I was able to get the LAN port 1 & 2(VLAN20) working fine.
I went to Setup >Networking >Assign to Bridge to create a connection for Wl0.1(VAP) to VLAN30.
But the client was not able to connect to the VAP.
After a reboot of the DDWRT device, the VLAN30 is disappeared from the "current bridging table". (see attached pic.
I have tried to change VLAN30 port be "3t 5t" and it did not make any difference.
If the Wl0.1(VAP) stay on the default bridge br0, there is no problem to get connected.The client receives an IP address from the default VLAN DHCP.
The current NVRAM value as follow:
vlan1ports= 0 1 2 3 5*
vlan2ports= 4 5u
Then I discovered a problem on the webGUI of the switch config.For some unknown reason, the order of the LAN port reversed.
Port W 1 2 3 4
R R R G G
After the NVRAM set vlan.*ports
Port W 1 2 3 4
R G G R R
The original port.*vlans value
port5vlans=1 2 16
I tried both sets of values and I were not able to get the LAN port working, let alone with VAP. That is why I stay with the startup script method.
port3vlans=1 2 20 30 16
port5vlans=1 2 20 30 16
Frustratingly, this guide https://netosec.com/dd-wrt-wifi-vlans/ makes it sound fairly straightforward. However, in that scenario DD-WRT was acting as a router rather than a gateway and DNS was provided by a separate machine. I wonder if that's relevant.
I probably should have said that that bridge / VAP connectivity seems to be an ongoing issue. There seem to be two symptoms and, based on my limited understanding, it's possible that these have distinct causes.
1) Cannot connect to VAP after reboot (hence the workaround in the start-up scripts)
2) Cannot connect to VAP if bridged and wireless security is enabled.
I've found that I have the second issue: either removing the bridge assignment (sending it back to br0) or removing security (WPA, WEP, anything) allows it to work.
The reason for it is Broadcom's closed source wireless driver and encryption daemon have bugs with unbridged wireless interfaces. On some hardware it doesn't even work with no encryption, some hardware it only affects VAP's but not the main interface... we're stuck dealing with it by using bridges.
Are you able to connect if you either remove the bridge or disable security?
The VAP was able to connect with the default VLAN with no issue. The DHCP is on the primary router. I wonder if this could be an issue for VAP.
The reason to have a VAP is to put it into a difference VLAN to separate the 2 traffic. Default VLAN for main network. VAP for IoT and guest network.
I just do not understand why it does not work with the new bridge.
I can create VAP1 and VAP2, both will work with default VLAN. but not VAP1 for VLAN-A and VAP2 for VLAN-B, for example, with new bridge BrA and BrB.
is it because of the hardware? on some model of router would work, but some don't.
someone have a difference model of router got this working? a VAP bridge with a non default VLAN and connected?