No IP from ISP with router on a stick setup

I am trying to configure a NanoPi R5S as a router on a stick. I know it has three network interfaces and I do not need to do this, but the hardware that I eventually want to port the router to only has a single interface ...

The setup right now is I am using eth2 on the NanoPi R5S as a management interface on 192.168.25.x and eth1 as a trunk interface with vlans 8 (wan) and 16 (home). The firewall, dhcp, and network files are attached below. My workstation is attached directly to eth2. The eth1 port is connected to port 7 on a managed switch (TL-SG108PE) while my cable modem is connected to port 8. The other ports are not being used, but are configured for other stuff. The configuration of the VLANs on the switch are also included below.

Right now, when I start everything up, the router gets a temporary IP from the cable modem

IPv4:192.168.100.10
GatewayV4:192.168.100.1

That IP then expires and no new IP from the ISP is issues. When the router is not configured as a router on a stick, but rather eth0 is used for wan and eth1 is used for lan, after the temporary IP expires, wan get a public IP from my ISP. The cable modem does not care about the MAC address of the device. I can connect my workstation directly to the modem, or other routers, without issues.

Switch VLAN setup


I am running a snapshot version of OpenWRT for the R5S that I did a fresh download and install today.

/etc/config# cat firewall

config defaults
	option syn_flood '1'
	option input 'REJECT'
	option output 'REJECT'
	option forward 'REJECT'
	option disable_ipv6 '1'

config zone
	option name 'man'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'man0'

config zone
	option name 'home'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'home0'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan0'

config forwarding
	option src 'man'
	option dest 'wan'

config forwarding
	option src 'home'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

/etc/config# cat dhcp


config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'man'
	option interface 'man0'
	option start '128'
	option limit '255'
	option leasetime '12h'

config dhcp 'home'
	option interface 'home0'
	option start '128'
	option limit '255'
	option leasetime '12h'

config dhcp 'wan'
	option interface 'wan0'
	option ignore '1'

/etc/config# cat network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd9a:79b4:db5f::/48'

config device
	option name 'eth0'
	option macaddr 'b2:26:ad:6e:62:e0'

config device
	option name 'eth1'
	option macaddr 'b2:26:ad:6e:62:e1'

config device
	option name 'eth2'
	option macaddr 'b2:26:ad:6e:62:e1'

config interface 'man0'
	option device 'eth2'
	option proto 'static'
	option ipaddr '192.168.25.1'
	option netmask '255.255.255.0'

config device
	option name 'br0'
	option type 'bridge'
	list ports 'eth1'

config interface 'wan1'
	option device 'br0.8'
	option proto 'dhcp'

config interface 'home0'
	option device 'br0.16'
	option proto 'static'
	option ipaddr '192.168.16.1'
	option netmask '255.255.255.0'

config bridge-vlan
	option device 'br0'
	option vlan '8'
	list ports 'eth1:t'

config bridge-vlan
	option device 'br0'
	option vlan '16'
	list ports 'eth1:t'

There are a few possible reasons for your issue...

The first is the typical cable modem thing that you need to restart the cable modem (possibly several times) to clear the previously learned MAC address before it will learn a new one and issue an IP to it (it will only issue an IP to the learned MAC).

Next...

You switch configuration looks okay in theory, however that particular switch is not suitable for the task because it doesn't allow you to select the management VLAN. It is a firmware limitation present in all the TL-SG1xx(P)E models.

There is a partial workaround here -- make sure the switch is configured with a static IP. Do not use DHCP on the switch, as it could possibly become the "learned MAC" on the cable modem and it could get the IP from the cable modem rather than passing through to the router.

The above will at least prevent it from grabbing the IP, but there is still a risk that it presents its MAC and it is also not secure because any VLAN can actually access the switch management -- including the wan if someone were to manage to push RFC1918 addresses through the cable network (this shouldn't happen, but it depends on how the operator manages the network and where they drop packets.

So, all that to say -- get rid of that switch and use one that has the ability to specify the management VLAN. TP-Link's next step up (small business) switches are properly designed, as are most other vendors aside from the entry level Netgear devices which, AIUI, have the same issues.

Finally, I'd remove the bridge and work directly with dotted notation.

Delete this:

and this:

Then replace br0.x with eth1.x like this:

config interface 'wan1'
	option device 'eth1.8'
	option proto 'dhcp'

...

config interface 'home0'
	option device 'eth1.16'
	option proto 'static'
	option ipaddr '192.168.16.1'
	option netmask '255.255.255.0'

Next, it appears you are using wan1 in the network config, but wan0 is what we see in the firewall.

Fix this by editing one or the other so they are consistent.

And final;ly, your DHCP servers are invalid:

The limit value is out of bounds... on a /24 network with a start of 128, it must be <=127.

Thanks, but no luck. I know the switch stinks. I have it configured with a static address

I made the changes you suggested to the network/firewall/dhcp files. I then unplugged the router a couple of times and there was no change.

My cable modem seems to be forgiving about MAC addresses. After failing to get an IP with the router on a stick, I can unplug the modem, attach a 3rd router to the modem and get an IP without any drama. I can then unplug the modem and swap out for a 4th router (yeah I have too much hardware) and get an IP again. I can then unplug the modem again and go back to the router on a stick, but still have no joy.

I would highly recommend that you replace this switch before going too much further. It wouldn't surprise me if this is part of the problem.

I have been eyeing up the Zyxel XMG1915-18EP but it is so expensive especially when I add in the cost of upgrading to WiFi 7. The GS1915-24EP seems more reasonable and would make my home network closet a lot neater.

Any thoughts on Zyxel or maybe Mikrotik switches or a better brand?

I haven't used either, so I cannot say which is better. I can say that most of what I've seen from both companies has been positive, with ZyXel being a bit cheaper for some of their devices.

But aside from that, no specific recommendations, just avoid the entry level TP-Link and Netgear switches.