public0
December 31, 2023, 3:44pm
1
I wanna to start 2 dhcp client base eth1, one in based on untagged and another is on vlan 55.
network config as following.
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdea:xxxx:xxxx::/48'
config device
option type 'bridge'
option name 'br2'
list ports 'eth0'
list ports 'eth1'
config bridge-vlan
option device 'br2'
option vlan '1'
list ports 'eth0'
config bridge-vlan
option device 'br2'
option vlan '2'
list ports 'eth1'
config interface 'wan'
option proto 'dhcp'
option device 'br2.2'
config interface 'wan2'
option proto 'dhcp'
option device 'br2.55'
config bridge-vlan
option device 'br2'
option vlan '55'
list ports 'eth1:t'
wan can work as expected.
wan2 can not work, when i use tcpdump to watch what happend.
tcpdump -e -i br2 port 67
I found the dhcp server reply miss vlan id.
15:26:04.537572 00:0c:xxxxx (oui Unknown) > Broadcast,
ethertype 802.1Q (0x8100), length 346: vlan 55, p 0,
ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from00:0c:xxxxx (oui Unknown), length 300
15:26:04.551604 00:00:xxxxx (oui IANA) > 00:0c:xxxxx (oui Unknown),
ethertype IPv4 (0x0800), length 353: 10.10.10.1.67 >10.10.10.11.68: BOOTP/DHCP, Reply, length 311
Let’s see the more of your config.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
ubus call system board
cat /etc/config/network
cat /etc/config/firewall
ubus call system board
{
"kernel": "5.15.134",
"hostname": "OpenWrt",
"system": "Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz",
"model": "VMware, Inc. VMware Virtual Platform",
"board_name": "vmware-inc-vmware-virtual-platform",
"rootfs_type": "ext4",
"release": {
"distribution": "OpenWrt",
"version": "23.05.0",
"revision": "r23497-6637af95aa",
"target": "x86/64",
"description": "OpenWrt 23.05.0 r23497-6637af95aa"
}
}
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdea:xxxx:xxxx::/48'
config device
option type 'bridge'
option name 'br2'
list ports 'eth0'
list ports 'eth1'
config bridge-vlan
option device 'br2'
option vlan '1'
list ports 'eth0'
config bridge-vlan
option device 'br2'
option vlan '2'
list ports 'eth1'
config interface 'wan'
option proto 'dhcp'
option device 'br2.2'
config interface 'wan2'
option proto 'dhcp'
option device 'br2.55'
config bridge-vlan
option device 'br2'
option vlan '55'
list ports 'eth1:t'
cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan6'
list network 'lan2'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
Because you're using a VM, you have ports that are individually routed and don't need to be in a bridge at all.
You appear to have 2 virtual NICs (eth0 and eth1)... what is the purpose of each one (wan, lan, etc.), and how do they need to be configured?
For example (this is to show you what info I need, not directly applicable for your VLANs):
eth0 = wan (tagged vlan 2) + untagged lan
eth1 = lan, untagged
Thanks for your reply.
I use vm to reproduce the problem, I found this problem in my netgear r7000.
I just want to test whether I can run dhcp client on eth1 and eth1.55
I have run tcpdump on br2
I found the dhcp server reply miss vlan id.
15:26:04.537572 00:0c:xxxxx (oui Unknown) > Broadcast,
ethertype 802.1Q (0x8100), length 346: vlan 55, p 0,
ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from00:0c:xxxxx (oui Unknown), length 300
15:26:04.551604 00:00:xxxxx (oui IANA) > 00:0c:xxxxx (oui Unknown),
ethertype IPv4 (0x0800), length 353: 10.10.10.1.67 >10.10.10.11.68: BOOTP/DHCP, Reply, length 311
I wouldn't try to replicate this on a VM -- do this on the R7000 if that is the real target here.
Are you expecting to get multiple wan connections? What is connected upstream of the R7000?
Yes. I want to get multiple wan connections on one port . a wan connection is untagged with dhcp, another wan with tagged dhcp.
Sure. I understand. So let's try this on your target device instead of your VM.
Post your /etc/config/network config file from the R7000
i run tcpdump, i found the package replied from dhcp server, but the package miss vlan id.
i can sure dhcp server reply with vlan id.
netgear r7000 works fine in openwrt 18.
I assume you're trying to upgrade to 23.05 because 18.06 is so old (EOL, unsupported, and has many security vulnerabilities)?
I want to upgrade to 23.05 to understand how DSA works.
Another reason I test in vm. because I found the similar problem in my friend's x86 machine.
His system can get dhcp address from dhcp server, but can not accept mulicast udp package.
so I guess is there any vlan configuration missing.
Your VM doesn't use DSA.
While you can use bridge vlan filtering on a non-DSA device, it really doesn't make a lot of sense to do that.
The best option is to simply upgrade your r7000 and then post your default network config file and we can advise from there (it's usually much easier than you think for a wan VLAN config).
ubus call system board
{
"kernel": "5.15.134",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 0 (v7l)",
"model": "Netgear R7000",
"board_name": "netgear,r7000",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.0",
"revision": "r23497-6637af95aa",
"target": "bcm53xx/generic",
"description": "OpenWrt 23.05.0 r23497-6637af95aa"
}
}
network config
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd6a:a33a:2fb9::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'wan'
option macaddr 'A0:04:60:D6:6D:A0'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config interface 'wan2'
option proto 'dhcp'
option device 'wan.55'
This should get an address via DHCP for the untagged network on the wan.
add this to get it on VLAN 55
config interface 'wan55'
option device 'wan.55'
option proto 'dhcp'
And be sure to add the wan55 network to the wan firewall zone.
wan works fine.
i have
config interface 'wan2'
i have to rename wan2 to wan55 ?
wan2 is also added to wan firewall zone.
no, you can use wan2 if you want. I just used wan55 for human readable purposes since it is vlan55... but the name is arbitrary.
wan2 is also added to wan firewall zone.
dhcp still not works.
I can see dhcp send package, but can not see reply package.
We can try a bridge VLAN...
Add this to the network config file:
config device
option name 'br-wan'
option type 'bridge'
list ports 'wan'
config device
option device 'br-wan'
option vlan '1'
list ports 'wan:u*'
config device
option device 'br-wan'
option vlan '55'
list ports 'wan:t'
Then edit wan, wan6, and wan2 to look like this:
config interface 'wan'
option device 'br-wan.1'
option proto 'dhcp'
config interface 'wan6'
option device 'br-wan.1'
option proto 'dhcpv6'
config interface 'wan2'
option proto 'dhcp'
option device 'br-wan.55'
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd6a:a33a:2fb9::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'wan'
option macaddr 'A0:04:60:D6:6D:A0'
config interface 'wan'
option device 'br-wan.1'
option proto 'dhcp'
config interface 'wan2'
option proto 'dhcp'
option device 'br-wan.55'
config device
option type 'bridge'
option name 'br-wan'
list ports 'wan'
config bridge-vlan
option device 'br-wan'
option vlan '1'
list ports 'wan:u*'
config bridge-vlan
option device 'br-wan'
option vlan '55'
list ports 'wan:t'
both wan and wan2 are not works.
Error: Network device is not present
There is one more way we can try bridge-vlans:
delete these:
Add wan to br-lan and then create bridge vlans for br-lan like this:
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'wan'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
config bridge-vlan
option device 'br-lan'
option vlan '2'
list ports 'wan:u*'
config bridge-vlan
option device 'br-lan'
option vlan '55'
list ports 'wan:t'
Then edit the lan to use br-lan.1 and wans to use br-lan.2 and br-lan.55. It should look like this:
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'br-lan.2'
option proto 'dhcp'
config interface 'wan2'
option proto 'dhcp'
option device 'br-lan.55'
(it looks like you've deleted wan6 -- that's fine, but if it still exists, we need to make sure that the associated device is correct -- it should be br-lan.2 if it is there).
1 Like
