LAN1: Tagged (uplink to managed switch)
- LAN2-4: Untagged (end user devices)
- WAN: Tagged (ISP VLAN)
brvlan:mixed:200:LAN1-WAN
Port Specification Reference
When specifying tagged ports in mixed mode:
| Specification | Resolves To | Example |
|---|---|---|
WAN |
WAN device | ae_wan |
LAN1 |
LAN1 device from UCI | eth0 |
LAN1-LAN2 |
LAN1 and LAN2 | eth0, eth1 |
LAN1-WAN |
LAN1 and WAN | eth0, ae_wan |
ALL |
Not supported in tagged ports spec | Use brvlan:tagged instead |
Troubleshooting
Verify Port Tagging
# View bridge VLAN table
bridge vlan show
# Expected output shows :t (tagged) or :u (untagged)
port vlan-id
eth0 100 Tagged
eth1 100 Untagged
ae_wan 100 Tagged
Check Configuration
# View bridge-vlan sections
uci show network | grep bridge-vlan -A5
# Look for ports list with :t or :u suffixes
Common Mistakes
-
Wrong Syntax: Must use colon between VID and port spec
- ❌
brvlan:mixed:100-LAN1-WAN - ✅
brvlan:mixed:100:LAN1-WAN
- ❌
-
Using ALL: Don't use ALL in tagged ports
- ❌
brvlan:mixed:100:ALL - ✅ Use
brvlan:tagged:100instead
- ❌
-
Duplicate Ports: Port appears in both bridge port list and tagged spec
- Ensure the port list in arg 3 includes all ports you reference in arg 2
Advanced: Multiple VLANs on Same Bridge
While this guide focuses on single VLAN per bridge, you can create multiple bridge-vlan sections manually after netmode configuration for trunk scenarios. However, this is beyond the scope of netmode automation.
Document Version: 1.0 Last Updated: 2025-12-12 Feature: Bridge VLAN Filtering Mixed Mode