Hi there. I'm attempting to configure a raspberry Pi 4B running 23.05, but I'm having some difficulties with VLANS. I've set it up as a router-on-a-stick configuration with a managed VLAN-aware Allied Telesis x230 switch. So far, I am able to connect my PC to port1.0.1 on the switch and I am able to connect to the router no problem (router is connected to port1.0.16) I've configured port1.0.7 to be an untagged access port to vlan 10, but whenever I connect a device to it, it does not get DHCP. If I manually set the device IP address to 192.168.10.50, for instance, then I can ping the switch at 192.168.10.5, but I cannot ping the router. What have I missed
Router
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdca:f755:8ef2::/48'
config device
option name 'eth1'
config interface 'lan'
option proto 'static'
option device 'eth0.1'
option ipaddr '192.168.0.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'WAN'
option proto 'dhcp'
option device 'eth1'
config device
option name 'eth0.10'
option type '8021q'
option ifname 'eth0'
option vid '10'
config device
option name 'eth0.20'
option type '8021q'
option ifname 'eth0'
option vid '20'
config interface 'guest'
option proto 'static'
option device 'eth0.10'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
config interface 'iot'
option proto 'static'
option device 'eth0.20'
option ipaddr '192.168.20.1'
option netmask '255.255.255.0'
/etc/config/firewall
config defaults
option syn_flood 1
option input REJECT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config zone
option name guest
list network 'guest'
option input REJECT
option output ACCEPT
option forward REJECT
config zone
option name iot
list network 'iot'
option input REJECT
option output ACCEPT
option forward REJECT
config forwarding
option src lan
option dest wan
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
config forwarding
option src lan
option dest guest
config forwarding
option src lan
option dest iot
config forwarding
option src guest
option dest wan
config forwarding
option src iot
option dest wan
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'iot'
option interface 'iot'
option start '100'
option limit '150'
option leasetime '12h'
managed switch config:
!
service password-encryption
!
hostname sw1
!
enable password level 15 8 *******.
no banner motd
!
username philadmin privilege 15 password 8 ********
no username manager
!
ssh server allow-users philadmin
service ssh
!
no service telnet
!
service http
!
no clock timezone
!
snmp-server
!
aaa authentication enable default local
aaa authentication login default local
!
ip domain-lookup
!
!
!
spanning-tree mode rstp
!
service power-inline
!
vlan database
vlan 10 name guest
vlan 20 name iot
vlan 10,20 state enable
!
interface port1.0.1-1.0.6
switchport
switchport mode access
!
interface port1.0.7
switchport
switchport mode access
switchport access vlan 10
!
interface port1.0.8-1.0.15
switchport
switchport mode access
!
interface port1.0.16
switchport
switchport mode trunk
switchport trunk allowed vlan add 1,10,20
switchport trunk native vlan none
!
interface port1.0.17-1.0.18
shutdown
switchport
switchport mode access
!
interface vlan1
ip address 192.168.0.5/24
!
interface vlan10
ip address 192.168.10.5/24
!
line con 0
line vty 0 4
!
end
What am I missing? Thanks in advance.