How to receive untagged packets on trunk port (x86/64 and Netgear GS308E DHCP)?

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi. I have the following:

  • x86/64 box running OpenWrt 21.02.0 r16279-5cc0535800, with NICs eth0, eth1, eth2, eth3
  • Netgear GS308E "Ethernet Plus Switch", which seems to support 802.1q VLANs

Configuration:

  • Bridge device br-lan on the router bridges eth0.1, eth2, and eth3, with address 192.168.10.1
  • eth0 on the router has other VLANs: eth0.1, eth0.3, eth0.4, eth0.5
  • eth0 is connected to a trunk port on the Netgear switch
  • The Netgear trunk port is configured to tag VLAN IDs 1,3,4,5 on that port, with a native VLAN of 1
  • The router has other bridge devices br-lan[x] for VLAN IDs 3,4,5

Other ports on the Netgear switch are a mix of trunk ports to APs and access ports to devices, and things work as intended.

The one thing that does not work as desired is the Netgear switch's DHCP client seems unable to reach the router to receive an IP address (for the web management UI).

I guess that while the switch can pass VLAN-tagged traffic, its internal DHCP client will emit untagged packets. OK no problem, I'll just add an untagged interface in the same subnet, for just for that. That seems to mostly work, but not completely. The observed behavior:

  • After boot, the Netgear switch receives an IP in the 192.168.10.x subnet (desired behavior).
  • DNS queries for the router hostname returns both IP addresses in the 192.168.10.x subnet (undesired behavior). How can I set up the built-in dnsmasq to only return the first IP address?
  • DHCP lease is set up for 4h. After 2h, the switch tries to renew the IP address (expected behavior); syslog shows a burst of DHCP renew traffic from the switch. After another 90 minutes, there is another burst. Then nothing, and the switch IP address is not reachable anymore (I am guessing it has reverted back to its factory default).
  • Regular traffic continues to work as desired.

I am guessing the DHCP bursts are the switch attempting to renew its lease, and then it just gives up after the second try.

Current "mostly-working" configuration:

/etc/config/network

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'
        list ports 'eth2'
        list ports 'eth3'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'lan4'        
        option proto 'static'
        option device 'eth0'
        option ipaddr '192.168.10.62'
        option netmask '255.255.255.0'

/etc/config/dhcp

config dnsmasq
        ...
        list interface 'br-lan'
        list interface 'br-lan1'
        list interface 'br-lan2'
        list interface 'br-lan3'
        list interface 'lan4'

/etc/config/firewall

config zone                     
        option name 'lan'                      
        option input 'ACCEPT'                                  
        option output 'ACCEPT' 
        option forward 'ACCEPT'     
        list network 'lan'  
        list network 'lan4'

What else can I try to get things working? Thank you!

2

You shouldn't use the same subnet on lan and lan4. It's almost never a good idea.

3

Yes, one of the bad things is getting two IPs returned when querying the router hostname, which leads to other undesired behavior.

Putting lan4 on a different subnet seemed to also "sort of" work, except that the IP returned to the switch via DHCP was also in that "wrong" subnet (I'd like for the switch management to be in the same 192.168.10.x subnet).