Dhcp client br-lan.10 gets no IP from dhcp

Hello, I am at a point where I don't know what to do. I set up an Watchguard AP320 (Mojo C75) with openwrt 23.05.2. This AP is connected via POE to a managed switch, Port 16, 4vlans (1=default, 10=home, 20=iot, 30=guest). The switch acts as dhcp server. So far so good.

By default my interface is already inside a vlan (eth0.1). I don't know if that is causing the issues. However, I edit the default br-lan device, enable vlan functionality, create an dhcp client interface in vlan 10. But it gets no IP? While looking inside my switch, I see that the interface is recognized, but the ip counts up? Everytime I refresh the page, its like 192.168.10.2, then .10.4, .10.5 and counting, eventually starting back at 1 when reached 254.

Can someone maybe help me? I have not touched firewall configs yet, my current /etc/config/network looks like this:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd6d:7fa7:2c70::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        option ipv6 '0'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ipaddr '192.168.177.2'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '192.168.177.200'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 2'
        option vid '1'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'eth0.1'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'

config bridge-vlan
        option device 'br-lan'
        option vlan '30'

config interface 'Heimnetz'
        option proto 'dhcp'
        option device 'br-lan.10'
        option delegate '0'

config device
        option name 'br-lan.1'
        option type '8021q'
        option ifname 'br-lan'
        option vid '1'
        option ipv6 '0'

config route
        option interface 'Heimnetz'
        option target '192.168.10.0/24'

More to the setup: Currently behind a fritzBox (192.168.177.0/24) sits my switch (192.168.177.4), connected to that is my first AP (192.168.177.2). Goal is to let all dhcp stuff happen by the switch, fritzbox only to provide fritzVPN and internet acces. 192.168.177.200 is currently my pihole, that would move later when the AP's are running. I need them to provide wifi, nothing more. Firewall stuff is a thing I have to look for later, maybe via the switch, maybe via opnsense.

You are mixing dsa and dotted notation in a way that will not work.

What is the output of

ubus call system board 
1 Like

Thanks for your fast reply. I guessed sth in that direction. However I am not able to disable the vlan 1 for a "Fresh start" and I am a bit lost on that topic since its my first time doing sth like this.

The output of your requested cmd is the following:

root@OpenWrt:/# ubus call system board
{
        "kernel": "5.15.137",
        "hostname": "OpenWrt",
        "system": "Qualcomm Atheros QCA9558 ver 1 rev 0",
        "model": "AirTight Networks C-75",
        "board_name": "airtight,c-75",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.2",
                "revision": "r23630-842932a63d",
                "target": "ath79/generic",
                "description": "OpenWrt 23.05.2 r23630-842932a63d"
        }
}

The best bet is to reset to defaults and start over. You can use br-lan as a template for additional VLANs where you’ll make br-guest using eth0.30 as an example.

1 Like

Okay, I have done so several times, but I will try again. Makes sense what you said about dotted and none dotted vlan config.

So my default config looks like that:


config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd84:4656:021f::/48'

config interface 'wan'
        option device 'eth0.1'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.1'
        option proto 'dhcpv6'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1.2'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '3 6t'

I have to change eth0.1 and eth1.2 to make the AP accesable. So I do sth like that:


config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd84:4656:021f::/48'

config interface 'wan'
        option device 'eth1.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth1.2'
        option proto 'dhcpv6'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.177.2'
        option netmask '255.255.255.0'
        option ip6assign '60'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '3 6t'

Is that correct so far?

Next I would go through luci "network->Interfaces->Devices" and create a new device "br-guest", make it bridge device and on bridge port I select custom and enter "eth0.30"

Am I on the correct path?

Thanks again so much for your help, you got a "buymeacoffee" or sth like that?

I see what else was wrong - you have a swconfig device and you had deleted the switch stanzas.

add a new vlan switch stanza - this will create vlan 30 tagged on logical port 2 (this is the lan port)

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '30'
        option ports '2t 0t'

Now create a guest bridge:

config device
        option name 'br-guest'
        option type 'bridge'
        list ports 'eth0.30'

And then an unmanaged network interface:

config interface 'guest'
        option device 'br-guest'
        option proto 'none'

And now create a new WiFi ssid interface for your guest network.

This will work assuming that your upstream is configured properly. It is not common to have a switch provide dhcp and routing services unless you have an l2+ or l3 switch. Those tend to be more advanced switches.

If this doesn’t work, please provide a network topology diagram complete with brand/model information for each device.

1 Like

Thanks for the reply and help, once again.

I did as you mentioned, except a minor change: When creating br-guest as unmanaged, it does not get an IP from the switch. When going into dhcp client, it gets an IP. So already one step further. The vlan config in the switch settings I also did. Seems to work so far. Only the wifi is not connecting. Maybe I need to set a gateway or specify the dhcp server somewhere? But I don't know where, except when I make my br-guest interface a static device.

You are correct, its not usual, but I got a layer3 managed switch off of ebay, brand is extralink, device is nemezis pro. I am trying to learn sth just for my private joy. :smiley:

The AP does not need (and in most cases should not have) an address on any network except the one that is used to manage the device. That is why it should be set to unmanaged.

The WiFi, though, should work.

1 Like

You are a genius! Thank you so much! Setting the device back to unmanaged, works just fine with the wifi. I can't thank you enough! Again, you got an buy me a coffe link, or paypal or sth like that? You helped me out of a situation going for at least 2 weeks.

Glad I could help!

https://openwrt.org/donate

1 Like

Hello, its me again. Sorry that I have to bother you again, but somehow now I get no internet connection. So first internet connection worked, after doing the steps above, the lan connection and wifi works, but internet stopped. It must be sth with routing, but I am totally lost at this point.

Setup is the following

FritzBox 7590 AX (192.168.177.1)
Static routes:

My Layer 3 Switch (192.168.177.4)
Screenshot 2024-03-10 112317

My primary wireless AP, connected to port 16 on the switch (192.168.177.2)

/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd84:4656:021f::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'
        option ipv6 '0'
        option bridge_empty '1'
        option macaddr '00:90:7F:ED:15:1F'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.177.2'
        option netmask '255.255.255.0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 2'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '3 6t'
        option vid '2'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '30'
        option ports '2t 0t'

config device
        option name 'br-guest'
        option type 'bridge'
        list ports 'eth0.30'
        option ipv6 '0'
        option bridge_empty '1'
        option macaddr '00:90:7F:ED:05:3F'

config interface 'guest'
        option device 'br-guest'
        option proto 'none'
        option defaultroute '0'

config device
        option name 'eth0.1'
        option type '8021q'
        option ifname 'eth0'
        option vid '1'

config route
        option interface 'lan'
        option target '192.168.177.0/24'
        option gateway '192.168.177.4'

Pinging anything outside 192.168.177.x results in network unreachable. changed gateway to 192.168.177.1, 192.168.177.4, both no changes. Firewall I also set inside openwrt to accept accept accept. What am I doing wrong?

So, umm... I restarted the device for the 100th time I guess... works. I'll leave the PC for the day and go out for a walk.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.