Impossible to get eth0.4 up automatically

dsf3v5gth · May 24, 2025, 6:23am

Hi,

I want to have three networks:

LAN (where I have the personal devices)
GUESTS
SONOS (where sonos speakers live)

So that LAN and GUESTS can both access SONOS, while they are still ignorant to each other.

Every time I reboot the Archer C6 v2 with OpenWrt 23.05.5, I need to run the following commands to get eth0.4 up and running:

ip link add link eth0 name eth0.4 type vlan id 4
ip link set eth0.4 up

Lastly, I'm adding eth0.4 to the sonos bridge:

brctl addif br-sonos eth0.4

No matter what I try, all the other eth0.x go up, but eth0.4.

This is the /etc/config/network: (not the whole thing, just what I think is relevant, but let me know if you need more)

config interface 'guests'
        option proto 'static'
        option ipaddr '10.1.1.1'
        option netmask '255.255.255.0'
        option device 'br-guests'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '0t'
        option vid '3'
        option description 'GUESTS'

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option ports '0t 5'
        option vid '4'
        option description 'SONOS'

config interface 'sonos'
        option proto 'static'
        option device 'br-sonos'
        option ipaddr '192.168.100.1'
        option netmask '255.255.255.0'
        option type 'bridge'

config device
        option name 'br-guests'
        option type 'bridge'
        list ports 'eth0.3'
        list ports 'phy0-ap1'

config device
        option type 'bridge'
        option name 'br-sonos'
        list ports 'eth0.4'
        list ports 'phy1-ap1'

DHCP is also set up:

config dhcp 'sonos'
        option interface 'sonos'
        option start '2'
        option limit '9'
        option leasetime '12h'

I also have /etc/config/mdns-repeater:

config mdns_repeater 'lan_sonos'
        list interface 'br-lan'
        list interface 'br-sonos'

config mdns_repeater 'guests_sonos'
        list interface 'br-guests'
        list interface 'br-sonos'

Once the system is up, when I run the commands at the top, everything is working flawlessly. eth0.4 has a sonos speaker connected. And as soon as I mdns-repeater br-lan br-sonos, everything works flawlessly, at least from LAN.

I've noticed that when I set both:

mdns-repeater br-lan br-sonos
mdns-repeater br-guests br-sonos

Then only the first one works, but that's another stoy.

I am sure the speaker is connected to eth0.4 because as soon as I make that link available, the speaker becomes available in the network.

Why is eth0.4 not going up automatically? This drives me nuts.

Thank you so much in advance!

psherman · May 24, 2025, 6:32am

Remove the bridge line:

dsf3v5gth:

config interface 'sonos'
        option proto 'static'
        option device 'br-sonos'
        option ipaddr '192.168.100.1'
        option netmask '255.255.255.0'
        option type 'bridge'

Remove the radios (phy*), they don’t belong in the network file:

dsf3v5gth:

config device
        option name 'br-guests'
        option type 'bridge'
        list ports 'eth0.3'
        list ports 'phy0-ap1'

config device
        option type 'bridge'
        option name 'br-sonos'
        list ports 'eth0.4'
        list ports 'phy1-ap1'

Reboot and test again. If it doesn’t work, please show the complete config:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

dsf3v5gth · May 24, 2025, 6:41am

That works! It brings eth0.4 up! But now the devices connected wirelessly to the sonos network aren't getting an IP address. I'd like to bridge those, which is phy1-ap1.

config wifi-iface 'wifinet3'
        option device 'radio1'
        option mode 'ap'
        option ssid 'Sonos'
        option encryption 'psk2'
        option key 'secret'
        option network 'sonos'
        option hidden '1'

psherman · May 24, 2025, 6:45am

I would recommend not using a hidden ssid. But let’s see the complete config.

dsf3v5gth · May 24, 2025, 6:53am

The hidden SSID is for when the network is setup. Whenever I need to add more speakers I'll reveal it. I'd like to try with hidden SSID and see if there are any issues. It's experimental for now.

cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'mac/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.8.8'
	option netmask '255.255.255.0'
	option ip6assign '60'
	list dns '192.168.8.11'
	list dns '1.1.1.2'
	list dns '1.0.0.2'

config interface 'wan'
	option device 'eth0.2'
	option proto 'static'
	option ipaddr '192.168.2.10'
	option gateway '192.168.2.1'
	option netmask '255.255.255.0'
	list dns '192.168.8.11'
	list dns '1.1.1.2'
	list dns '1.0.0.2'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 2 3 4'
	option vid '1'
	option description 'LAN'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 1'
	option vid '2'
	option description 'WAN'

config interface 'guests'
	option proto 'static'
	option ipaddr '10.1.1.1'
	option netmask '255.255.255.0'
	option device 'br-guests'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '0t'
	option vid '3'
	option description 'GUESTS'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option ports '0t 5'
	option vid '4'
	option description 'SONOS'

config interface 'sonos'
	option proto 'static'
	option device 'br-sonos'
	option ipaddr '192.168.100.1'
	option netmask '255.255.255.0'

config device
	option name 'br-guests'
	option type 'bridge'
	list ports 'eth0.3'

config device
	option type 'bridge'
	option name 'br-sonos'
	list ports 'eth0.4'

cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'Main'
	option encryption 'psk2'
	option key 'secret'
	option ieee80211r '1'
	option mobility_domain 'dead'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'
	option channel 'auto'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'IoT'
	option encryption 'psk2'
	option key 'secret'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'Guests'
	option encryption 'psk2'
	option key 'secret'
	option network 'guests'
	option ieee80211r '1'
	option mobility_domain 'beef'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'

config wifi-iface 'wifinet3'
	option device 'radio1'
	option mode 'ap'
	option ssid 'Sonos'
	option encryption 'psk2'
	option key 'secret'
	option network 'sonos'
	option hidden '1'

cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '10'
	option limit '45'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	option start '100'
	option limit '150'
	option leasetime '12h'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'guests'
	option interface 'guests'
	option start '100'
	option limit '16'
	option leasetime '12h'

config host
	option name 'secret'
	list mac 'secret'
	option ip '192.168.8.11'

config host
	option name 'secret'
	list mac 'secret'
	option ip '192.168.8.17'

config host
	option name 'secret'
	list mac 'secret'
	option ip '192.168.8.53'

config host
	option name 'secret'
	list mac 'secret'
	option ip '192.168.8.52'

config host
	option name 'secret'
	list mac 'secret'
	option ip '192.168.8.41'

config host
	option name 'secret'
	list mac 'secret'
	option ip '192.168.8.40'

config dhcp 'sonos'
	option interface 'sonos'
	option start '2'
	option limit '9'
	option leasetime '12h'

config domain
	option name 'secret'
	option ip '192.168.8.42'

cat /etc/config/firewall

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'guests'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'guests'

config forwarding
	option src 'guests'
	option dest 'wan'

config rule
	option name 'Allow-guests-DHCP-DNS'
	option src 'guests'
	option dest_port '53 67 68'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Wireguard'
	list proto 'udp'
	option src 'wan'
	option src_dport '51820'
	option dest_ip '192.168.8.11'
	option dest_port '51820'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Forward to 8443'
	option src 'wan'
	option src_dport '8443'
	option dest_ip '192.168.8.11'
	option dest_port '8443'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Force redirect DNS to Pi-hole'
	option src 'lan'
	option src_ip '!192.168.8.11'
	option src_dport '53'
	option dest_ip '192.168.8.11'
	option dest_port '53'

config nat
	option name 'Mask Pi-hole forwarded requests'
	list proto 'tcp'
	list proto 'udp'
	option src 'lan'
	option dest_ip '192.168.8.11'
	option dest_port '53'
	option target 'MASQUERADE'

config rule
	option name 'Allow-sonos-DHCP-DNS'
	option src 'sonos'
	option target 'ACCEPT'
	option dest_port '53 67 68'

config rule
	option name 'Allow-lan-sonos-Spotify/Airplay'
	option src 'lan'
	option dest 'sonos'
	option target 'ACCEPT'
	list proto 'tcp'
	list proto 'udp'

config zone
	option name 'sonos'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'sonos'

config forwarding
	option src 'guests'
	option dest 'sonos'

config forwarding
	option src 'lan'
	option dest 'sonos'

config forwarding
	option src 'sonos'
	option dest 'wan'

config forwarding
	option src 'sonos'
	option dest 'guests'

config forwarding
	option src 'sonos'
	option dest 'lan'

config rule
	option name 'Allow-sonos-lan-Spotify/Airplay'
	option src 'sonos'
	option dest 'lan'
	option target 'ACCEPT'
	list proto 'tcp'
	list proto 'udp'

config rule
	option name 'Allow-guests-sonos-Spotify/Airplay'
	option src 'guests'
	option dest 'sonos'
	option target 'ACCEPT'
	list proto 'tcp'
	list proto 'udp'

config rule
	option name 'Allow-sonos-guests-Spotify/Airplay'
	option src 'sonos'
	option dest 'guests'
	option target 'ACCEPT'
	list proto 'tcp'
	list proto 'udp'

config rule
	option name 'Forbid-guests-router'
	option src 'guests'
	list dest_ip '10.1.1.1'
	option target 'REJECT'

I believe this is all the info you requested. Thank you so much!

psherman · May 24, 2025, 6:58am

The problem might be as simple as an exhausted dhcp pool. Try increasing the limit. There is no reason to have such a small pool when you have a full /24 network at your disposal.

dsf3v5gth · May 24, 2025, 7:03am

There are only 3 devices connected to that network, 1 on eth0.4 and 2 on phy1-ap1. I think it just took a little while to get IP addresses because without changing anything, those speakers got IP addresses, and I can ping all those from my LAN. So I think it's all good in that regard.

In case I continue having issues with DHCP, I'll try increasing the pool as you recommended.

EDIT: and I have just thought that maybe the hidden SSID made the speakers take a tad longer to get an IP address.

Thank you so much!

dsf3v5gth · May 24, 2025, 7:06am

@psherman excuse my ignorance, but now, is it possible that I do not even need those bridged devices? Because the wireless networks are setup to use each the guests and sonos zone respectively, and the switch is tagged to use port 4 for the sonos zone.

Can I get rid of those? I prefer a cleaner setup.

psherman · May 24, 2025, 7:11am

You do need the bridges, but the WiFi radios do not get added to the bridges directly. Instead, they are attached to the bridge by means of the network association in the ssid stanzas in the wireless file.

dsf3v5gth · May 24, 2025, 7:14am

Ok I think I get it. Thank you so much again for your help. Have a great day!

system · June 3, 2025, 7:15am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.