Do you mean the UCI of the working config? That would be the following:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd48:e132:af34::/48'
option packet_steering '1'
config device 'switch'
option name 'switch'
option type 'bridge'
option macaddr '4c:9e:ff:f2:b7:81'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
config bridge-vlan 'lan_vlan'
option device 'switch'
option vlan '100'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
config interface 'infra'
option proto 'dhcp'
option device 'switch.100'
config interface 'debug'
option device 'lan8'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option proto 'static'
config bridge-vlan
option device 'switch'
option vlan '178'
list ports 'lan1:t'
list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:t'
list ports 'lan5'
config bridge-vlan
option device 'switch'
option vlan '70'
list ports 'lan1:t'
list ports 'lan4:t'
list ports 'lan6'
config bridge-vlan
option device 'switch'
option vlan '80'
list ports 'lan1:t'
list ports 'lan7'
config interface 'user'
option proto 'dhcp'
option device 'switch.178'
config interface 'server'
option proto 'dhcp'
option device 'switch.70'
config interface 'jail'
option proto 'dhcp'
option device 'switch.80'
In the mean time I found one error on my side. I had a timezone-template
assigned to the device which broke the vlan template (globals).
Now I can render the following device config preview:
package system
config system 'system'
option hostname 'switch-eg'
option timezone 'CET-1CEST,M3.5.0,M10.5.0/3'
option zonename 'Europe/Berlin'
config timeserver 'ntp'
option enable_server '0'
option enabled '1'
list server '0.openwrt.pool.ntp.org'
list server '1.openwrt.pool.ntp.org'
list server '2.openwrt.pool.ntp.org'
list server '3.openwrt.pool.ntp.org'
package network
config device 'device_br_lan'
option name 'br-lan'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
list ports 'lan7'
option type 'bridge'
option vlan_filtering '1'
config bridge-vlan 'vlan_br_lan_178'
option device 'br-lan'
list ports 'lan1:t*'
list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:t'
option vlan '178'
config bridge-vlan 'vlan_br_lan_70'
option device 'br-lan'
list ports 'lan1:t'
list ports 'lan4:t'
list ports 'lan6:u*'
option vlan '70'
config bridge-vlan 'vlan_br_lan_80'
option device 'br-lan'
list ports 'lan1:t'
list ports 'lan4:t'
list ports 'lan7:u*'
option vlan '80'
config bridge-vlan 'vlan_br_lan_100'
option device 'br-lan'
list ports 'lan2:u*'
list ports 'lan3:u'
list ports 'lan4:u'
list ports 'lan5:u'
option vlan '100'
config interface 'vlan_br_lan_178'
option device 'br-lan.178'
option proto 'none'
config interface 'vlan_br_lan_70'
option device 'br-lan.70'
option proto 'none'
config interface 'vlan_br_lan_80'
option device 'br-lan.80'
option proto 'none'
config interface 'vlan_br_lan_100'
option device 'br-lan.100'
option proto 'none'
config interface 'br_lan'
option device 'br-lan'
option proto 'none'
config interface 'infra'
option device 'br-lan.100'
option ifname 'infra'
option proto 'dhcp'
config interface 'user'
option device 'br-lan.178'
option ifname 'user'
option proto 'dhcp'
config interface 'server'
option device 'br-lan.70'
option ifname 'server'
option proto 'dhcp'
config interface 'jail'
option device 'br-lan.80'
option ifname 'jail'
option proto 'dhcp'
config interface 'debug'
option device 'lan8'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option proto 'static'
package dhcp
config dnsmasq 'dnsmasq_1'
option authoritative '1'
option cachesize '1000'
option domain 'lan'
option domainneeded '1'
option ednspacket_max '1232'
option expandhosts '1'
option leasefile '/tmp/dhcp.leases'
option local '/lan/'
option localise_queries '1'
option localservice '1'
option readethers '1'
option rebind_localhost '1'
option rebind_protection '1'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
config dhcp 'debug'
option dhcpv4 'server'
option interface 'debug'
option leasetime '12h'
option limit '100'
option start '10'
# ---------- files ---------- #
# path: /etc/dropbear/authorized_keys
# mode: 0644
ssh-ed25519 AAA....
from this template for the vlans & dhcp:
{
"interfaces": [
{
"type": "bridge",
"bridge_members": [
"lan1",
"lan2",
"lan3",
"lan4",
"lan5",
"lan6",
"lan7"
],
"name": "br-lan",
"vlan_filtering": [
{
"vlan": 178,
"ports": [
{
"ifname": "lan1",
"tagging": "t",
"primary_vid": true
},
{
"ifname": "lan2",
"tagging": "t"
},
{
"ifname": "lan3",
"tagging": "t"
},
{
"ifname": "lan4",
"tagging": "t"
}
]
},
{
"vlan": 70,
"ports": [
{
"ifname": "lan1",
"tagging": "t"
},
{
"ifname": "lan4",
"tagging": "t"
},
{
"ifname": "lan6",
"tagging": "u",
"primary_vid": true
}
]
},
{
"vlan": 80,
"ports": [
{
"ifname": "lan1",
"tagging": "t"
},
{
"ifname": "lan4",
"tagging": "t"
},
{
"ifname": "lan7",
"tagging": "u",
"primary_vid": true
}
]
},
{
"vlan": 100,
"ports": [
{
"ifname": "lan2",
"tagging": "u",
"primary_vid": true
},
{
"ifname": "lan3",
"tagging": "u"
},
{
"ifname": "lan4",
"tagging": "u"
},
{
"ifname": "lan5",
"tagging": "u"
}
]
}
]
},
{
"type": "other",
"name": "infra",
"device": "br-lan.100",
"proto": "dhcp",
"ifname": "infra"
},
{
"type": "other",
"name": "user",
"device": "br-lan.178",
"proto": "dhcp",
"ifname": "user"
},
{
"type": "other",
"name": "server",
"device": "br-lan.70",
"proto": "dhcp",
"ifname": "server"
},
{
"type": "other",
"name": "jail",
"device": "br-lan.80",
"proto": "dhcp",
"ifname": "jail"
}
]
}
BEfore the error was that the Port Tagging did not apply.
Now the new error is that the config does not deploy and gets roled back:
Error reported from the device:
Fri Jul 11 22:13:52 2025 daemon.info openwisp: The following uci configs
have been renamed: network.bridge_vlan1, network.bridge_vlan2,
network.bridge_vlan3
Fri Jul 11 22:13:53 2025 daemon.crit openwisp: Could not apply
configuration, openwisp-update-config exit code was 2
Fri Jul 11 22:13:53 2025 daemon.crit openwisp: ERROR: invalid UCI
configuration file: network
Fri Jul 11 22:13:59 2025 daemon.info openwisp: The most recent
configuration backup was restored
f.capoano schrieb am Donnerstag, 10. Juli 2025 um 16:44:29 UTC+2:
> I tried parsing the configuration file generated via UCI that you have
> provided, but the library can't parse it, which is not a good sign.
>
> Can you share the UCI configuration in /etc/config/network?
>
> The Bridge VLAN fitlering implementation needs to be improved, I opened an
> issue for this:
> https://github.com/openwisp/netjsonconfig/issues/356
> If you can share the UCI code I'll add it to the issue (or you can add it
> yourself there).
>
> In the meantime as a workaround, could you define the configuration you
> need by supplying files?
> It's a bit uncomfortable but it will help you get around this issue, you
> can also use variables freely in files which is nice.
>
> Best regards
> *Federico Capoano*
> OpenWISP OÜ
> Kotkapoja tn 2a-10, 10615, Harju maakond, Tallinn, Estonia
> VAT: EE101989729
> +372 59361689 <+372%205936%201689>
> *openwisp.io* <http://openwisp.io>
>
>
> On Thu, 10 Jul 2025 at 10:49, 'Marten Lucas' via OpenWISP <
> [email protected]> wrote:
>
>> Hi,
>> first of all great project. I am new to openwrt but still managed to get
>> openwisp running with several devices. But now I am struggeling with a VLAN
>> setup for a ZyXEL GS1900-8
>> v2 (with DSA).
>>
>> The switch is connected via a trunked port to the mainrouter which is the
>> dhcp server.
>> The target config is this 4 VLANs with different ports that get the IPs
>> from the mainrouter.
>>
>> This is the template I created:
>>
>> {
>> "interfaces": [
>> {
>> "type": "bridge",
>> "bridge_members": [
>> "lan1",
>> "lan2",
>> "lan3",
>> "lan4",
>> "lan5",
>> "lan6",
>> "lan7"
>> ],
>> "name": "br-lan",
>> "vlan_filtering": [
>> {
>> "vlan": 178,
>> "ports": [
>> {
>> "ifname": "lan1",
>> "tagging": "t"
>> },
>> {
>> "ifname": "lan2",
>> "tagging": "t"
>> },
>> {
>> "ifname": "lan3",
>> "tagging": "t"
>> },
>> {
>> "ifname": "lan4",
>> "tagging": "t"
>> }
>> ]
>> },
>> {
>> "vlan": 70,
>> "ports": [
>> {
>> "ifname": "lan1",
>> "tagging": "t"
>> },
>> {
>> "ifname": "lan4",
>> "tagging": "t"
>> },
>> {
>> "ifname": "lan6",
>> "tagging": "u"
>> }
>> ]
>> },
>> {
>> "vlan": 80,
>> "ports": [
>> {
>> "ifname": "lan1",
>> "tagging": "t"
>> },
>> {
>> "ifname": "lan4",
>> "tagging": "t"
>> },
>> {
>> "ifname": "lan7",
>> "tagging": "u"
>> }
>> ]
>> },
>> {
>> "vlan": 100,
>> "ports": [
>> {
>> "ifname": "lan1",
>> "tagging": "u"
>> },
>> {
>> "ifname": "lan2",
>> "tagging": "u"
>> },
>> {
>> "ifname": "lan3",
>> "tagging": "u"
>> },
>> {
>> "ifname": "lan4",
>> "tagging": "u"
>> },
>> {
>> "ifname": "lan5",
>> "tagging": "u"
>> }
>> ]
>> }
>> ]
>> },
>> {
>> "type": "other",
>> "name": "infra",
>> "device": "br-lan.100",
>> "proto": "dhcp",
>> "ifname": "infra"
>> },
>> {
>> "type": "other",
>> "name": "user",
>> "device": "br-lan.178",
>> "proto": "dhcp",
>> "ifname": "user"
>> },
>> {
>> "type": "other",
>> "name": "server",
>> "device": "br-lan.70",
>> "proto": "dhcp",
>> "ifname": "server"
>> },
>> {
>> "type": "other",
>> "name": "jail",
>> "device": "br-lan.80",
>> "proto": "dhcp",
>> "ifname": "jail"
>> }
>> ]
>> }
>>
>> After I applied it to the switch without error, the /etc/config/network
>> on the device is:
>> config interface 'infra'
>> option proto 'dhcp'
>> option device 'br-lan.100'
>> option ifname 'infra'
>>
>> config interface 'br_lan'
>> option device 'br-lan'
>> option proto 'none'
>>
>> config interface 'vlan_br_lan_70'
>> option device 'br-lan.70'
>> option proto 'none'
>>
>> config interface 'vlan_br_lan_178'
>> option device 'br-lan.178'
>> option proto 'none'
>>
>> config interface 'jail'
>> option device 'br-lan.80'
>> option ifname 'jail'
>> option proto 'dhcp'
>>
>> config interface 'debug'
>> option device 'lan8'
>> option ipaddr '192.168.1.1'
>> option netmask '255.255.255.0'
>> option proto 'static'
>>
>> config interface 'vlan_br_lan_100'
>> option device 'br-lan.100'
>> option proto 'none'
>>
>> config interface 'user'
>> option device 'br-lan.178'
>> option ifname 'user'
>> option proto 'dhcp'
>>
>> config device 'device_br_lan'
>> option name 'br-lan'
>> list ports 'lan1'
>> list ports 'lan2'
>> list ports 'lan3'
>> list ports 'lan4'
>> list ports 'lan5'
>> list ports 'lan6'
>> list ports 'lan7'
>> option type 'bridge'
>>
>> config interface 'vlan_br_lan_80'
>> option device 'br-lan.80'
>> option proto 'none'
>>
>> config interface 'server'
>> option device 'br-lan.70'
>> option ifname 'server'
>> option proto 'dhcp'
>>
>> config bridge-vlan
>> option device 'br-lan'
>> option vlan '100'
>> list ports 'lan1'
>>
>> You see the port tagging is not applied.
>>
>> When I manually setup the config with VLANs in luci it works and I get
>> the following config:
>>
>> config interface 'infra'
>> option proto 'dhcp'
>> option device 'br-lan.100'
>> option ifname 'infra'
>>
>> config interface 'br_lan'
>> option device 'br-lan'
>> option proto 'none'
>>
>> config interface 'vlan_br_lan_70'
>> option device 'br-lan.70'
>> option proto 'none'
>>
>> config interface 'vlan_br_lan_178'
>> option device 'br-lan.178'
>> option proto 'none'
>>
>> config interface 'jail'
>> option device 'br-lan.80'
>> option ifname 'jail'
>> option proto 'dhcp'
>>
>> config interface 'debug'
>> option device 'lan8'
>> option ipaddr '192.168.1.1'
>> option netmask '255.255.255.0'
>> option proto 'static'
>>
>> config interface 'vlan_br_lan_100'
>> option device 'br-lan.100'
>> option proto 'none'
>>
>> config interface 'user'
>> option device 'br-lan.178'
>> option ifname 'user'
>> option proto 'dhcp'
>>
>> config device 'device_br_lan'
>> option name 'br-lan'
>> list ports 'lan1'
>> list ports 'lan2'
>> list ports 'lan3'
>> list ports 'lan4'
>> list ports 'lan5'
>> list ports 'lan6'
>> list ports 'lan7'
>> option type 'bridge'
>>
>> config interface 'vlan_br_lan_80'
>> option device 'br-lan.80'
>> option proto 'none'
>>
>> config interface 'server'
>> option device 'br-lan.70'
>> option ifname 'server'
>> option proto 'dhcp'
>>
>> config bridge-vlan
>> option device 'br-lan'
>> option vlan '100'
>> list ports 'lan1'
>> list ports 'lan2'
>> list ports 'lan3'
>> list ports 'lan4'
>>
>> config bridge-vlan
>> option device 'br-lan'
>> option vlan '178'
>> list ports 'lan1:t'
>> list ports 'lan2:t'
>> list ports 'lan3:t'
>> list ports 'lan4:t'
>> list ports 'lan5'
>>
>> config bridge-vlan
>> option device 'br-lan'
>> option vlan '80'
>> list ports 'lan1:t'
>> list ports 'lan4:t'
>> list ports 'lan6'
>>
>> config bridge-vlan
>> option device 'br-lan'
>> option vlan '70'
>> list ports 'lan1:t'
>> list ports 'lan4:t'
>> list ports 'lan7'
>>
>> I also tried the programmable switch but it not deploy without error. The
>> template was:
>> {
>> "interfaces": [
>> {
>> "type": "bridge",
>> "name": "br-lan",
>> "bridge_members": [
>> "lan1","lan2","lan3","lan4","lan5","lan6","lan7" ]
>> },
>> { "type":"other", "name":"infra", "device":"br-lan.100",
>> "proto":"dhcp", "ifname":"infra" },
>> { "type":"other", "name":"user", "device":"br-lan.178",
>> "proto":"dhcp", "ifname":"user" },
>> { "type":"other", "name":"server", "device":"br-lan.70",
>> "proto":"dhcp", "ifname":"server" },
>> { "type":"other", "name":"jail", "device":"br-lan.80",
>> "proto":"dhcp", "ifname":"jail" }
>> ],
>> "switch": [
>> {
>> "name": "br-lan",
>> "reset": true,
>> "enable_vlan":true,
>> "vlan": [
>> { "device":"br-lan", "vlan":178, "ports":"lan1t lan2t lan3t
>> lan4t" },
>> { "device":"br-lan", "vlan":70, "ports":"lan1t lan4t lan6u" },
>> { "device":"br-lan", "vlan":80, "ports":"lan1t lan4t lan7u" },
>> { "device":"br-lan", "vlan":100, "ports":"lan1u lan2u lan3u lan4u
>> lan5u" }
>> ]
>> }
>> ]
>> }
>>
>> I also saw the https://github.com/openwisp/netjsonconfig/pull/261 and
>> assumed it is now merged.
>>
>> Can you please help me to either correct the template which correctly
>> sets up the VLAN tagging or help me refine my requirements for a easier
>> implementation.
>>
>> Thank you so much.
>>
>>
>> DISCLAIMER: The Templates were generated with the help of AI
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "OpenWISP" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion, visit
>> https://groups.google.com/d/msgid/openwisp/7d00ca6c-b098-4cbb-ad52-682a366e6465n%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/openwisp/7d00ca6c-b098-4cbb-ad52-682a366e6465n%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion, visit
https://groups.google.com/d/msgid/openwisp/a21759a3-a494-4cf6-82c2-2c7612ead501n%40googlegroups.com.
