Have you made the firewall rules for port 68 source to port 67 dest for guest network if not thats why your not getting DHCP request.
Hello! But how to make something like this How can I change my router's lan port to wan port? - #4 by lleachii with new syntax with DSA? I'm a newbie in DSA and can't understand how it need to be with new syntax.
On old syntax I has
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '6t 0 1 2'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '6t 4'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '3'
option ports '6t 3'
config interface 'wanb'
option ifname 'eth0.3'
option _orig_ifname 'eth0.3'
option _orig_bridge 'false'
but with new syntax I don't know how to make this thing.
The best way would be to start over with a default configuration, then it is easy to find and replace the reference to the device named 'wan' with 'lanN' where N is the number of the lan Ethernet port you want to use. Also of course remove lanN from the lan bridge when using it for wan.
2 Likes
I made as you propose — and it works. And mwan3 with this config works too!
Thanks!
But, for future, I would like to have information on how to do the same with vlan too.
I have almost the same configuration as shown in your example with the addition of lanX port to each bridge. I'm using Xiaomi Mi Router 4 with 2 LAN ports and a WAN port that is used as a VLAN trunk.
# brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.40313cfd3c9c no lan2
wan.5
wlan1
br-mgmt 7fff.40313cfd3c9c no lan1
wan.10
I can access the box from the network (i.e. from the trunk port over vlan 10), my wifi client connected to wlan1 can access the rest of the network (through vlan 5), but there is no bridging between lan2 and wan.5 - local PC connected to lan2 cannot even get an address from the central DHCP server. Any idea why?
tcpdump shows no ougoing DHCP requests on wan.5
That config looks like it should work, but it doesn't actually set up the hardware switch properly.
For this situation you have to use bridge-vlans. Put all the ports lan1 lan2 and wan in the same bridge, then vlan it.
1 Like
Is it a bug in the current DSA implementation that should be fixed?
Is there an option to manually configure a switch in a proper way?
Wondering if my DSA config is correct regarding the usage of tagged vlan on my WAN:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fded:487e:c9b0::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
list ports 'eth4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6ifaceid '::1'
option ipaddr '192.168.30.1'
option ip6assign '64'
config interface 'wan'
option proto 'pppoe'
option username '<user>'
option password '<pass>'
option device 'eth0.32'
option peerdns '0'
list dns '192.168.30.3'
option ipv6 '1'
config device
option type '8021q'
option ifname 'eth0'
option vid '32'
option name 'eth0.32'
config interface 'wan6'
option proto 'dhcpv6'
option ip6ifaceid '::1'
option device '@wan'
option reqprefix 'auto'
option reqaddress 'try'
option sourcefilter '0'
config device
option name 'eth0'
config device
option name 'pppoe-wan'
Wondering because IPv4 is working, but the IPv6 is not working.
I've never used an alias for wan - try
option device 'eth0.32'
What device do you have? Are you sure the DSA physical switch ports are named eth0, eth1, eth2, eth3, eth4 in your device? I thought they are named wan, lan1, lan2, lan3, lan4 usually (that's how they are named in R7800 DSA build the last time I tried).
Did IPv6 work for you before you migrated to DSA? Check if "pppoe-wan" interface has IPv6 Link-Local Address (ipv6 address starts as "fe.....") using "ip addr show" command. If there's NO link-local address assigned to "pppoe-wan" interface (which is assigned created if ISP supports IPv6 over PPPoE), then the "config interface wan6" section will NOT work.
Unfortunately my ISP doesn't yet support IPv6, so all that I said above is just theoretical knowledge. I am not sure if it will work or not.
According to the docu it is needed with an PPPOE connection.. (Though tested it and did not work).
It is an EdgeRouter X. I upgraded the hardware, got a notice that a normal upgrade was not possible. So had to startover from scratch. I moved from a Draytek 2925 Firewall back to this EdgeRouter with OpenWRT because of the better (and easier) firewall setup. The Draytek has out of the box Dual Stack connectivity (so IPv4 and IPv6) based on DHCPv6.
ip addr show
root@Router:~# ip a sh
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dsa: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc fq_codel state UP qlen 1000
link/ether 80:2a:a8:9e:b8:7e brd ff:ff:ff:ff:ff:ff
inet6 fe80::822a:a8ff:fe9e:b87e/64 scope link
valid_lft forever preferred_lft forever
3: eth0@dsa: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 80:2a:a8:9e:b8:7e brd ff:ff:ff:ff:ff:ff
inet6 fe80::822a:a8ff:fe9e:b87e/64 scope link
valid_lft forever preferred_lft forever
4: eth1@dsa: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
link/ether 80:2a:a8:9e:b8:7f brd ff:ff:ff:ff:ff:ff
5: eth2@dsa: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
link/ether 80:2a:a8:9e:b8:80 brd ff:ff:ff:ff:ff:ff
6: eth3@dsa: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
link/ether 80:2a:a8:9e:b8:81 brd ff:ff:ff:ff:ff:ff
7: eth4@dsa: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
link/ether 80:2a:a8:9e:b8:82 brd ff:ff:ff:ff:ff:ff
19: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 80:2a:a8:9e:b8:7f brd ff:ff:ff:ff:ff:ff
inet 192.168.30.1/24 brd 192.168.30.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 fded:487e:c9b0::1/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::822a:a8ff:fe9e:b87f/64 scope link
valid_lft forever preferred_lft forever
20: eth0.32@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 80:2a:a8:9e:b8:7e brd ff:ff:ff:ff:ff:ff
inet6 fe80::822a:a8ff:fe9e:b87e/64 scope link
valid_lft forever preferred_lft forever
22: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN qlen 3
link/ppp
inet <ipv4> peer <ipv4peer>/32 scope global pppoe-wan
valid_lft forever preferred_lft forever
inet6 fe80::5d11:797b:f1b6:253c/128 scope link
valid_lft forever preferred_lft forever
Here is a snippet from the Draytek Syslog:
[DHCPv6s] Send reply to FE80::8F71:171:AEB9:E4CE on LAN1
[DHCPv6] Requested option: opt_83
[DHCPv6] Requested option: opt_82
[DHCPv6] Requested option: client FQDN
[DHCPv6] Requested option: information refresh time
[DHCPv6] Requested option: domain search list
[DHCPv6] Requested option: DNS
[DHCPv6] Elapsed time: 0
[DHCPv6] Client DUID: 00:01:00:01:26:d1:11:53:b8:27:eb:cf:42:9f
[DHCPv6s] Received information request from FE80::8F71:171:AEB9:E4CE on LAN1
[IPv6] IPv6 WAN1 UP!!!
[IPv6] IPv6 WAN1 up (RA)!
[IPv6] WAN1, Type(PPP), Rx EVENT = EVT_RA_ACTIVE
WAN1 PPPoE ==> Protocol:LCP(c021) EchoRep Identifier:0x02 Magic Number: 0x0 00 00 00 00 00 00 ##
WAN1 PPPoE <== Protocol:LCP(c021) EchoReq Identifier:0x02 Magic Number: 0x7382 36 05 00 00 00 00 ##
[IPv6] Get prefix <ipv6>::/56 from WAN1
[IPv6](RA)Generate WAN0 IP=<ipv6> (from PPP IPv6CP)
[IPv6] IPv6 event timeout (DHCPv6, 15 sec)!
[IPv6] WAN1, Type(PPP), Rx EVENT = EVT_TIME_OUT
[DHCPv6c] Send solicit to FF02::1:2 on WAN1
WAN1 PPPoE ==> Protocol:LCP(c021) EchoRep Identifier:0x01 Magic Number: 0x0 00 00 00 00 00 00 ##
WAN1 PPPoE <== Protocol:LCP(c021) EchoReq Identifier:0x01 Magic Number: 0x7382 36 05 00 00 00 00 ##
[DHCPv6c] Send solicit to FF02::1:2 on WAN1
[DHCPv6c] Send solicit to FF02::1:2 on WAN1
[DHCPv6c] Send solicit to FF02::1:2 on WAN1
WAN 1 is up.
IPCP Opening (PPPoE); Own IP Address : <ipv4> Peer IP Address : <ipv4>; Primary DNS : 1.1.1.1 Secondary DNS : 8.8.8.8
[IPv6] WAN1, Type(PPP), Rx EVENT = EVT_PFX_DELEGATE_ACTIVE
[IPv6] WAN1 IPv6 PPP Open
So it is not OpenWrt ?
Why not asking to Draytek support ?
I am thinking either your firewall is blocking DHCPv6 and ICMPv6, or MTU problem. Turn on "TCP MSS Clamping" in Firewall settings for "wan" zone and check if that fixes your problem.
No, Draytek works but OpenWRT does not work. So I know I've got a working connection from my ISP.
1 Like
Okay, had the same idea but wanted to be sure if my DSA config was correct. Also checked my TCP MSS Clamping and it was allready on, just turned it off as an test.
Sadly this was not a fix, my internet connection didn't even work...
Also, I've changed the INPUT reject to accept. Just to see if it was a firewall issue, but that didn't work either.
I read in another topic that disabling IPv6 on the WAN interface and spawn the odchp6c client separate with -v:
odhcp6c -s /lib/netifd/dhcpv6.script -Ntry -P0 -t120 pppoe-wan -v
It should show any issues. But it seems I only get the notice:
Command failed: Not found
I am at a lose
Thanks for all who posted some wireless examples to go along with guest configs, haven't found those elsewhere.
Does anyone have the syntax for making the new DSA configs (specifically creating new device configs/bridges for vlans' etc via UCI command line, aka set uci ... ?
I do all my router config via UCI CLI statements in shell scripts, I'd like to get a head start on the script conversions before I upgrade.
I have Check Point L-50 with dsa @ eth1 and phy @ eth0. I try make bridges on current snapshot:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd00::/8'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
list ports 'lan6'
# list ports 'lan7'
# list ports 'lan8'
config device
option name 'br-wan'
option type 'bridge'
list ports 'lan7'
list ports 'lan8'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'br-wan'
option proto 'dhcp'
bridge name bridge id STP enabled interfaces
br-wan 7fff.001c7f24a06b no eth0
br-lan 7fff.001c7f24a06c no lan6
lan4
lan2
lan5
lan3
lan1
root@OpenWrt:/# bridge link
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-wan state forwarding priority 32 cost 100
4: lan5@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br-lan state disabled priority 32 cost 100
5: lan1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-lan state forwarding priority 32 cost 4
6: lan6@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br-lan state disabled priority 32 cost 100
7: lan2@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br-lan state disabled priority 32 cost 100
9: lan3@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-lan state forwarding priority 32 cost 4
11: lan4@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-lan state forwarding priority 32 cost 4
Log:
root@OpenWrt:/# service network reload
[ 179.014089] device lan7 left promiscuous mode
[ 179.018618] br-lan: port 7(lan7) entered disabled state
[ 179.126369] device lan8 left promiscuous mode
[ 179.130875] br-lan: port 8(lan8) entered disabled state
[ 179.955013] br-wan: port 1(eth0) entered blocking state
[ 179.960281] br-wan: port 1(eth0) entered disabled state
[ 179.965789] device eth0 entered promiscuous mode
[ 179.974381] mv88e6085 f1072004.mdio-bus-mii:10 lan7: configuring for phy/gmii link mode
[ 179.998993] 8021q: adding VLAN 0 to HW filter on device lan7
[ 180.008907] br-wan: port 2(lan7) entered blocking state
[ 180.014197] br-wan: port 2(lan7) entered disabled state
[ 180.042502] device lan7 entered promiscuous mode
[ 180.060949] mv88e6085 f1072004.mdio-bus-mii:10: p4: hw VLAN 1 already used by port 0 in br-lan
[ 180.069655] mv88e6085 f1072004.mdio-bus-mii:10 lan7: failed to initialize vlan filtering on this port
[ 180.141717] br-wan: port 2(lan7) entered blocking state
[ 180.146994] br-wan: port 2(lan7) entered disabled state
[ 180.165374] mv88e6085 f1072004.mdio-bus-mii:10: p4: hw VLAN 1 already used by port 0 in br-lan
[ 180.174055] mv88e6085 f1072004.mdio-bus-mii:10 lan7: failed to initialize vlan filtering on this port
[ 180.243146] br-wan: port 2(lan7) entered blocking state
[ 180.248419] br-wan: port 2(lan7) entered disabled state
[ 180.265810] mv88e6085 f1072004.mdio-bus-mii:10: p4: hw VLAN 1 already used by port 0 in br-lan
[ 180.274494] mv88e6085 f1072004.mdio-bus-mii:10 lan7: failed to initialize vlan filtering on this port
[ 180.344668] br-wan: port 2(lan7) entered blocking state
[ 180.349917] br-wan: port 2(lan7) entered disabled state
[ 180.366244] mv88e6085 f1072004.mdio-bus-mii:10: p4: hw VLAN 1 already used by port 0 in br-lan
[ 180.374933] mv88e6085 f1072004.mdio-bus-mii:10 lan7: failed to initialize vlan filtering on this port
[ 180.460069] mv88e6085 f1072004.mdio-bus-mii:11 lan8: configuring for phy/gmii link mode
[ 180.473421] 8021q: adding VLAN 0 to HW filter on device lan8
[ 180.479872] br-wan: port 2(lan8) entered blocking state
[ 180.485147] br-wan: port 2(lan8) entered disabled state
[ 180.508173] device lan8 entered promiscuous mode
[ 180.520510] mv88e6085 f1072004.mdio-bus-mii:11: p1: hw VLAN 1 already used by port 0 in br-lan
[ 180.529201] mv88e6085 f1072004.mdio-bus-mii:11 lan8: failed to initialize vlan filtering on this port
[ 180.608106] br-wan: port 2(lan8) entered blocking state
[ 180.613363] br-wan: port 2(lan8) entered disabled state
[ 180.631717] mv88e6085 f1072004.mdio-bus-mii:11: p1: hw VLAN 1 already used by port 0 in br-lan
[ 180.640405] mv88e6085 f1072004.mdio-bus-mii:11 lan8: failed to initialize vlan filtering on this port
[ 180.712399] br-wan: port 2(lan8) entered blocking state
[ 180.717667] br-wan: port 2(lan8) entered disabled state
[ 180.736104] mv88e6085 f1072004.mdio-bus-mii:11: p1: hw VLAN 1 already used by port 0 in br-lan
[ 180.744787] mv88e6085 f1072004.mdio-bus-mii:11 lan8: failed to initialize vlan filtering on this port
[ 180.813921] br-wan: port 2(lan8) entered blocking state
[ 180.819175] br-wan: port 2(lan8) entered disabled state
[ 180.835497] mv88e6085 f1072004.mdio-bus-mii:11: p1: hw VLAN 1 already used by port 0 in br-lan
[ 180.844185] mv88e6085 f1072004.mdio-bus-mii:11 lan8: failed to initialize vlan filtering on this port
'radio0' is disabled
'radio0' is disabled
root@OpenWrt:/# [ 181.031102] mv88e6085 f1072004.mdio-bus-mii:10 lan7: configuring for phy/gmii link mode
[ 181.044804] 8021q: adding VLAN 0 to HW filter on device lan7
[ 181.050942] br-wan: port 2(lan7) entered blocking state
[ 181.056229] br-wan: port 2(lan7) entered disabled state
[ 181.085105] mv88e6085 f1072004.mdio-bus-mii:10: p4: hw VLAN 1 already used by port 0 in br-lan
[ 181.093794] mv88e6085 f1072004.mdio-bus-mii:10 lan7: failed to initialize vlan filtering on this port
[ 181.174909] br-wan: port 2(lan7) entered blocking state
[ 181.180165] br-wan: port 2(lan7) entered disabled state
[ 181.198614] mv88e6085 f1072004.mdio-bus-mii:10: p4: hw VLAN 1 already used by port 0 in br-lan
[ 181.207298] mv88e6085 f1072004.mdio-bus-mii:10 lan7: failed to initialize vlan filtering on this port
[ 181.276430] br-wan: port 2(lan7) entered blocking state
[ 181.281683] br-wan: port 2(lan7) entered disabled state
[ 181.299048] mv88e6085 f1072004.mdio-bus-mii:10: p4: hw VLAN 1 already used by port 0 in br-lan
[ 181.307739] mv88e6085 f1072004.mdio-bus-mii:10 lan7: failed to initialize vlan filtering on this port
[ 181.377865] br-wan: port 2(lan7) entered blocking state
[ 181.383114] br-wan: port 2(lan7) entered disabled state
[ 181.399397] mv88e6085 f1072004.mdio-bus-mii:10: p4: hw VLAN 1 already used by port 0 in br-lan
[ 181.408082] mv88e6085 f1072004.mdio-bus-mii:10 lan7: failed to initialize vlan filtering on this port
[ 181.488654] mv88e6085 f1072004.mdio-bus-mii:11 lan8: configuring for phy/gmii link mode
[ 181.501959] 8021q: adding VLAN 0 to HW filter on device lan8
[ 181.508362] br-wan: port 2(lan8) entered blocking state
[ 181.513625] br-wan: port 2(lan8) entered disabled state
[ 181.544004] mv88e6085 f1072004.mdio-bus-mii:11: p1: hw VLAN 1 already used by port 0 in br-lan
[ 181.552677] mv88e6085 f1072004.mdio-bus-mii:11 lan8: failed to initialize vlan filtering on this port
[ 181.632551] br-wan: port 2(lan8) entered blocking state
[ 181.637823] br-wan: port 2(lan8) entered disabled state
[ 181.656255] mv88e6085 f1072004.mdio-bus-mii:11: p1: hw VLAN 1 already used by port 0 in br-lan
[ 181.664938] mv88e6085 f1072004.mdio-bus-mii:11 lan8: failed to initialize vlan filtering on this port
[ 181.736806] br-wan: port 2(lan8) entered blocking state
[ 181.742055] br-wan: port 2(lan8) entered disabled state
[ 181.759425] mv88e6085 f1072004.mdio-bus-mii:11: p1: hw VLAN 1 already used by port 0 in br-lan
[ 181.768112] mv88e6085 f1072004.mdio-bus-mii:11 lan8: failed to initialize vlan filtering on this port
[ 181.838327] br-wan: port 2(lan8) entered blocking state
[ 181.843582] br-wan: port 2(lan8) entered disabled state
[ 181.859947] mv88e6085 f1072004.mdio-bus-mii:11: p1: hw VLAN 1 already used by port 0 in br-lan
[ 181.868636] mv88e6085 f1072004.mdio-bus-mii:11 lan8: failed to initialize vlan filtering on this port
[ 182.629332] mv643xx_eth_port mv643xx_eth_port.0 eth0: link up, 1000 Mb/s, full duplex, flow control enabled
[ 182.639173] br-wan: port 1(eth0) entered blocking state
[ 182.644449] br-wan: port 1(eth0) entered forwarding state
[ 182.651219] IPv6: ADDRCONF(NETDEV_CHANGE): br-wan: link becomes ready
How can I make it working?
Just wanted to clarify whether the following could work (router is in a remote location where my family won't have Internet if it doesn't work and I'll return only in a few days):
Goal is to create VLAN 100 on wan port to forward it internally.
Current config:
config device
option name 'wan'
option macaddr '<MAC>
config interface 'wan'
option device 'wan'
option proto 'dhcp'
From what I've read the following should work, right?
config device
option name 'wan'
option macaddr '<MAC>
config bridge-vlan
option device 'br-wan'
option vlan '100'
list ports 'wan:u'
config interface 'wan'
option device 'br-wan'
option proto 'dhcp'