DHCP with VLAN on 21.02

One of my APs is running 21.02 and I am struggling getting wireless clients to obtain a DHCP from the station that is attached to the vlan2 interface. I have another AP in the house running 19.07 and have no issues with wireless clients obtaining DHCP on its vlan2 interface. Admittedly I am more comfortable with 19.07 and relatively new to 21.02 so not sure how to troubleshoot with 21.02. Failing this I might flash the device back to 19.07 and leave 21.02 for future endeavors. Configs and logs for the 21.02 AP below:

network:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fdb5:03e0:d122::/48'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ip6assign '60'
        option gateway '192.168.1.1'
        list ipaddr '192.168.1.2/24'
        list dns '192.168.1.1'

config interface 'wan'
        option device 'wan'
        option proto 'none'
        option auto '0'

config interface 'wan6'
        option device 'wan'
        option proto 'none'
        option auto '0'

config device
        option type '8021q'
        option ifname 'br-lan'
        option vid '2'
        option name 'br-lan.2'

config interface 'vlan2'
        option device 'br-lan.2'
        option proto 'dhcp'


wireless:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11g'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option cell_density '0'
        option country '00'
        option distance '60'
        option htmode 'HT40'
        option channel '13'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11a'
        option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option cell_density '0'
        option channel 'auto'
        option country '00'
        option htmode 'VHT80'

config wifi-iface 'wifinet5'
        option device 'radio0'
        option mode 'ap'
        option ssid 'home'
        option key 'xxxx'
        option network 'lan'
        option ieee80211w '1'
        option wpa_disable_eapol_key_retries '1'
        option encryption 'psk2+ccmp'

config wifi-iface 'wifinet2'
        option device 'radio1'
        option mode 'ap'
        option ssid 'home'
        option key 'xxxx'
        option wpa_disable_eapol_key_retries '1'
        option network 'lan'
        option ieee80211w '1'
        option encryption 'psk2+ccmp'

config wifi-iface 'wifinet3'
        option device 'radio0'
        option mode 'ap'
        option ssid 'home_guest'
        option encryption 'psk2+ccmp'
        option key 'zzzz'
        option ieee80211w '1'
        option wpa_disable_eapol_key_retries '1'
        option network 'vlan2'
        option disabled '1'


Log:

Sun Dec  5 09:40:29 2021 daemon.notice netifd: Interface 'vlan2' is enabled
Sun Dec  5 09:40:29 2021 daemon.info dnsmasq[1453]: reading /tmp/resolv.conf.d/resolv.conf.auto
Sun Dec  5 09:40:29 2021 daemon.info dnsmasq[1453]: using only locally-known addresses for domain test
Sun Dec  5 09:40:29 2021 daemon.info dnsmasq[1453]: using only locally-known addresses for domain onion
Sun Dec  5 09:40:29 2021 daemon.info dnsmasq[1453]: using only locally-known addresses for domain localhost
Sun Dec  5 09:40:29 2021 daemon.info dnsmasq[1453]: using only locally-known addresses for domain local
Sun Dec  5 09:40:29 2021 daemon.info dnsmasq[1453]: using only locally-known addresses for domain invalid
Sun Dec  5 09:40:29 2021 daemon.info dnsmasq[1453]: using only locally-known addresses for domain bind
Sun Dec  5 09:40:29 2021 daemon.info dnsmasq[1453]: using nameserver 192.168.1.1#53
Sun Dec  5 09:40:29 2021 daemon.info dnsmasq[1453]: using only locally-known addresses for domain lan
Sun Dec  5 09:40:29 2021 daemon.info dnsmasq[1453]: using nameserver 192.168.1.1#53
Sun Dec  5 09:40:29 2021 daemon.notice netifd: Interface 'vlan2' is setting up now
Sun Dec  5 09:40:29 2021 daemon.notice netifd: vlan2 (7199): udhcpc: started, v1.33.1
Sun Dec  5 09:40:29 2021 daemon.notice netifd: vlan2 (7199): udhcpc: sending discover
Sun Dec  5 09:40:30 2021 daemon.notice netifd: vlan2 (7199): udhcpc: sending select for 192.168.2.103
Sun Dec  5 09:40:30 2021 daemon.notice netifd: vlan2 (7199): udhcpc: lease of 192.168.2.103 obtained, lease time 86400
Sun Dec  5 09:40:30 2021 daemon.notice netifd: Interface 'vlan2' is now up
Sun Dec  5 09:40:30 2021 daemon.info dnsmasq[1453]: reading /tmp/resolv.conf.d/resolv.conf.auto
Sun Dec  5 09:40:30 2021 daemon.info dnsmasq[1453]: using only locally-known addresses for domain test
Sun Dec  5 09:40:30 2021 daemon.info dnsmasq[1453]: using only locally-known addresses for domain onion
Sun Dec  5 09:40:30 2021 daemon.info dnsmasq[1453]: using only locally-known addresses for domain localhost
Sun Dec  5 09:40:30 2021 daemon.info dnsmasq[1453]: using only locally-known addresses for domain local
Sun Dec  5 09:40:30 2021 daemon.info dnsmasq[1453]: using only locally-known addresses for domain invalid
Sun Dec  5 09:40:30 2021 daemon.info dnsmasq[1453]: using only locally-known addresses for domain bind
Sun Dec  5 09:40:30 2021 daemon.info dnsmasq[1453]: using nameserver 192.168.1.1#53
Sun Dec  5 09:40:30 2021 daemon.info dnsmasq[1453]: using only locally-known addresses for domain lan
Sun Dec  5 09:40:30 2021 daemon.info dnsmasq[1453]: using nameserver 192.168.1.1#53
Sun Dec  5 09:40:30 2021 daemon.info dnsmasq[1453]: using nameserver 192.168.2.1#53
...
Sun Dec  5 09:48:39 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: authenticated
Sun Dec  5 09:48:40 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: authenticated
Sun Dec  5 09:48:40 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: associated (aid 1)
Sun Dec  5 09:48:40 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 RADIUS: starting accounting session EBD1F8F95B636DDE
Sun Dec  5 09:48:40 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 WPA: pairwise key handshake completed (RSN)
Sun Dec  5 09:48:58 2021 daemon.notice hostapd: wlan0-1: AP-STA-DISCONNECTED a6:b2:c5:0c:0c:a0
Sun Dec  5 09:48:58 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: disassociated
Sun Dec  5 09:48:59 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Sun Dec  5 09:49:02 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: authenticated
Sun Dec  5 09:49:02 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: associated (aid 1)
Sun Dec  5 09:49:02 2021 daemon.notice hostapd: wlan0-1: AP-STA-CONNECTED a6:b2:c5:0c:0c:a0
Sun Dec  5 09:49:02 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 RADIUS: starting accounting session 6532D926855E8880
Sun Dec  5 09:49:02 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 WPA: pairwise key handshake completed (RSN)
Sun Dec  5 09:49:16 2021 daemon.notice hostapd: wlan0-1: AP-STA-DISCONNECTED a6:b2:c5:0c:0c:a0
Sun Dec  5 09:49:16 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: disassociated
Sun Dec  5 09:49:17 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Sun Dec  5 09:49:20 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: authenticated
Sun Dec  5 09:49:20 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: associated (aid 1)
Sun Dec  5 09:49:20 2021 daemon.notice hostapd: wlan0-1: AP-STA-CONNECTED a6:b2:c5:0c:0c:a0
Sun Dec  5 09:49:20 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 RADIUS: starting accounting session 46FD9C4AEA0B49DC
Sun Dec  5 09:49:20 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 WPA: pairwise key handshake completed (RSN)
Sun Dec  5 09:49:38 2021 daemon.notice hostapd: wlan0-1: AP-STA-DISCONNECTED a6:b2:c5:0c:0c:a0
Sun Dec  5 09:49:38 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: disassociated
Sun Dec  5 09:49:39 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Sun Dec  5 09:49:44 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: authenticated
Sun Dec  5 09:49:44 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 IEEE 802.11: associated (aid 1)
Sun Dec  5 09:49:44 2021 daemon.notice hostapd: wlan0-1: AP-STA-CONNECTED a6:b2:c5:0c:0c:a0
Sun Dec  5 09:49:44 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 RADIUS: starting accounting session 4F578124BBFE9152
Sun Dec  5 09:49:44 2021 daemon.info hostapd: wlan0-1: STA a6:b2:c5:0c:0c:a0 WPA: pairwise key handshake completed (RSN)
Sun Dec  5 09:50:24 2021 daemon.info hostapd: wlan0: STA d8:f1:5b:11:63:51 IEEE 802.11: authenticated
Sun Dec  5 09:50:24 2021 daemon.info hostapd: wlan0: STA d8:f1:5b:11:63:51 IEEE 802.11: associated (aid 2)
Sun Dec  5 09:50:24 2021 daemon.notice hostapd: wlan0: AP-STA-CONNECTED d8:f1:5b:11:63:51
Sun Dec  5 09:50:24 2021 daemon.info hostapd: wlan0: STA d8:f1:5b:11:63:51 RADIUS: starting accounting session B30C8AF30F22D320
Sun Dec  5 09:50:24 2021 daemon.info hostapd: wlan0: STA d8:f1:5b:11:63:51 WPA: pairwise key handshake completed (RSN)


Sorry...fixed. FW issue. Need to set accept on input for DHCP to work.

Nope its' not a FW issue. I am falling back to 19.07 until I understand how to setup up VLAN's in 21.02

nobody able to give advice here? With 19.07 it's dead easy but I am pulling my hair out with 21.02. All I want is a wifi station off VLAN2.

  1. A gateway + DHCP router with interfaces configured for 192.168.1.1 and 192.168.2.1 (vlan2)
  2. AP with openwrt 21.02 config device br-lan fixed ip 192.168.1.2
  3. 802.1q device br-lan.2 DHCP client successfully obtained address 192.168.2.100
  4. Wireless device connected to br-lan.2.

The problem is the wireless interface connected to br-lan.2 wireless clients obtains an IP address in the 192.168.1.x range. I have tried VLAN filtering vlan1 tag* and vlan2 untagged and all other possible combinations but just can't get any wireless clients to obtain an IP address in the 192.168.2.x range.

Post the working 19.07 and the default 21.02 /etc/config/network files.

Thank you pavelgl

Below the two network configs.

--- 19.07 network ---

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd1f:8fd9:2f24::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.2'
	list dns '192.168.1.1'
	option gateway '192.168.1.1'

config device 'lan_eth0_1_dev'
	option name 'eth0.1'
	option macaddr '20:76:93:3d:01:23'

config interface 'wan'
	option proto 'dhcp'
	option ifname 'eth0.3'
	option auto '0'

config interface 'wan6'
	option proto 'dhcpv6'
	option ifname 'eth0.3'
	option reqaddress 'try'
	option reqprefix 'auto'
	option auto '0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '1 2 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'
	option ports '1t 6t'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option ports '4 6t'

config interface 'vlan2'
	option ifname 'eth0.2'
	option proto 'dhcp'
	option type 'bridge'

--- 21.01 network ---

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fd1d:c9cd:182f::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.4'
	option gateway '192.168.1.1'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '2'
	option name 'br-lan.2'

config interface 'vlan2'
	option proto 'dhcp'
	option device 'br-lan.2'

go to the devices tab in network->interfaces, click configure for br-lan, setup your vlans (including VLAN 1 which you seem to have forgotten) in bridge vlan filtering - don't forget to change LAN interface device setting to br-lan.1 before commiting any changes

tried this before.

Enable VLAN filtering set VLAN1 u* and VLAN2 t

refuses to save.

yeah, it looks like it doesn't, but it does

It doesn't save. I would send you the network file but it's exactly the same. There's not point.

I edited the network config file manually to include the VLAN filtering and rebooted the AP and lost access to the AP so reverted back to the old config.

But why does the VLAN2 interface able to obtain an address in the 192.168.2.x range as expected (and without VLAN filtering turned on)? Why is this problem confined to the wireless clients? If the wireless station is bridged to the VLAN2 interface should the clients not also obtain addresses in the 192.168.2.x range?

trying to create a device called br-lan.1

Save error

An error occurred while saving the form:

RPC call to uci/set failed with ubus code 4: Resource not found at handleCallReply (http://192.168.1.4/luci-static/resources/rpc.js?v=git-21.231.26241-422c175:15:3)

I manually added br-lan.1 in network and rebooted AP.

I see in the devices page br-lan.1 is greyed out.

that's fine

what does your /etc/config/network look like now

The 21.02 configuration should look like this.

config interface 'loopback'
	    option device 'lo'
	    option proto 'static'
	    option ipaddr '127.0.0.1'
	    option netmask '255.0.0.0'

config globals 'globals'
	    option packet_steering '1'
	    option ula_prefix 'fd1d:c9cd:182f::/48'

config device
	    option name 'br-lan'
	    option type 'bridge'
	    list ports 'lan1'
	    list ports 'lan2'

config bridge-vlan
    	option device 'br-lan'
    	option vlan '1'
    	list ports 'lan1:u*'
    	list ports 'lan2:u*'
		
config bridge-vlan
    	option device 'br-lan'
    	option vlan '2'
    	list ports 'lan1:t'
	
config interface 'lan'
	    option device 'br-lan.1'
	    option proto 'static'
	    option netmask '255.255.255.0'
	    option ip6assign '60'
	    option ipaddr '192.168.1.4'
	    option gateway '192.168.1.1'
	
config interface 'vlan2'
    	option device 'br-lan.2'
    	option proto 'dhcp'

config interface 'wan'
	    option device 'wan'
	    option proto 'dhcp'

config interface 'wan6'
	    option device 'wan'
	    option proto 'dhcpv6'

Make sure the firewall is disabled to be able to access the device through the wan port if something goes wrong.

I used your config by in the network file. AP crashes. After reboot blinks for about 3 secs then stops. No access to LAN or WAN ports. My guess is it failed to bring up the switch.

The same configuration works for me on a similar device with 2 lan and one wan ports. Connect to the router through the wan port (which is not a member of the bridge) and make the changes using LuCI. The new configuration should be accepted and you won’t be disconnected.

image

What chipset are you using? I am using MT7621.

1 Like

I copied your first config and that failed. I cried and went to bed for a while. Your second config worked.

thank you pavelgl.

I haven't got to grips with DSA yet so will need to learn.

1 Like