Default gateway to use with vlans

jgriessen · January 1, 2024, 10:34pm

With the setup I have now, thanks to PSherman, DHCP is working to give out the correct address ranges for four vlans. I'm using an MR8300 as router with a cell modem upstream set to bridge mode, so it passes an ip to the openwrt MR8300. I'm confused about how the default gateway got set with four vlans vlan10 192.168.10.x vlan20 192.168.20.x, etc.

Somehow 192.168.10.1 is pingable even though it does not have a dhcp lease.

Also address from the cell modem upstream are pingable, and I had thought with bridge mode that ip addr would be the default gateway, but maybe it's 192.168.10.1

From openwrt MR8300

# ip addr show
.
.
7: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether xxxxx brd ff:ff:ff:ff:ff:ff
    inet 10.128.209.108/24 brd 10.128.209.255 scope global wan

wan has a /24 instead of a single address for a gateway...

If I do a traceroute from a computer on the vlan10 192.168.10.x
the first hop is the openwrt MR8300. So that is the gateway, 192.168.10.1, right?

What made 192.168.10.1 the gateway instead of 192.168.20.1?

traceroute openwrt.org
traceroute to openwrt.org (64.226.122.113), 30 hops max, 60 byte packets
 1  OpenWrt.lan (192.168.10.1)  0.543 ms  0.670 ms  0.603 ms
 2  10.128.209.1 (10.128.209.1)  1.999 ms  1.746 ms  2.251 ms

My /etc/config/network is below:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdbf:e732:f1cc::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan1:u*'
        list ports 'lan2:u*'
        list ports 'lan3:u*'
   
config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'lan4:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '30'
        list ports 'lan4:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '60'
        list ports 'lan4:t'

config interface 'vlan10'
        option device 'br-lan.10'
        option proto 'static'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'
        option ip6assign '60' 

config interface 'vlan20'                    
        option device 'br-lan.20'
        option proto 'static'             
        option ipaddr '192.168.20.1'
        option netmask '255.255.255.0'    
             
config interface 'vlan30'
        option device 'br-lan.30'
        option proto 'static'
        option ipaddr '192.168.30.1'
        option netmask '255.255.255.0'

config interface 'vlan60'
        option device 'br-lan.60'
        option proto 'static'
        option ipaddr '192.168.60.1'
        option netmask '255.255.255.0'

config device
	option name 'lan1'
	option macaddr 'xx'

config device
	option name 'lan2'
	option macaddr 'xx'

config device
	option name 'lan3'
	option macaddr 'xx'

config device
	option name 'lan4'
	option macaddr 'xx'

config device
	option name 'wan'
	option macaddr 'xx'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

mk24 · January 1, 2024, 10:40pm

Yes the same next router upstream is the gateway for all of the lans. This needs to be an IP that is reachable from the wan interface. It appears that the LTE modem itself is again routing with the 10.128 IP. Note the low latency-- the packet didn't actually go over the air yet, it was answered by the local device.

ncompact · January 1, 2024, 10:41pm

if yours config is:

then 192.168.10.1 and 192.168.20.1 and 192.168.30.1 and 192.168.60.1 they are the same device with different IP addresses on different VLANs, so it is normal that it also responds to the ping on a different VLAN

unless you create different firewall zones for each vlan with INPUT on drop or reject

what do you want to achieve?

jgriessen · January 1, 2024, 10:51pm

Are you thinking the LTE modem is not in bridge mode?

"then 192.168.10.1 and 192.168.20.1 and 192.168.30.1 and 192.168.60.1 they are the same device with different IP addresses on different VLANs, so it is normal"
Yes ncompact, that's me.
"what do you want to achieve?"

Choose in IP addr for my c3560 old switch so I can log into it without console cable.
I'm thinking of setting the switch ip addr to 192.168.20.1 of vlan20 of the cisco switch, then ssh to it.

ncompact · January 1, 2024, 10:57pm

presume:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swipaddr.html

jgriessen · January 1, 2024, 11:09pm

Yes, that's the manual for my switch.

I'll go ahead and give it 192.168.20.1 for its address.

Looking at the output of

#show run

on the Cisco switch,
I see vlan1:

interface Vlan1
 ip address 192.168.10.1 255.255.255.0

That's a conflict. a leftover from first try out of this switch. I'll remove that.

mk24 · January 1, 2024, 11:10pm

The switch should only have one IP, on the network that is most trusted.

ncompact · January 1, 2024, 11:16pm

not 192.168.20.1 is your router

set ip address 192.168.20.2 or 192.168.20.x (not in yours dhcp lease)

config dhcp 'vlan20'      
        option interface 'vlan20'
        option start '100'            
        option limit '150'          
        option leasetime '12h'
        option dhcpv4 'server'

jgriessen · January 1, 2024, 11:20pm

OK thanks, will do.

mk24 · January 1, 2024, 11:24pm

Yes missed that. Conventionally addresses of 254, 253, etc are used for infrastructure like switches and dumb APs in a /24 network. Or you can set the switch as a DHCP client. Local DNS should find it by hostname.