- I have 2 subnets, x.x.1.x and x.x.2.x on a Linksys EA8100
- Subnet 1.x is for my LAN to my VMs
- Subnet 2.x is for my IoT devices, all of them are wireless
- I like one of my VM to be on the 2.x subnet so that IoT mDNS etc can work better
- How do I assign the 2.x IP address via DHCP?
- I have set a static address, but it still receives a 1.x subnet IP address
Connect your VM to the appropriate VLAN. It sounds like it's physically connected to the LAN subnet. You'll need to make the connection to the physical host that has the VMs into a trunk port that carries the LAN subnet as well as a tagged VLAN for the IoT subnet. Then you configure your host and VM supervisor/hypervisor to expect the appropriate VLAN ID (tagged) and to pass it to the VM in question.
Thanks
- Correct it is physically connected to the LAN subnet.a
- Any idea how to configure the trunk port and tagged VLAN on openwrt?
It's not hard, but entirely depends on the hardware you're using.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):
Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
# ubus call system board
{
"kernel": "6.6.73",
"hostname": "Hall",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "Linksys EA8100",
"board_name": "linksys,ea8100-v1",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.0",
"revision": "r28427-6df0e3d02a",
"target": "ramips/mt7621",
"description": "OpenWrt 24.10.0 r28427-6df0e3d02a",
"builddate": "1738624177"
}
}
# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'aaaa:bbbb:cccc::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config device
option name 'lan1'
option macaddr 'AA:BB:CC:DD:EE:FF'
config device
option name 'lan2'
option macaddr 'AA:BB:CC:DD:EE:FF'
config device
option name 'lan3'
option macaddr 'AA:BB:CC:DD:EE:FF'
config device
option name 'lan4'
option macaddr 'AA:BB:CC:DD:EE:FF'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ip6assign '60'
list ipaddr '192.168.214.1/24'
list dns '8.8.8.8'
list dns '1.1.1.1'
config device
option name 'wan'
option macaddr 'AA:BB:CC:DD:EE:FF'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config bridge-vlan
option device 'br-lan'
option vlan '2'
list ports 'lan1:t'
config device 'device_home'
option type 'bridge'
option name 'br-home'
config interface 'subnet_home'
option proto 'static'
option device 'br-home'
option ipaddr '192.168.9.1/24'
list dns '8.8.8.8'
list dns '1.1.1.1'
config device 'device_guest'
option type 'bridge'
option name 'br-guest'
config interface 'subnet_guest'
option proto 'static'
option device 'br-guest'
option ipaddr '192.168.247.1/24'
list dns '8.8.8.8'
list dns '1.1.1.1'
config device 'device_iot'
option type 'bridge'
option name 'br-iot'
config interface 'subnet_iot'
option proto 'static'
option device 'br-iot'
option ipaddr '192.168.249.1/24'
list dns '8.8.8.8'
list dns '1.1.1.1'
root@Hall:~#
I'm slightly confused because the config here doesn't match your initial description:
So I'm guessing you were just using these as examples, rather than the literal address scheme of your subnets.
With that in mind... you said:
So I'll assume that the goal is to make the IoT network available to your VM over the trunk.
With that as the goal, I see that you're already part way there in that you have bridge-VLANs for VLAN 1 and VLAN 2 already defined. VLAN 1 is set as untagged on all ports (although I'd recommend being explicit with :u* on all ports here). And VLAN 2 is setup as tagged on port lan1. But, since VLAN 2 isn't connected with any of your networks, I assume that's the one that you want to be your IoT VLAN.
Thus, we'll make just a few small changes.
First, delete this:
Then change your iot network's device to br-lan.2:
config interface 'subnet_iot'
option proto 'static'
option device 'br-lan.2'
option ipaddr '192.168.249.1/24'
list dns '8.8.8.8'
list dns '1.1.1.1'
Finally, on the host that contains the VM, you'll need to setup that system to expect VLAN 2 (tagged) on the ethernet port and configure that to bridge through to the VM in question. This last part is out of scope for these forums, but should be reasonably well documented for most VM environments.
After making the changes, restart your router and test.
ok let me try it out thanks! for the record, my VM host is proxmox.
Remove A
config device 'device_iot'
option type 'bridge'
option name 'br-iot'
Change B from
option device 'br-iot'
to
option device 'br-lan.2'
- What does A do today? (I don’t quite understand the concept of
device) - There are wireless devices getting IPs from
subnet_iot, will A or B break it? If not, where is the wireless configured actually?
thanks!
The device definition here sets up a bridge (useful for wifi only in this situation). A device is a physical port or a radio, or in the case of a bridge device, it is a collection of ports and/or radios. In OpenWrt, though, the radios are defined in the wireless config file, so you don't declare them in the network file.
The bridge device you have defined has no associated ethernet ports, but allows you to use multiple wifi radios (i.e. 2G and 5G) on the same network. Without the bridge device, you'd only be able to use one radio (i.e. 2G XOR 5G).
In DSA configs (like yours), if you want to connect ethernet with your network, it happens via a single bridge. If you have multiple subnets, you can then use bridge-VLANs to set the port-VLAN membership and this also allows for the use of wifi + ethernet.
What you'll be doing per my recommendations will not change anything in the wireless configuration, but it will add the ability to use the IoT network with ethernet.
I had made the configurations, i.e. option device 'br-lan.249', and my wireless devices can still acquire a x.x.249.x address, but not the wired VM. Is there a way I can use a Windows/MacOS device to verify that my OpenWRT is configured correctly?
I thought it is easier to clear this side here before I dive deeper into Proxmox as there are only a few settings there for VLAN to work and I have tried everything I know.
- There just isn’t any traffic on the
x.x.249.x - Does my
br-lanlook right?
As @psherman said above
You need to configure Proxmox to assign a tagged VLAN to the VM in question. I found this https://medium.com/@P0w3rChi3f/proxmox-vlan-configuration-a-step-by-step-guide-edc838cc62d8 helpful
Your article seems to be talking about creating VLANs in Proxmox and not handling tagged traffic coming from the router.
In Proxmox, as I understand it, are 2 steps:
- Make the physical NIC aware of VLAN tags (tick
VLAN aware) - Setting the VLAN ID in VM’s NIC
But my VM is not getting a response for its DHCP, am I missing anything?
I tried that and it didnt work. As described in the link, making the primary bridge VLAN aware, creating a secondary bridge with the required VLAN ID and then assigning the VM NIC to the secondary bridge worked.
Thanks, I did try out your article’s approach, but still no DHCP IP.
And it seems yours is using method 2/3: https://docs.bankai-tech.com/Proxmox/Docs/Networking/VLAN%20Configuration/
I suppose my interest here is, did I get my OpenWRT correct?
It is.
Maybe re-post your current Openwrt configuration so it can be double-checked.
cat > /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'aaaa:bbbb:cccc::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config device
option name 'lan1'
option macaddr 'AA:BB:CC:DD:EE:FF'
config device
option name 'lan2'
option macaddr 'AA:BB:CC:DD:EE:FF'
config device
option name 'lan3'
option macaddr 'AA:BB:CC:DD:EE:FF'
config device
option name 'lan4'
option macaddr 'AA:BB:CC:DD:EE:FF'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ip6assign '60'
list ipaddr '192.168.214.1/24'
list dns '8.8.8.8'
list dns '1.1.1.1'
config device
option name 'wan'
option macaddr 'AA:BB:CC:DD:EE:FF'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config bridge-vlan
option device 'br-lan'
option vlan '249'
list ports 'lan1:t'
config device 'device_home'
option type 'bridge'
option name 'br-home'
config interface 'subnet_home'
option proto 'static'
option device 'br-home'
option ipaddr '192.168.9.1/24'
list dns '8.8.8.8'
list dns '1.1.1.1'
config device 'device_guest'
option type 'bridge'
option name 'br-guest'
config interface 'subnet_guest'
option proto 'static'
option device 'br-guest'
option ipaddr '192.168.247.1/24'
list dns '8.8.8.8'
list dns '1.1.1.1'
config interface 'subnet_iot'
option proto 'static'
option device 'br-lan.249'
list ipaddr '192.168.249.1/24'
list dns '8.8.8.8'
list dns '1.1.1.1'
you can try using the correct vlans
for all networks where traffic passes over the trunk cable = lan1 ( ps: it's just a general advice do it anyway even if the traffic doesn't need to pass ):
config bridge-vlan
option device 'br-lan'
option vlan '247'
list ports 'lan1:t'
config interface 'subnet_guest'
option proto 'static'
option device 'br-lan.247'
option ipaddr '192.168.247.1'
option netmask '255.255.255.0'
list dns '8.8.8.8'
list dns '1.1.1.1'
config bridge-vlan
option device 'br-lan'
option vlan '249'
list ports 'lan1:t'
config interface 'subnet_iot'
option proto 'static'
option device 'br-lan.249'
option ipaddr '192.168.249.1' # <- previus list ipaddr '192.168.249.1/24'
option netmask '255.255.255.0'
list dns '8.8.8.8'
list dns '1.1.1.1'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ip6assign '60'
option ipaddr '192.168.214.1' # <- previus list ipaddr '192.168.214.1/24'
option netmask '255.255.255.0'
list dns '8.8.8.8'
list dns '1.1.1.1'
config bridge-vlan
option device 'br-lan'
option vlan '9'
list ports 'lan1:t'
config interface 'subnet_home'
option proto 'static'
option device 'br-lan.9'
option ipaddr '192.168.9.1'
option netmask '255.255.255.0'
list dns '8.8.8.8'
list dns '1.1.1.1'
After testing these changes you should also post /etc/config/dhcp and /etc/config/firewall
I’m not sure what you want me to change?
- All
list ipaddrtooption ipaddr? - Any others?
I made changes in 1, same 0 byte RX on x.x.249.x
https://openwrt.org/docs/guide-user/network/network_configuration#example_configuration
if you see the examples there is never “list ipaddr '192.168.249.1/24'“ but “option ipaddr '192.168.249.1'“
I configure my routers by running uci set …commands, I assume it will create /etc/config/network correctly. Nonetheless, I have made the changes in 1 and it has not made any difference.
- My Proxmox can ping itself (192.168.249.3) but not 192.168.249.1
- My router can ping itself 192.168.249.1 but not 192.168.249.3
- My VM configured for VLAN tag 249 cannot get IP address via DHCP
- The interface
subnet_iotreceived 0 bytes throughout all these activities