VLAN setup device with AR8327 and WI-FI

xrlls · March 14, 2024, 7:26pm

Hi,

I am in the process of setting up VLANs on a wAP ac LTE6.

On the Ethernet side I have been successfull, by following the guide here:
https://help.mikrotik.com/docs/display/ROS/Basic+VLAN+switching#BasicVLANswitching-Otherdeviceswithabuilt-inswitchchip

/interface ethernet switch port
set 0 default-vlan-id=1 vlan-mode=fallback
set 1 default-vlan-id=1 vlan-mode=fallback
set 2 vlan-mode=secure
/interface ethernet switch vlan
add independent-learning=yes ports=ether1,ether2,switch1-cpu switch=switch1 vlan-id=20

This enables me to create access ports, trunk ports etc.

When I check the Ethernet ports in /bridge/port they have hardware acceleration enabled.

/interface bridge port
print
Flags: X - DISABLED, I - INACTIVE; H - HW-OFFLOAD
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HORIZON
#    INTERFACE              BRIDGE  HW   PVID  PRIORITY  PATH-COST  INTERNAL-PATH-COST  HORIZON
;;; defconf
0  H ether1                 bridge  yes     1  0x80             10                  10  none
;;; defconf
1 IH ether2                 bridge  yes     1  0x80             10                  10  none
;;; defconf
2 X  wlan1 (uplink 2.4GHz)  bridge          1  0x80             10                  10  none
;;; defconf
3 I  wlan2 (5GHz)           bridge         20  0x80             10                  10  none
4 I  wlan3 (2.4GHz)         bridge          1  0x80             10                  10  none
5    eoip-tunnel1           bridge          1  0x80             10                  10  none
6    wlan4 (emoji 5GHz)     bridge         20  0x80                                     none

My problem is when I try to add WI-FI to the mix.

My initial attempt was to simply change the PVID on the WI-FI interfaces on the bridge:

/interface bridge port
set 6 pvid=20

But this does not work as expected and the WI-FI stays connected to the VLAN 1 even if changing it to someone else (20). I can work around this by enabling VLAN filtering on the bridge, and configuring the VLANs on the bridge:

/interface bridge
set 0 vlan-filtering=yes

/interface bridge vlan
add bridge=bridge tagged=bridge,ether1,ether2 untagged="wlan2 (5GHz),wlan4 (emoji 5GHz)" vlan-ids=20

But enabling vlan-filtering on the bridge causes hardware acceleration for the Ethernet ports to be disabled.

So, to get to my question, how do I get VLANs running across both wired Ethernet interfaces with hardware acceleration enabled and WI-FI interfaces on this particular device with an AR8327 switch chip? I’m not sure I really get the relation between the bridge and the switch config.

Any inputs or references to other threads or documentation is much appreciated!

tdw · March 14, 2024, 8:47pm

You have to apply the tagging in the wireless interface with vlan-id=XXX and vlan-mode=use-tag - this is only possible in the old (6.x or 7.x upto and including 7.12) /interface wireless settings, it is a lost feature with the new /interface/wifi/ drivers

xrlls · March 15, 2024, 7:14am

I am still running the legacy drivers due to the disk space constraints, so this was exactly what I needed!

Thanks!