Client can send `DHCPDISCOVER` but cannot receive an offer

Hello everyone, I'm trying to understand why a client connected to a switch can broadcast DHCPDISCOVER messages but cannot receive the DHCPOFFER from the router.
To explain my network I prepared a diagram:

                                        x86 OpenWRT "SWITCH"                                             
                                +---------------------------------+                             
                                |                      +----------|                             
                                |                      | untagged |                             
                                |               +------+    to    |                             
                                |--------+      |      |  vid 17  |                             
        ROUTER                  | trunk  |      |      +----------|             CLIENT 1        
+---------------------+         | vid 11 +---BRIDGE               |       +--------------------+
|            +--------|   +-----+ vid 17 |      |      +----------|       |                    |
|            | trunk  |   |     |--------+      |      | untagged |       |----------+         |
|            | vid 11 +---+     |               +------+    to    +-------+   DHCP   |         |
|-------+    | vid 17 |         |                      |  vid 17  |       | untagged |         |
|  wan  |    +--------|         |                      +----------|       |----------+         |
| pppoe |    +--------|         +---------------------------------+       |                    |
|-------+    | trunk  |                                                   +--------------------+
|            | vid 11 +-----------------------------------+                                     
|            | vid 17 |                                   |                                     
|            +--------|                                   |                      CLIENT 2       
+---------------------+                                   |               +--------------------+
                                                          |               |                    |
                                                          |               |--------+           |
                                                          |               |  DHCP  |           |
                                                          +---------------+ vid 17 |           |
                                                                          |--------+           |
                                                                          |                    |
                                                                          +--------------------+

You can see that my router has two LAN ports that I made into trunks with only tagged packages using VLANs 11 and 17. To one port I connected a client that I configured to use VLAN 17 and it can get an IP using DHCP. To the other port I connect a x86 OpenWRT that I want to use as a managed switch; it can get an IP using DHCP through VLAN 17, and bridges a trunk port with two ports to receive untagged packages and tag them using VLAN 17.

My problem is, when I connect a client to one of the "untagged" ports of the "switch" I can see logs on the router of that client macaddr broadcasting DHCPDISCOVER and the router offering a DHCPOFFER, but these packages never arrive back to the client. If I try running a tcpdump on the client I can only see packages going out but nothing coming in. It seems that the bridge on the "switch" is not working....

On the OpenWRT x86 "switch", I have disabled/stopped the firewall, dnsmasq and odhcpcd.

Here is the /etc/config/network:

config interface loopback
  option device lo
  option proto static
  option ipaddr 127.0.0.1
  option netmask 255.0.0.0

config device
	option name switch
	option type bridge
	option ipv6 0
	list ports eth0
	list ports eth1
	list ports eth2

config bridge-vlan
	option device switch
	option vlan 11
	list ports 'eth0:t'
	
config bridge-vlan
	option device switch
	option vlan 17
	list ports 'eth0:t'
	list ports 'eth1:u*'
	list ports 'eth2:u*'

config device
  option name main
  option type 8021q
  option ifname switch
  option vid 17
  option ipv6 0

config interface wan
  option device main
  option proto dhcp

Am I missing anything on this bridge config?

The logs I see on the router are:

$ logread -f
Fri Jan 24 18:53:18 2025 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(vlan-main) CLIENT1MACADDR
Fri Jan 24 18:53:18 2025 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(vlan-main) 10.0.17.198 CLIENT1MACADDR
Fri Jan 24 18:53:21 2025 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(vlan-main) CLIENT1MACADDR
Fri Jan 24 18:53:21 2025 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(vlan-main) 10.0.17.198 CLIENT1MACADDR

and they keep going forever...

Is this an OpenWrt based router?

If so, let's see the configs of that device to make sure we don't see any problems:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

This is a very unusual choice for a switch. Most x86 systems will lack a hardware switch. This means that you've got multiple individually routed ports that you can obviously bridge together, but it is not a proper switch. Aside from that, most x86 systems will have at least an order of magnitude more power consumption than a simple managed switch (purpose built).

Now, on to the configuration of the OpenWrt device...

If you're using it as a switch, why do you have this:

Do you want the switch to use VLAN 17 for its address? If so, do this instead (delete the above and add the next part below):

config interface 'lan'
  option device 'switch.17'
  option proto 'dhcp'

Another thing I'm noticing, although maybe it is an issue with the copy/paste of the config, is that the values are not contained in single quotes (option something 'value'). That is a bit strange and could be related to the issues.

Anyway, after changing deleting the wan and 802.1q stanzas, then adding the lan as I recommended, reboot and test again.

Hey, first of all thank you for looking into my problem.

I figured what was the problem and it was not related to OpenWRT, it was a driver issue.

I was trying to mimic my real network in a virtual network using VirtualBox, and it seems that the network adapters that vbox emulates have some trouble with bridges and tagged network packages. I ran the same configuration using QEMU and everything worked as expected.

For people googling this in the future: stay away from VirtualBox network adapter emulation: QEMU works as expected and allows your guest-to-guest connections to be done unix sockets.

Regarding your comments,

Do you want the switch to use VLAN 17 for its address? If so, do this instead (delete the above and add the next part below):

I don't think it makes a difference. Does it?

Another thing I'm noticing, although maybe it is an issue with the copy/paste of the config, is that the values are not contained in single quotes (option something 'value'). That is a bit strange and could be related to the issues.

I have been generating config files using some automation and I missed this quoting detail. So far things have worked... but I think I'm going to change it to use the standard quotes.

I believe that VBox works with VLANs, although it's been a while since I tried it.

However, that said, virtualizing OpenWrt in general is a bit tricky because so much is dependent on the correct host config (I.e. the Virtualizer/hypervisor software configuration, the host OS, etc.).

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.