[Solved] 802.1q VLAN Guest network DHCP problem

I am trying to move away IoT wireless network from router to access point. The target setup should be like that:

 ---                  ---     
|RTR|=====802.1q=====|A P|----< IoT WLAN
 ---                  ---   
                       | 
                 prod LAN/WLAN

DHCP server for both IoT and prod is hosted on RTR. RTR and AP are R7800 (although that shouldn't matter).
As a result DHCP works fine for prod but not for IoT. When IoT WLAN is being delivered from RTR DHCP works fine. After move of IoT WLAN however gadgets do connect but they are unable to obtain IP configuration (IPv4).
However when I configure AP interface for IoT VLAN as DHCP client it would get proper IP address.
I have no idea why it is not working for IoT devices in that case.
Router config:

/cut/
config interface 'prod'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '10.10.10.1'
	option metric '0'
	option ifname 'eth1.1 tap0'
	option delegate '0'

/cut/

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option description 'PROD-VLAN'
	option ports '6t 4 3t 2 1'

/cut/

config interface 'IoT'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option ifname 'eth1.3'
	option type 'bridge'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option description 'IoT-VLAN'
	option ports '6t 3t'

and for access point:

config interface 'lan'
	option type 'bridge'
	option proto 'dhcp'
	option hostname 'ap'
	option ifname 'eth1.1'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option description 'PROD-VLAN'
	option ports '6t 4 3t 2 1 5'

/cut/

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option description 'IoT-VLAN'
	option ports '0t 3t'

config interface 'IoT'
	option type 'bridge'
	option ifname 'radio1.network2 eth0.3'
	option proto 'dhcp'

I think you wanted to tag port 6 (CPU), not 0.

Don't use radio1.network2 there. In wireless configuration assign the SSID to IoT network.

In case of R7800 0t is CPU0 while 6t is CPU1 therefore it should not make any difference.

I know that, but 0 goes to wan port, 6 goes to lans.

That is surprising to me. Was sure that is something fully customizable.
Does it also mean in case R7800 is configured as AP only and I would like to use WAN port as an access port I have to use CPU0/eth0?

Well, not so much customizable. In the first router you have it configured correctly, so I guess it was random.

You'll have to bridge eth1.1 and eth0.2 (or whatever interfaces/vlans you got).

I have recreated WLANs and IoT network interfaces on both router and AP and it works as I was expecting it to work. In AP mode both CPU0(eth0) and CPU1(eth1) are equal and you are free to use each any of those or distribute VLANs among them.
And obviously WAN port in AP mode is fully operational LAN port and can be assigned to any VLAN/CPU.
Below current config of AP in case anyone would find it helpful:

/cut/
config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option description 'MAIN-VLAN'
	option ports '6t 4 3t 2 1 5'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'
	option description 'WAN-VLAN'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option description 'GUEST-VLAN'
	option ports '0t 3t'

config interface 'guest'
	option proto 'none'
	option ifname 'eth1.3'
	option type 'bridge'

On router side WAN is bound to CPU0 (tagged), MAIN and guest are on CPU1 and on trunk LAN2 (on both ports tagged).

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.