Creating VLAN Issue

Kentril · March 22, 2020, 5:24pm

Hello, Iům having creating new VLAN for public reasons. But after following instructions internet stopped working and VLAN also not getting any IP from DHCP. Can you help me pls?

here are my files:

DHCP

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'

config dhcp 'lan'
	option interface 'lan'
	option limit '150'
	option leasetime '12h'
	option start '3'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'


config dhcp
	option start '100'
	option leasetime '12h'
	option limit '150'
	option interface 'plan'

firewall:

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan'
	option forward 'ACCEPT'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'


config include
	option path '/etc/firewall.user'


config zone
	option name 'newzone'
	option input 'ACCEPT'
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'plan'

config forwarding
	option dest 'wan'
	option src 'newzone'

config forwarding
	option dest 'newzone'
	option src 'wan'

network:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option _orig_ifname 'eth0.1 wlan0 radio1.network1'
	option _orig_bridge 'true'
	option ifname 'eth0.1'

config interface 'wan'
	option ifname 'eth1'
	option _orig_ifname 'eth1'
	option _orig_bridge 'false'
	option proto 'dhcp'

config switch
	option name 'rtl8366s'
	option reset '1'
	option enable_vlan '1'
	option max_length '3'
	option enable_vlan4k '1'

config switch_vlan
	option device 'rtl8366s'
	option vlan '1'
	option ports '0 1 2 3 5t'

config switch_vlan
	option device 'rtl8366s'
	option vlan '2'
	option ports '4 5t'

config interface 'plan'
	option proto 'static'
	option ifname 'eth0.2'
	option ipaddr '10.10.1.1'
	option netmask '255.255.255.0'
	option gateway '10.10.1.1'
	option broadcast '10.10.1.255'
	option dns '8.8.8.8'

thanks

Jiri

psherman · March 22, 2020, 7:58pm

You accidentally showed your firewall twice -- one of those was supposed to be the network file. Try updating your post and then we can take a look.

As a side note, you'll want to change the "newzone" configuration to reject or drop on the input so that people on your public network cannot access the router. Then create a set of traffic rules to allow DHCP and DNS to the router itself from the public network.

ahmar16 · March 24, 2020, 7:36am

Take a look at above config. What exactly are you trying to achieve here? You assigned the same IP address to ipaddr and gateway options. That may be causing the issue you are facing.

If you want to share a LAN port for Guests then I suggest you look for Guest network documentation on the OpenWrt website.

trendy · March 24, 2020, 11:22am

Also don't use dns 8.8.8.8 in plan interface. If you want to advertise to hosts connected to plan interface the 8.8.8.8 nameserver, you can use option 6 in dhcp settings.

Kentril · March 24, 2020, 4:27pm

Thank you guest.
This might be the right URL:
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guest-wlan-webinterface

Kentril · April 5, 2020, 4:22pm

Hi guys, I'm desperate. I tried everyting to config VLAN. I try describing situation. DHCP doesn't work on Guest Network.

Since this page I realized that switch port 0 is LAN 4 on physical device.
Are all this settings correct?

And Zone Settings?
Link
DHCP and DNS?
Link

Here are my files.

DHCP

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'

config dhcp 'lan'
	option interface 'lan'
	option limit '150'
	option leasetime '12h'
	option start '3'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config dhcp
        option start '100'
        option limit '150'
        option interface 'guest'
        option leasetime '1h'
        option force '1'

firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan'
	option forward 'ACCEPT'

config zone
	option name 'guest'
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'guest'
	option input 'REJECT'

config forwarding
	option dest 'wan'
	option src 'guest'

config rule
	option target 'ACCEPT'
	option src 'guest'
	option name 'Guest DNS'
	option dest_port '53'

config rule
	option target 'ACCEPT'
	option name 'Guest DHCP'
	option dest_port '67-68'
	option proto 'udp'
	option src 'guest'

network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option _orig_ifname 'eth0.1 wlan0 radio1.network1'
	option _orig_bridge 'true'
	option ifname 'eth0.1'

config interface 'wan'
	option ifname 'eth1'
	option _orig_ifname 'eth1'
	option _orig_bridge 'false'
	option proto 'dhcp'

config switch
	option name 'rtl8366s'
	option reset '1'
	option enable_vlan '1'
	option max_length '3'
	option enable_vlan4k '1'

config switch_vlan
	option device 'rtl8366s'
	option vlan '1'
	option ports '0 1 2 3 5t'

config switch_vlan
	option device 'rtl8366s'
	option vlan '2'
	option ports '0t 5t'

config interface 'guest'
	option proto 'static'
	option ifname 'eth0.2'
	option ipaddr '192.168.3.1'
	option netmask '255.255.255.0'

Thanks for any advice.

Regards

Jiri

trendy · April 5, 2020, 4:28pm

First of all Attitude Adjustment is ancient version of OpenWrt.

Nope, port 0 must be off in vlan1. In vlan2 port0 must be untagged.

Kentril · April 5, 2020, 5:24pm

Marvelous! It works perfectly!

THANKS!

Jiri

trendy · April 5, 2020, 6:23pm

Still your device is vulnerable due to outdated version of OpenWrt. Consider upgrading to the newest 19.07 or old stable 18.06.
If the problem is solved, feel free to mark the topic accordingly .

system · May 24, 2020, 4:04pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.