No DHCP for Wifi devices connected to VLAN

Please redirect me to an appropriate Topic if I am duplicating anything.

I am trying to implement multiple VLANS to separate devices at home and am failing to get Wifi devices to operate when the WLAN is configured to use a VLAN.
I have 3 Belkin RT3200 and a Linksys 610N access points installed with OPENWRT 22.03 RC6.
1 RT3200 is used as Internet Gateway and the other devices are configured as Dumb Access points.
All dumb access points are connected to the internet gateway via Ethernet cables.
I have all working well but without VLANs including 802.11r on my Wifi setup.
For the purpose of this discussion I will only consider the RT3200 as the Linksys is not compatible with DSA and would make the Topic more complex.

Disclamer, I am really not comfortable with the configuration files so everything here has been configured via LUCI following various guides on Openwrt site as well as Youtube tutorials from onmarcfifty and others. I have also read multiple times the OPENWRT DSA Mini-Tutorial as well as the OPENWRT Converting to DSA and a bunch of related articles.

After countless trial and errors I have tried to reduce my problem to the simplest config I can think of on one of the RT3200 dumb access points.

Initial Config on the dumb access point with no VLAN :

  1. No WAN & WAN6 interface.
  2. The original LAN interface connected to the original bridge device br-lan
  3. Ports (LAN[1-4}+WAN) are bridged by device br-lan
  4. LAN Interface get an IP Address from the Internet gateway via a ethernet cable connected to the WAN Port
  5. wlan0 is configured on Network lan
  6. My Mac can connect on both LAN1 via ethernet cable and Wifi.
  7. DHCP, DNS and Firewall are turned off on the dumb access point and IP address and DNS resolution is done by the Internet gateway
    All work well and I can access internet and the device from both LAN1 and Wifi.

To simplify as much as possible my config I created an internal VLAN 100 on the Dumb access point to limit the scope of the problem and try to understand what I am doing wrong :
a) I enabled VLAN filtering on Device br-lan
b) The wan port is set to untagged egress and Primary VLAN ID on VLAN 100 to ensure that all packets egress are sent untagged to the internet gateway and all ingress packets are tagged VLAN 100
c) LAN1 port is set to untagged egress and Primary VLAN ID on VLAN 100 to ensure that all packets egress are sent untagged to the Mac and all ingress packets are tagged VLAN 100
d) LAN interface is attached to br-lan.100.

So over Ethernet:
[Mac-Eth port]<-Untagged->[LAN1<->VLAN100-LAN Interface-VLAN100<->WAN]<Untagged->[Int gw]

Over Wifi:
[Mac-Wifit]<-Untagged->[wlan0<->VLAN100-LAN Interface-VLAN100<->WAN]<Untagged->[Int gw]

Once the configuration is applied, I can access the internet and the device using LAN1 port, However while I can connect to the Wifi interface I will not get a DHCP address from the internet gateway and thus can't access internet or the device.
As soon as I delete the VLAN and set the LAN Interface on br-lan wifi get an IP address and all is fine.

My understanding is that as all is working fine when connected to port LAN ,and transiting via VLAN 100, the wlan should operate as well, so either I am missing something obvious or the connection of the wlan to an interface connected to a VLAN is broken, probably unlikely ::slight_smile:

Any idea what I might do wrong ?
Let me know more info are needed or if some pics or screen shots would make this easier to understand.

Would be easier to help if you post the contents of /etc/config/{network,wireless,dhcp}
Coreect me if I'm wrong but, For wireless to work on your setup wlan0 must a member of br-lan.100, you can ssh into the router to check with brctl. In your setup the dhcp section
could be like: option ignore '1' . Don't mix untagged & tag on the same port. One more suggestion, use tagged from dumb AP through to Int gw.

Hi and Thanks for the Prompt answer.
Give me some time to copy the requested files, I need to recreate my test environment, I can't leave it in place or the family complain about the internet :slight_smile:
Looking for some cheap access points compatible with DSA that I can use for my tests, I can't replicate the issue with the Wifi adapters in a virtual environment.

The way I understand the Documentation and various tutorials I have read with Open WRT using DSA, the Wireless must refer to the Interface, in this case LAN. The LAN interface is connected to br-lan.100.

For now I am not using (Yet) tagged ports, I only use untagged to simplify the setup and try to understand why the Wifi is not getting the IP Address from DHCP. DHCP is definitely on as the Mac connected to the LAN1 port on the same VLAN get the IP address.
Reminder that the Dumb Access point is not servicing DHCP, DNS or FIREWALL, that run on the Internet Gateway and is working fine.

If you think about the dhcp reply packets travel from the dhcp server to your wlan client you'll notice the gulprit.

Thanks Mattimat,

Not sure if that has an impact, the whole network is in the same IP Range, we are switching at layer 2, not routing across subnets at layer 3. Also why would it work when I connect the computer to the local port LAN1 but not when connecting via Wifi ?
I followed several tutorials and none mentioned the need to setup a DHCP relay.
I think the problem is in some other error I must have made, Will forward soon the config files.

Thanks !

Lan1 port (egress untagged) is stripping the tag from dhcp reply packet.

Hi Mattimat,
First off sorry for misreading your first message, you mentioned DGCP Reply and i understood DHCP Relay, my bad.:- :bowing_man:

To answer your comment :
LAN1 is where I have my Mac connected it is meant to be untagged or the Mac would not process the DHCP Reply. reminder that LAN1 is working fine, my issue is to understand why the Wifi connected devices are not getting a DHCP Address.

Thanks for your interest in this issue.

Would there be a problem with firewall or forwarding between WiFi VLAN and the bridge LAN? Static route?
Maybe you need to make the dumb AP WiFi tag packets to vlan on Int gateway like u5uyhystr said.

Hi TuxBox,
I realise that I never closed this conversation, sorry for that.
For your info I flashed the devices with the stable version of OpenWRT and reconfigured everything.
I have now a functional setup.
I don't know if the fix came from teh new version of OpenWRT or maybe by an error I had somewhere when I first configured the routers. It's likely a human error so bad on me.
Thanks again for reaching out.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.