Hello,
My router is connected to a switch on lan1 port and to the WAN on wan port.
What I am trying to achieve is to create multiple vlan's on the router, each with a DHCP/DNS server/forwarder instance, and set vlan port mapping on the switch.
To do this, I have
- removed br-lan device
- removed lan interface.
- created the vlan's all mapped to the same router port (lan1).
- configured dhcp server and dns forwarder (using this guide)
- set to 'tagged mode' the switch port attached to the router's lan1 port for all the vlan's
- mapped the other ports of the switch to a specific vlan
Everything seems working fine: on the switch I can see that each vlan has the correct dhcp server instance and devices acquire the correct ip according to the port they are attached to.
Following the configuration of OpenWrt:
network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd6d:b906:624c::/48'
config device
option name 'wan'
option macaddr '***omitted***'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config device
option type '8021q'
option ifname 'lan1'
option vid '101'
option name 'lan1.101'
option macaddr '61:38:E0:D6:4D:65'
config interface 'main'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option device 'lan1.101'
config device
option type '8021q'
option ifname 'lan1'
option vid '102'
option name 'lan1.102'
option macaddr '61:38:E0:D6:4D:66'
config interface 'domotic'
option proto 'static'
option device 'lan1.102'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
dhcp
config dnsmasq 'main_dns'
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/main.local/'
option domain 'main.local'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases.main'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
list interface 'main'
config dhcp 'main'
option instance 'main_dns'
option interface 'main'
option start '251'
option limit '5'
option leasetime '1h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dnsmasq 'domotic_dns'
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/domotic.local/'
option domain 'domotic.local'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases.domotic'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
list interface 'domotic'
list notinterface 'loopback'
config dhcp 'domotic'
option instance 'domotic_dns'
option interface 'domotic'
option start '251'
option limit '5'
option leasetime '1h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config zone
option name 'main'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'main'
config forwarding
option src 'main'
option dest 'wan'
config zone
option name 'domotic'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'domotic'
config forwarding
option src 'domotic'
option dest 'wan'
The problem is that the /etc/resolv.conf is overwritten on startup with the data of the last DNS forwarder (in this case 'domotic') therefore the router is not able to resolve external names.
What am I missing?
Moreover, if I try to ping a device on vlan 102 from a device on vlan 101 I get this message (I think it is correct):
~ % ping 192.168.2.2
PING 192.168.2.2 (192.168.2.2): 56 data bytes
92 bytes from router.main.local (192.168.1.1): Destination Port Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 ea51 0 0000 3f 01 353a 192.168.1.251 192.168.2.2
But if I, on the same device, try to ping the router IP address of vlan 102 it replies:
~ % ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
64 bytes from 192.168.2.1: icmp_seq=0 ttl=64 time=0.627 ms
Is this the correct behavior? I was expecting it wasn't reachable as well. Is there something wrong with my configuration?
This is the device/OpenWrt version using DSA
{
"kernel": "5.10.146",
"hostname": "***omitted***",
"system": "ARMv7 Processor rev 1 (v7l)",
"model": "Linksys WRT3200ACM",
"board_name": "linksys,wrt3200acm",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.2",
"revision": "r19803-9a599fee93",
"target": "mvebu/cortexa9",
"description": "OpenWrt 22.03.2 r19803-9a599fee93"
}
}
Thanks in advance for helping.