I have a PC main router running Arch and some Ubiquity Unify 6 Lite APs running OpenWRT.
The APs each have three SSIDs, each bound to a network (lan: 192.168.22.0, guest: 192.168.44.0 and iot: 192.168.66.0).
I want the APs to bridge to the respective networks, each on it's own VLAN. The VLAN-IDs match the third byte of the IPv4 address (vlan <nn>: 192.168.<nn>.0).
There also is a second network segment, using lan2 (vlan 178): 192.168.178.0 and guest2 (vlan 179): 192.168.179.0, configured just like the first segment.
The first segment is using a switch (D-Link DGS-1210-20) into eth1 of the main router.
It's ports are configured like this:
| Port # | Usage | Network memberships |
|---|---|---|
| 1 | Uplink | Tagged VLAN 22, 44, 66 |
| 2-20 | LAN | Tagged VLAN 22, 44, 66 |
The second segment is using a switch (Netgear GS105Ev2) into eth2 of the main router.
It's ports are configured like this:
| Port # | Usage | Network memberships |
|---|---|---|
| 1 | Uplink | Tagged VLAN 178, 179 |
| 2 | LAN | Untagged VLAN 178 |
| 3 | LAN | Untagged VLAN 178 |
| 4 | LAN | Untagged VLAN 178 |
| 5 | AP | Tagged VLAN 178, 179 |
The main router is where all decisions about which network can reach which other network are to be made.
Everything is working as expected.
Except for the Guest WIFI and IOT WIFI on the first segment.
I do not get DHCP there.
All my debugging attempts are in vain.
I can see DHCP requests going to the router, yet there is nothing coming back to the client.
When I connect via cable to a untagged port in VLAN 44, everything works.
I followed the WIKI "Assigning VLAN IDs using DSA on devices with one physical port" regarding the VLAN configuration.
firewall, dnsmasq and odhcpd are disabled.
AP System
ubus call system board:
{
"kernel": "5.15.150",
"hostname": "ap-eg",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "Ubiquiti UniFi 6 Lite",
"board_name": "ubnt,unifi-6-lite",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.3",
"revision": "r23809-234f1a2efa",
"target": "ramips/mt7621",
"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
}
}
brctl show:
bridge name bridge id STP enabled interfaces
br-lan 7fff.7845584df3b4 no lan
phy0-ap0
phy1-ap0
br-guest 7fff.7845584df3b4 no lan.44
phy0-ap2
phy1-ap2
br-iot 7fff.7845584df3b4 no phy0-ap1
lan.66
phy1-ap1
AP configuration
/etc/config/dhcp:
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option ignore '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
/etc/config/dropbear:
config dropbear
option PasswordAuth 'on'
option RootPasswordAuth 'on'
option Port '22'
/etc/config/firewall:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'iot'
option input 'ACCEPT'
option output 'ACCEPT'
list network 'iot'
option forward 'ACCEPT'
config zone
option name 'guest'
option input 'ACCEPT'
option output 'ACCEPT'
list network 'guest'
option forward 'ACCEPT'
config include
option path '/etc/firewall.user'
/etc/config/luci:
config core 'main'
option lang 'auto'
option mediaurlbase '/luci-static/bootstrap'
option resourcebase '/luci-static/resources'
option ubuspath '/ubus/'
config extern 'flash_keep'
option uci '/etc/config/'
option dropbear '/etc/dropbear/'
option openvpn '/etc/openvpn/'
option passwd '/etc/passwd'
option opkg '/etc/opkg.conf'
option firewall '/etc/firewall.user'
option uploads '/lib/uci/upload/'
config internal 'languages'
config internal 'sauth'
option sessionpath '/tmp/luci-sessions'
option sessiontime '3600'
config internal 'ccache'
option enable '1'
config internal 'themes'
option Bootstrap '/luci-static/bootstrap'
option BootstrapDark '/luci-static/bootstrap-dark'
option BootstrapLight '/luci-static/bootstrap-light'
config internal 'apply'
option rollback '90'
option holdoff '4'
option timeout '5'
option display '1.5'
config internal 'diag'
option dns 'openwrt.org'
option ping 'openwrt.org'
option route 'openwrt.org'
/etc/config/network:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan'
config interface 'lan'
option device 'br-lan'
option ipv6 0
option proto 'dhcp'
config device
option name 'br-iot'
option type 'bridge'
list ports 'lan.66'
config interface 'iot'
option device 'br-iot'
option ipv6 0
option proto 'none'
config device
option name 'br-guest'
option type 'bridge'
list ports 'lan.44'
config interface 'guest'
option device 'br-guest'
option ipv6 0
option proto 'none'
/etc/config/rpcd:
config rpcd
option socket /var/run/ubus/ubus.sock
option timeout 30
config login
option username 'root'
option password '$p$root'
list read '*'
list write '*'
/etc/config/system:
config system
option hostname 'ap-eg'
option description 'AP EG'
option zonename 'Europe/Berlin'
option timezone 'CET-1CEST,M3.5.0,M10.5.0/3'
option ttylogin '0'
option log_size '64'
option urandom_seed '0'
option compat_version '1.1'
option log_proto 'udp'
option conloglevel '8'
option cronloglevel '5'
config timeserver 'ntp'
option enabled '1'
option enable_server '0'
list server '0.openwrt.pool.ntp.org'
list server '1.openwrt.pool.ntp.org'
list server '2.openwrt.pool.ntp.org'
list server '3.openwrt.pool.ntp.org'
/etc/config/ucitrack:
config network
option init network
list affects dhcp
config wireless
list affects network
config firewall
option init firewall
list affects luci-splash
list affects qos
list affects miniupnpd
config olsr
option init olsrd
config dhcp
option init dnsmasq
list affects odhcpd
config odhcpd
option init odhcpd
config dropbear
option init dropbear
config httpd
option init httpd
config fstab
option exec '/sbin/block mount'
config qos
option init qos
config system
option init led
option exec '/etc/init.d/log reload'
list affects luci_statistics
list affects dhcp
config luci_splash
option init luci_splash
config upnpd
option init miniupnpd
config ntpclient
option init ntpclient
config samba
option init samba
config tinyproxy
option init tinyproxy
/etc/config/uhttpd:
config uhttpd 'main'
list listen_http '0.0.0.0:80'
list listen_http '[::]:80'
list listen_https '0.0.0.0:443'
list listen_https '[::]:443'
option redirect_https '0'
option home '/www'
option rfc1918_filter '1'
option max_requests '3'
option max_connections '100'
option cert '/etc/uhttpd.crt'
option key '<redacted>'
option cgi_prefix '/cgi-bin'
list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
option script_timeout '60'
option network_timeout '30'
option http_keepalive '20'
option tcp_keepalive '1'
option ubus_prefix '/ubus'
config cert 'defaults'
option days '730'
option key '<redacted>'
option bits '2048'
option ec_curve 'P-256'
option country 'ZZ'
option state 'Somewhere'
option location 'Unknown'
option commonname 'OpenWrt'
/etc/config/wireless:
config wifi-device 'radio0'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option channel 'auto'
option band '2g'
option htmode 'HT20'
option cell_density '0'
option country 'DE'
config wifi-device 'radio1'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
option channel 'auto'
option band '5g'
option htmode 'HT40'
option cell_density '0'
option country 'DE'
config wifi-iface 'wifinet0'
option network 'lan'
option ssid '<redacted>'
option key '<redacted>'
option device 'radio0'
option mode 'ap'
option encryption 'sae-mixed'
option wpa_disable_eapol_key_retries '1'
config wifi-iface 'wifinet1'
option network 'lan'
option ssid '<redacted>'
option key '<redacted>'
option device 'radio1'
option mode 'ap'
option encryption 'sae-mixed'
option wpa_disable_eapol_key_retries '1'
config wifi-iface 'wifinet2'
option network 'iot'
option ssid '<redacted>'
option key '<redacted>'
option device 'radio0'
option mode 'ap'
option encryption 'sae-mixed'
option wpa_disable_eapol_key_retries '1'
config wifi-iface 'wifinet3'
option network 'iot'
option ssid '<redacted>'
option key '<redacted>'
option device 'radio1'
option mode 'ap'
option encryption 'sae-mixed'
option wpa_disable_eapol_key_retries '1'
config wifi-iface 'wifinet4'
option network 'guest'
option ssid '<redacted>'
option key '<redacted>'
option device 'radio0'
option mode 'ap'
option encryption 'sae-mixed'
option wpa_disable_eapol_key_retries '1'
config wifi-iface 'wifinet5'
option network 'guest'
option ssid '<redacted>'
option key '<redacted>'
option device 'radio1'
option mode 'ap'
option encryption 'sae-mixed'
option wpa_disable_eapol_key_retries '1'
