Getting no IP address on LAN via DHCP but only on WLAN (router on a stick)

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello all,

I am a new OpenWrt user and thus member of the forum. I hope that you can help me further...
I have read everything I could find on the forum and on the web as well but could not find the solution.

My issue is that I get an IP address via DHCP on WLAN but not on LAN despite being both on the same vlan (10), neither on the router itself nor on the switch. Thus no internet and no access to the router nor the switch. I can only connect via LAN if I set a fixed IP as 192.168.10.x.
On WLAN everything works...

My goal is to have everything on vlan 10 for my network except Iot and guests.
Note: IoT vlan is not in use currently, it is just to set the base for my future installation.

I have a "router on a stick" configuration :

  • MANAGED SWITCH (Zyxel GS1200-8) downstairs connected to ONT and to LAN
    • fixed IP 192.168.10.2, management interface only from vlan 10
    • LAN 1: vlan 10 untagged, pvid 10
    • LAN 2: vlan 10 tagged. vlan 100 tagged, vlan 20 tagged, vlan 30 tagged, pvid 999 (999 is not used elsewhere. it is just to ensure that only tagged traffic is allowed)
    • LAN 3-6: vlan 10 untagged, pvid 10
    • LAN 7: vlan 20 untagged, pvid 20
    • LAN 8: vlan 100 untagged, pvid 100 (ONT)

image
image890×612 37.5 KB

  • ROUTER (Flint 2) upstairs used also as access point and switch
    • LAN 1 (connected to LAN 2 of the switch):
      • vlan 10 (lan), vlan 20 (Iot), vlan 30 (guest) and vlan 100 (wan)
      • vlan 10, 20 and 30 have DHCP server active
      • I actually even do not need any LAN for guest so vlan 30 could be maybe removed but I was not sure how to define vlan 30 on WLAN...
    • LAN 2-5:
      • vlan 10 (lan)

Here is the detailed configuration of the router:

Network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdb8:3a5f:d285::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'lan5'

config interface 'lan'
        option device 'br-lan.10'
        option proto 'static'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'br-lan.100'
        option proto 'dhcp'
        option vendorid 'neufbox_NB6V-XXXXXXXXXXXXX'

config interface 'wan6'
        option device 'br-lan.100'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'
        option norelease '1'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan1:t'
        list ports 'lan2:u*'
        list ports 'lan3:u*'
        list ports 'lan4:u*'
        list ports 'lan5:u*'

config interface 'iot'
        option proto 'static'
        option device 'br-iot.20'
        option ipaddr '192.168.20.1'
        option netmask '255.255.255.0'

config interface 'guest'
        option proto 'static'
        option device 'br-guest.30'
        option ipaddr '192.168.30.1'
        option netmask '255.255.255.0'

config device
        option type 'bridge'
        option name 'br-guest'
        list ports 'lan1'

config bridge-vlan
        option device 'br-guest'
        option vlan '30'
        list ports 'lan1:t'

config device
        option type 'bridge'
        option name 'br-iot'
        list ports 'lan1'

config bridge-vlan
        option device 'br-iot'
        option vlan '20'
        list ports 'lan1:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '100'
        list ports 'lan1:t'

Firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'DROP'
        option synflood_protect '1'
        option drop_invalid '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'guest'
        option input 'DROP'
        option output 'ACCEPT'
        option forward 'DROP'
        list network 'guest'

config zone
        option name 'iot'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'DROP'
        list network 'iot'

config zone
        option name 'wan'
        option input 'DROP'
        option output 'ACCEPT'
        option forward 'DROP'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config forwarding
        option src 'lan'
        option dest 'iot'

config forwarding
        option src 'guest'
        option dest 'wan'

config rule
        option src 'guest'
        option name 'Guest-DHCP-DNS'
        option dest_port '53 67 68'
        option target 'ACCEPT'

Thanks !

2

Can we also see wireless and dhcp?

  • The switch in your screenshot (if so, how did you access it to take a screenshot)?
  • You configured router to have a VLAN 10 IP of 192.168.10.1, what other IP are you expecting - and for what purpose?
3

Here is the wireless config:

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi'
        option band '2g'
        option channel 'auto'
        option htmode 'HE40'
        option country 'FR'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'JK-Main'
        option encryption 'sae-mixed'
        option ocv '0'
        option wpa_disable_eapol_key_retries '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi+1'
        option band '5g'
        option channel 'auto'
        option htmode 'HE160'
        option country 'FR'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'JK-Main'
        option encryption 'sae-mixed'
        option ocv '0'
        option wpa_disable_eapol_key_retries '1'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'JK-Guest'
        option encryption 'sae-mixed'
        option ocv '0'
        option wpa_disable_eapol_key_retries '1'
        option network 'guest'

config wifi-iface 'wifinet3'
        option device 'radio1'
        option mode 'ap'
        option ssid 'JK-Guest'
        option encryption 'sae-mixed'
        option ocv '0'
        option wpa_disable_eapol_key_retries '1'
        option network 'guest'

config wifi-iface 'wifinet4'
        option device 'radio0'
        option mode 'ap'
        option ssid 'JK-IoT'
        option encryption 'sae-mixed'
        option ocv '0'
        option wpa_disable_eapol_key_retries '1'
        option network 'iot'
        option disabled '1'

Indeed, the screenshot is from the switch. I can access via WLAN.
I set 192.168.10.1 for the router since all my devices are on vlan 10 and I want to be able to access LuCI from any of them.

4

Your bridge configurations are invalid...

Delete this:

and this:

Edit the VLAN 30 stanza to use device br-lan:

config bridge-vlan
        option device 'br-lan'
        option vlan '30'
        list ports 'lan1:t'

And likewise on the VLAN 20 bridge-VLAN:

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'lan1:t'

Now, fix the guest and iot network interfaces to use br-lan.x:

config interface 'iot'
        option proto 'static'
        option device 'br-lan.20'
        option ipaddr '192.168.20.1'
        option netmask '255.255.255.0'

config interface 'guest'
        option proto 'static'
        option device 'br-lan.30'
        option ipaddr '192.168.30.1'
        option netmask '255.255.255.0'

[/quote]

Regarding wifi, don't use sae-mixed as it causes more problems that it solves. Use either WPA2 (psk2) or WPA3 (sae). Obviously this should be changed for all of your APs.

Anyway, after you make the changes to the network config file, restart the router and test again. It should start working as expected, assuming that the DHCP config is correct (you didn't share that yet).

If this doesn't fix the issues, please post the updated network file as well as the DHCP file.

5

Thank you for your help. I modified the configuration as indicated but it still does not work :frowning:
I have just added an unused vlan on lan 1 as I did on the switch and advised on the DSA page of openwrt.org. I tried with and without so does not seem to be the problem.

The only way to access the router or internet is by setting a manual IP4 address on vlan 10.
Even there some websites are not accessible. It seems that I have a DNS issue. I paused Adguard home but no changes.

In the overview in LuCI there are no DHCP leases somehow only DHCPv6...
In my client I indeed only see IPV6 addresses on both LAN and wifi.

Shall I delete the WAN6 since my ISP only provide me an IPV4 address ?

Furthermore the wifi did work yesterday but today somehow not anymore. It seems since the 12h lease expired.

Here the new network config:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdb8:3a5f:d285::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'lan5'

config interface 'lan'
        option device 'br-lan.10'
        option proto 'static'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'br-lan.100'
        option proto 'dhcp'
        option vendorid 'neufbox_NB6V-XXXXXXXXXXXXX'

config interface 'wan6'
        option device 'br-lan.100'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'
        option norelease '1'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan1:t'
        list ports 'lan2:u*'
        list ports 'lan3:u*'
        list ports 'lan4:u*'
        list ports 'lan5:u*'

config interface 'iot'
        option proto 'static'
        option device 'br-lan.20'
        option ipaddr '192.168.20.1'
        option netmask '255.255.255.0'

config interface 'guest'
        option proto 'static'
        option device 'br-lan.30'
        option ipaddr '192.168.30.1'
        option netmask '255.255.255.0'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'lan1:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '30'
        list ports 'lan1:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '100'
        list ports 'lan1:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '999'
        option local '0'
        list ports 'lan1:u*'

And the dhcp config:

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'
        option port '54'
        option noresolv '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list dhcp_option '3,'
        list dhcp_option '6,'
        list dhcp_option '15,lan'
        list dns ''

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'iot'
        option interface 'iot'
        option start '100'
        option limit '150'
        option leasetime '12h'

config dhcp 'guest'
        option interface 'guest'
        option start '100'
        option limit '150'
        option leasetime '12h'
6

This presents an issue (potentially).

This port does not have an untagged network, except for this one which doesn’t go anywhere. Make sure you’re connecting via the other ports or that you are connected to vlan10 via your external ap/switch.

Remove the last 4 lines. These are invalid and will cause the dhcp server to fail.

You may actually need to specify options 3 and 6 due to the fact that you’ve modified your dns with something non-default (doh/dot/Adblock/adguard?).

7

I am connected using LAN 4 so under vlan 10.

I am not sure to understand: do you mean deleting the last 4 lines of the dhcp ‘lan’ config or setting options 3 and 6 ? If the latter, what should I write with regards to Adguard Home ?

8

Either option. If you've got AGH, that may interfere with the default behavior, so you'd both 3 and 6 to 192.168.10.1

Therefore, it should either be:

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

or

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list dhcp_option '3,192.168.10.1'
        list dhcp_option '6,192.168.10.1'
9

I opted for option 2 and it did the trick. Thank you !

One more question though: I have set in the DHCP settings a range of IP addresses from 100 to 150 (offset from the network address) so the range shall be 101 to 151 but some of my clients leases are outside, actually above, this range. Do I misunderstand this setting ?

10

The base network address on a /24 is actually the 0 address, the limit is the size of the pool. So the actual range is 100-249.

11

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile:

12

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.