I have been reading through the DSA tutorials and trying to understand how to setup my device. I was a long time user of swconfig. I am running OpenWrt 23.05.2. I have identified what I want to achieve but getting it setup properly has been another matter for me.
Here is what I'd like to get done:
Port 1 VLAN 100 LAN + WiFi 192.168.1.0/24
Port 2, 3 VLAN 101 VOIP 192.168.2.0/24
Port 4 VLAN 350 Mgmt 172.30.50.0/24
VLAN 351 Storage 172.30.51.0/24
VLAN 352 VM Network 172.30.100.0/24
I did find the chart/grid listed here to be helpful as example. The question is, what should my chart look like? considerations with vlans
For ports 1, 2 & 3 I can confirm that I am getting the correct DHCP IP address from the router. Port 4 is the one that is giving me issues. I don't get any IP address. I have tried:
lan4
350 u*
351 t
352 t
I also tried:
lan4
350 t*
351 t
352 t
I show that DHCP server is set up for those vlans:
Your DHCP servers pools must not overlap the router’s address on each subnet. Since you use the .1 address for each subnet, make sure that the start value is >=2 (on all DHCP servers).
If you’re connecting a non-VLAN aware device or one that is configured expecting an untagged network, you must have a single VLAN with :u* to configure a vlan as untagged + PVID. This is not the case with your earlier config, but you said you tried it… so…
Let’s see the current complete config:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
Let me try your suggestion and correct the DHCP setup real quick. I'll also set VLAN 350 u*. If I still can't get it to work I'll post the current config as you suggest.
OK, no luck with changing DHCP.
Wireless is working as expected and I'm getting a correct IP range from LAN.
I tested every port & DHCP. The only port giving me issues is #4 with VLAN(s) 350-352
Here is my current config:
root@Tourville:~# ubus call system board
{
"kernel": "5.15.137",
"hostname": "Tourville",
"system": "ARMv7 Processor rev 5 (v7l)",
"model": "Linksys EA8300 (Dallas)",
"board_name": "linksys,ea8300",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.2",
"revision": "r23630-842932a63d",
"target": "ipq40xx/generic",
"description": "OpenWrt 23.05.2 r23630-842932a63d"
}
}
root@Tourville:/etc/config# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fddf:7ed0:7dfd::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
option ipv6 '0'
config device
option name 'lan1'
option macaddr 'xx:xx:xx:xx:xx:e2'
config device
option name 'lan2'
option macaddr 'xx:xx:xx:xx:xx:e2'
config device
option name 'lan3'
option macaddr 'xx:xx:xx:xx:xx:e2'
config device
option name 'lan4'
option macaddr 'xx:xx:xx:xx:xx:e2'
config interface 'lan'
option device 'br-lan.100'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option delegate '0'
config device
option name 'wan'
option macaddr 'xx:xx:xx:xx:xx:e1'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config bridge-vlan
option device 'br-lan'
option vlan '100'
list ports 'lan1:u*'
config bridge-vlan
option device 'br-lan'
option vlan '101'
list ports 'lan2:u*'
list ports 'lan3:u*'
config bridge-vlan
option device 'br-lan'
option vlan '350'
list ports 'lan4:u*'
config bridge-vlan
option device 'br-lan'
option vlan '351'
list ports 'lan4:t'
config bridge-vlan
option device 'br-lan'
option vlan '352'
list ports 'lan4:t'
config interface 'voip'
option proto 'static'
option device 'br-lan.101'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
config interface 'dmz'
option proto 'static'
option device 'br-lan.350'
option ipaddr '172.30.50.1'
option netmask '255.255.255.0'
config interface 'storage'
option proto 'static'
option device 'br-lan.351'
option ipaddr '172.30.51.1'
option netmask '255.255.255.0'
config interface 'vm'
option proto 'static'
option device 'br-lan.352'
option ipaddr '172.30.100.0'
option netmask '255.255.255.0'
root@Tourville:/etc/config# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/40000000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option channel 'auto'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'JTAP'
option encryption 'psk2'
option key 'redacted'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/a000000.wifi'
option channel 'auto'
option band '2g'
option htmode 'HT20'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'JTAP'
option encryption 'none'
config wifi-device 'radio2'
option type 'mac80211'
option path 'platform/soc/a800000.wifi'
option channel '36'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
config wifi-iface 'default_radio2'
option device 'radio2'
option network 'lan'
option mode 'ap'
option ssid 'JTAP'
option encryption 'none'
root@Tourville:/etc/config# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '2'
option limit '250'
option leasetime '24h'
option dhcpv4 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'voip'
option interface 'voip'
option start '2'
option limit '4'
option leasetime '24h'
config dhcp 'dmz'
option interface 'dmz'
option start '2'
option limit '250'
option leasetime '24h'
config dhcp 'storage'
option interface 'storage'
option start '2'
option limit '4'
option leasetime '24h'
config dhcp 'vm'
option interface 'vm'
option start '2'
option limit '250'
option leasetime '24h'
config host
option name 'OBi202'
option ip '192.168.2.2'
option mac 'redacted'
config host
option name 'incrediblepbx'
option ip '192.168.2.3'
option mac 'redacted'
config host
option name 'TS-HTGLAED'
option ip '192.168.1.10'
option mac 'redacted'
config host
option name 'HDHR-106569B4'
option ip '192.168.1.3'
option mac 'redacted'
config host
option name 'NAS'
option ip '192.168.1.5'
option mac 'redacted'
config host
option name 'mythbuntube'
option ip '192.168.1.7'
option mac 'redacted'
config host
option name 'HP-3052'
option ip '192.168.1.4'
option mac 'redacted'
root@Tourville:/etc/config# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'voip'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'dmz'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'dmz'
list network 'storage'
list network 'vm'
