Static ip addresses don't work

I've been struggling for days to set fixed ip addresses to my clients with no luck.

My setup: 1 x Master TP-Link Archer C6U v1 and 2 x dumb AP TP-Link Deco M4R v1, all 3 with OpenWrt 23.05.3.

I have an IoT zone for my iot devices that I don't want to reach wan and a LAN zone for the rest.

Master router is the DHCP server, ip's ranging from 100-245 and I've tried to set up a fixed ip for clients outside the DHCP range, but the clients keep getting the same ip (restart router and clients included).

Need some help guys, thank you.

what same IP ?

you don't by any chance have a rougue DHCP in your LAN ?

Not the same IP, my bad, they get IP's from inside the DHCP range and not from the static leases that I added.

No rogue DHCP, on those 2 dumb AP routers, DHCP server is OFF.

Make sure your clients use a fixed mac address, many clients now a days have changing mac addresses for privacy.

I've extended the range xx.xx.xx.4-xx.xx.xx.245, restarted all 3 routers and 3 clients (from the static ip lease section) - nothing changes, still getting random IP's from the DHCP server.

Clients don't change their MAC addresses, I've checked.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
        "kernel": "5.15.150",
        "hostname": "Master",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "TP-Link Archer C6U v1",
        "board_name": "tplink,archer-c6u-v1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.3",
                "revision": "r23809-234f1a2efa",
                "target": "ramips/mt7621",
                "description": "OpenWrt 23.05.3 r23809-234f1a2efa"

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdda:df25:c7b8::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '1.1.1.1'

config interface 'wan'
        option device 'wan'
        option proto 'pppoe'
        option username 'xx'
        option password 'xx'
        option ipv6 'auto'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config interface 'IoT'
        option proto 'static'
        option ipaddr '10.20.30.40'
        option netmask '255.255.255.0'
config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'
        option country 'RO'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'xx'
        option encryption 'psk2'
        option key 'xxx'
        option ieee80211r '1'
        option mobility_domain '123F'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option cell_density '0'
        option country 'RO'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'xx'
        option encryption 'psk2'
        option key 'xxx'
        option ieee80211r '1'
        option mobility_domain '123F'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'IoT'
        option encryption 'psk2'
        option key 'xxx'
        option ieee80211r '1'
        option mobility_domain '123F'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option network 'IoT'

config wifi-iface 'wifinet3'
        option device 'radio0'
        option mode 'ap'
        option ssid 'IoT'
        option encryption 'psk2'
        option key 'xxx'
        option network 'IoT'

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option sequential_ip '1'
        option logqueries '1'
        option logdhcp '1'

config dhcp 'lan'
        option interface 'lan'
        option start '4'
        option limit '245'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'IoT'
        option interface 'IoT'
        option start '100'
        option limit '150'
        option leasetime '12h'

config host
        option name 'SideLawn'
        option ip '192.168.1.41'
        option leasetime 'infinite'
        list match_tag 'known'
        list mac 'xx'

config host
        option name 'staircase-ac'
        option ip '192.168.1.40'
        list mac 'xx'
        option leasetime 'infinite'
        list match_tag 'known'

config host
        option name 'LeftFrontLawn'
        option ip '10.20.30.42'
        list mac 'xx'
        option leasetime 'infinite'
        list match_tag 'known'

config host
        option name 'LenovoLaptop'
        list mac 'xx'
        option ip '192.168.1.5'
        list match_tag 'known'

config host
        option name 'homeassistant'
        option ip '192.168.1.240'
        option mac 'xx'

config host
        option name 'Fronius'
        option ip '192.168.1.186'
        option mac 'xx'

config host
        option name 'SDongleA-BT2280481219'
        option ip '192.168.1.243'
        option mac 'xx'

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'IoT'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'IoT'

config forwarding
        option src 'lan'
        option dest 'IoT'

config rule
        option name 'AllowHA'
        option src 'wan'
        option src_port '443'
        option dest 'lan'
        list dest_ip '192.168.1.112'
        option dest_port '8123'
        option target 'ACCEPT'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'AllowHA'
        option src 'wan'
        option src_dport '443'
        option dest_ip '192.168.1.240'
        option dest_port '8123'

config rule

config rule
        option name 'AllowMQTT'
        option src 'IoT'
        option src_port '1883'
        option dest 'lan'
        list dest_ip '192.168.1.240'
        option dest_port '1883'
        option target 'ACCEPT'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'AllowMQTT'
        option src 'IoT'
        option src_dport '1883'
        option dest_port '1883'

Ok, this is what I got.

Try removing the match_tag option. The leasetime is also not necessary (it shouldn't harm anything, though).

Also, make sure that device is indeed connected to the desired network. I see you have "SideLawn" on the lan (192.168.1.0/24) and "LeftFrontLawn" on the iot network (10.20.30.0/24).

I removed the 'known' tag and leasetime, did a restart, still no change.

I need to connect a few devices(switches, ip cameras) to the IoT zone I created, so that they can't acces internet, just from the local network (home assistant) .

Have you forced the devices to renew their IP addresses (you can bounce the interface by turning off wifi or unplugging Ethernet, reboot the machine, or request a lease renewal in the host's UI, if available).

1 Like

dnsmasq retains state over service restarts (but not reboots), if a previous DHCP lease (before you having added the static lease) is still found, it will take precedence over your newly defined static lease.

2 Likes

Technically this thread is about DHCP reservations, not static IP addresses.

Watch the router's log while you restart a client device. If no DHCP activity is logged (or only a request with no DHCPACK), that means that another DHCP server on the network served it.

Devices which emit a unique hostname should be reserved by name instead of MAC address. This allows you to replace the device (configuring the new one with the same name) or its network card and keep the same IP.

1 Like

OK, I've found the solution: I did a factory reset of the router with the "hold the reset button for 10 sec" method.

Before I explain myself, I need to tell you that I've tried everything that you guys suggested and NOTHING work. Not one device (among dozens) got a fixed IP, no matter what I tried.

Then, I noticed a firewall rule that got stuck after I did a soft reset with "firstboot && reboot" method, it was this one:

config rule
        option name 'AllowHA'
        option src 'wan'
        option src_port '443'
        option dest 'lan'
        list dest_ip '192.168.1.112'
        option dest_port '8123'
        option target 'ACCEPT'

so I've decided to do a factory reset and after that EVERYTHING worked. All the devices got fixed IP's within seconds after reboot.

I really don't know what happened but I suspect it was me, messing around with separate zones and networks for devices that I didn't want to connect to WAN.

So for beginners that want devices not to connect to WAN, i suggest to just make simple traffic rules in firewall section and not use separate networks or zone, it's simpler and faster.

Thank you guys for taking the time to answer my questions, I really appreciated.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.