diff --git a/nix/pkgs/openwrt/uci-config.nix b/nix/pkgs/openwrt/uci-config.nix
index 3118200..a33b4f3 100644
--- a/nix/pkgs/openwrt/uci-config.nix
+++ b/nix/pkgs/openwrt/uci-config.nix
@@ -157,11 +157,14 @@ let
     );
 
   mgmtInterface =
-    let
-      mgmtInterfaces = networkInterfaces "mgmt";
-    in if builtins.length mgmtInterfaces == 1
-       then builtins.head mgmtInterfaces
-       else "br-mgmt";
+    if hasDSA
+    then "br0.${toString config.site.net.mgmt.vlan}"
+    else
+      let
+        mgmtInterfaces = networkInterfaces "mgmt";
+      in if builtins.length mgmtInterfaces == 1
+         then builtins.head mgmtInterfaces
+         else "br-mgmt";
 
 in
 ''
@@ -205,9 +208,24 @@ in
   ''}
   ${optionalString hasDSA ''
     # DSA
+    ${uciDeleteAll "network.@device"}
+    uci add network device
+    uci set network.@device[-1].name='br0'
+    uci set network.@device[-1].type='bridge'
+    ${concatMapStrings (port: ''
+      uci add_list network.@device[-1].ports='${port}'
+    '') (
+      unique (
+        builtins.concatMap ({ ports, ... }: ports)
+          (builtins.attrValues hostConfig.links)
+      )
+    )}
+    uci set network.br0='interface'
+    uci set network.br0.proto='none'
+    uci set network.br0.device='br0'
+
     ${concatMapStrings (net: ''
-      uci add network bridge-vlan
-      uci set network.@bridge-vlan[-1].device='br-lan'
+      uci set network.@bridge-vlan[-1].device='br0'
       uci set network.@bridge-vlan[-1].vlan='${toString config.site.net.${net}.vlan}'
       ${concatMapStrings (port: ''
         uci add_list network.@bridge-vlan[-1].ports='${port}:${dsaPortType net port}'
@@ -226,11 +244,16 @@ in
 
   # mgmt network
   uci set network.mgmt=interface
-  uci set network.mgmt.ifname='${
-    if builtins.length (networkInterfaces "mgmt") > 0
-    then concatStringsSep " " (networkInterfaces "mgmt")
-    else throw "${hostName}: No interface for mgmt"
-  }'
+  ${if hasDSA
+    then ''
+      uci set network.mgmt.device='br0.${toString config.site.net.mgmt.vlan}'
+    '' else ''
+      uci set network.mgmt.ifname='${
+        if builtins.length (networkInterfaces "mgmt") > 0
+        then concatStringsSep " " (networkInterfaces "mgmt")
+        else throw "${hostName}: No interface for mgmt"
+      }'
+    ''}
   uci set network.mgmt.proto=static
   ${optionalString (hostConfig.interfaces.mgmt.type == "bridge") ''
     uci set network.mgmt.type=bridge
@@ -262,7 +285,12 @@ in
         uci set network.${net}.type=bridge
       ''}
       uci set network.${net}.proto=static
-      uci set network.${net}.ifname='${concatStringsSep " " (networkInterfaces net)}'
+      ${if hasDSA
+        then ''
+          uci set network.${net}.device='br0.${toString config.site.net.${net}.vlan}'
+        '' else ''
+          uci set network.${net}.ifname='${concatStringsSep " " (networkInterfaces net)}'
+        ''}
       ${optionalString (config.site.net.${net}.mtu != null) ''
         uci set network.${net}.mtu=${toString config.site.net.${net}.mtu}
       ''}