Hi,
I have a system with multiple networks, each with its own VLAN.
Beside the main br-lan interface I created a br-guest (with relative wireless SSID) and a br-iot (with relative wireless SSID).
The issue is that dnmasq-dhcp often offers an IP address in the guest or iot ranges to devices connecting to lan, with the consequence that these devices then don't work, having acquired an IP in wrong VLAN range.
I have taken care of assigning each vlan interface and bridge a different MAC address to avoid any mixup, but it does not help, devices randomly are offered the wrong IP.
The firewall does not allow input from guest and iot vlans to 'device' but there are firewall rules to allow UDP ports 53 (DNS) and 67-68 (DHCP) for each VLAN.
When a device connects to either guest or iot SSID all is good in that they acquire the correct configuration from dnsmasq-dhcp, although I have a limited number of test cases to see whether a device from either guest or iot is DHCPOFFERed an IP in the wrong range.
Here is an excerpt of my /etc/config/dhcp:
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
[...]
config dhcp 'lan'
option interface 'lan'
option leasetime '12h'
option start '128'
option limit '96'
option force '1'
option ra_offlink '1'
option ra_preference 'low'
[...]
config dhcp 'guest'
option interface 'guest'
option leasetime '12h'
[...]
option start '128'
option limit '64'
config dhcp 'iot'
option interface 'iot'
option leasetime '12h'
[...]
option start '128'
option limit '64'
And here are log entries showing that dnsmasq-dhcp is offering the wrong IP range to br-lan connected devices:
zefiro.log:2023-02-02T12:25:46+01:00 zefiro dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.96.133 cc:50:e3:f4:e3:13
zefiro.log:2023-02-02T12:25:54+01:00 zefiro dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.96.133 cc:50:e3:f4:e3:13
zefiro.log:2023-02-02T12:26:12+01:00 zefiro dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.96.186 14:96:e5:6c:90:41
zefiro.log:2023-02-02T12:26:16+01:00 zefiro dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.96.133 cc:50:e3:f4:e3:13
Since I have about 40 devices connecting to lan SSID and network right now, statistically I can see a 5% of cases where the device is DHCPOFFERed an IP in one of the other networks.
Is this an openwrt/dnsmasq bug or is there an issue with my configuration?