I have a VLAN set up for a bunch of PoE cameras. On the main router there's an interface connected to eth0.123 that serves DHCP addresses 192.168.123.1/24 assigned to a firewall zone "cams" and generally everything just works.
The situation I have now though is I'm trying to bring up a new camera that apparently starts out with a static address 192.168.0.42. I've got it plugged into a switch port that has VLAN ID 123 untagged but I can't ping it.
Now on the one hand "of course not" because it's on VLAN 123 which "is" the 192.168.123.1/24 subnet. But otoh — VLANs aren't really or necessarily any particular subnet, are they? My mental model is kinda breaking down here.
I tried adding a manual route:
uci add network route # =cfg1234567
uci set network.@route[-1].interface='cams'
uci set network.@route[-1].target='192.168.0.42/32'
but that didn't work. (Although it worked better than my first try of adding a route 192.168.0.42/0… whoops… )
Is there a simple way to reach a host with an essentially random IP address, but via a VLAN that is primarily set up for one particular (non-overlapping) subnet?
These are always a pain, but the solution is pretty simple...
connect the camera to a port on VLAN 123
connect your computer (or phone) to VLAN 123, but specify a static IP in the computer's network configuration. Set it to 192.168.0.10 (as an example) with /24 subnet size (255.255.255.0).
Using that computer, you can now connect to the camera via a browser/ssh/app (however it does it) at the 192.168.0.42 address.
Configure your camera appropriately (either a static IP on the VLAN123 subnet or DHCP), and then it should join your expected subnet.
set your computer back to DHCP or whatever you had previously.
EDIT: I should state that there are other ways to do this, but I think this is the fastest method assuming that you can make the connections physically.
Thanks, yeah that's somewhat the route I ended up taking. I just plugged a USB Ethernet adapter into a laptop, set that to a static IP as well, and then got to the configuration where I could switch it to DHCP. Kinda silly default for the camera but oh well.
I'm still curious though as to where the original case breaks down. I'm assuming that at the ARP/routing level the "rogue" IP address can be discovered along the VLAN? But then back at the main router is it the eth.123 interface configuration? Or something with the firewall? Because I am already set up from my home zone/VLAN to access the cams zone/VLAN, but the oddball static IP address wasn't getting through.
So the reason it doesn't work "out of the box" is that all of the devices on VLAN 123 have addresses in the 192.168.123.0/24 subnet. They have no way to talk to the camera in question since it is on a different subnet, and the router is both unaware of this (unexpected) subnet and doesn't have an address on that subnet. Thus it has no way to route any traffic to/from the camera.
The router based solution would be to create a new interface using an alias of the device used for VLAN123. It would look something like this:
This would give the router an address on the camera's subnet and assign it to an aliased device for the VLAN to which it is attached (you'd also need to assign this to a firewall zone, likely with masquerading enabled). From there a computer on any network would be able to reach the camera since the router would now have an address and thus a route to the network.
Earlier I said that it would be easier to just use a static IP on the computer... obviously that worked here, but as I think about the relative effort, both methods might have actually been the same, just different approaches. I should have given you both options in my initial response. But, the important thing is that the camera is now configured!
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!
)