Need help with VLANs on TO5

I read documentation regarding vlans (https://docs.turris.cz/basics/luci/vlan/luci-vlan/) but I am still confused.

What I want to achieve:

To Turris I want to connect managed switch, lets say to LAN0 on Turris.
I want to create 3 vlans.

If I understand well I need to create new interfaces like vlan1, vlan2, vlan3 and assign some IP range to them.

So for example vlan1, interface lan0.10.

But how can I create trunk, so on LAN0 will be active all vlans? Adding that lan0.10 to LAN bridge?

OK, no response. Is there at least some better documentation, not just “luci based”? For TOS 3/4 there is https://wiki.turris.cz/doc/en/howto/vlan_settings_omnia but I suppose in TOS5 it is different?

If you use TOS 4.x+ then you have to wait untill upstream OpenWRT fixes some bugs with DSA switch driver and its luci support. Its work in progress as of speaking I would also like to create trunk interface but not willing to do complicated CLI setup on each reboot. If you really need it I would suggest to go back to older TOS before DSA switch architecture.

This is only partially true as vlans, including tagged vlans, can be configured as software vlans as described here: https://docs.turris.cz/basics/luci/vlan/luci-vlan/

Just follow the guide mentioned above. You create an interface with a subnet configured and with its own bridge. For Port configuration you use DSA interfaces lanX.X, where lanX is used for untagged traffic and lanX.X is used for tagged traffic. To have 3 vlans with vid 1,2,3 in a trunc on lan port 1 you set up 3 interfaces (with 3 separate software bridges) and assign lan1.1 to bridge 1, lan1.2 to bridge 2 and lan1.3 to bridge 3. If you want vlan 1 to be reachable additionally untagged on lan port 2 you add interface lan2 to bridge 1.

DSA support isn‘t completed in OpenWRT, but above configuration works fine. Problem is that traffic has to pass CPU but as your TO is most likely configured as a router it mostly routes traffic (OSI Layer 3) which needs to pass CPU anyway. And even if you don‘t use your TO as a router you most likely won‘t notice any performance issues…

There is currently a bug in Switch config that interferes traffic coming from clients that roam through the network (e.g. roam from TOs own wifi to an AP connected to a LAN Port). One workaround is to use TOs WAN Port as trunc port and use one LAN Port as WAN Port (just switch assignment to interfaces in LuCI). E.g. use eth2.X for vlan setup described above.