Iv been able to get the wifi vlan stuff working with the help of some online guides so that seems to be working as expected. Where I'm running into issues is trying to get a single port on my router to accept Vlans(99, 110, 120). Vlan 99, which is untagged on all Lan ports, seems to be working without issue. However Vlans 110,120 dont seem to be working. They have both been tagged on port 5 and are connected to my Unraid server and while my unraid server is working fine on the untagged vlan 99, the tagged vlans don't seem to be doing anything. I don't know if its a configuration issue on my router or unraid. So i figured Id make sure the configuration on my router is correct before diving into the unraid settings more since unraid settings seem more straight forward.
I've been searching the web for a solution to this for about a week. and have been trying diff guides iv found but have been unsuccessful in my attempts. So I've decided to make a post asking the community for some help and guidance. Im very new to openwrt and networking in general so I may have some gaps in my understanding.
What I'm trying to-do is set a single port on my router to allow for Vlan tagging so that my unraid server can assign Vlan IDs to various dockers and some VMs. As it stands with my current testing i feel the unraid server is utilizing its own DHCP server to assign dockers their own IPs based on the Vlan IDs. So for example i do get an accessible IP of 192.168.120.2 for a docker container. However when checking the routers active DHCP Leases that IP address does not show up. Which lead me to believe unraid was using its internal DHCP. Testing unraid VMs just gave me no IP at all when choosing the vlan network interface.
Anyway im jumping ahead of myself, this isn't about Unraid just yet. I want to first make sure that I setup my router correctly for what i want todo. I'm hoping the above overview of what im trying todo might help get some answers.
Honestly I may have set this up wrong or am not completely understanding how Vlans work in regards to tagging and untagging ports.
Here is my network config. If it helps I'm also using AdGuardHome so the custom DNS servers are set to 192.168.1.1 and in the DHCP Server/Advanced Settings Tab i have DHCP options 3 and 6 set to 192.168.[110,120].1
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd13:cd98:1579::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
option ipv6 '0'
config interface 'lan'
option device 'br-lan.99'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '192.168.1.1'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
option peerdns '0'
option force_link '1'
list dns '1.1.1.1'
list dns '1.0.0.1'
config device
option name 'eth0'
option ipv6 '0'
config device
option name 'eth1'
option ipv6 '0'
config device
option type 'bridge'
option name 'br-guest'
option bridge_empty '1'
option ipv6 '0'
config device
option type 'bridge'
option name 'br-iot'
option bridge_empty '1'
option ipv6 '0'
config interface 'iot'
option proto 'static'
option device 'br-iot'
option ipaddr '192.168.4.1'
option netmask '255.255.255.0'
config interface 'guest'
option proto 'static'
option device 'br-guest'
option ipaddr '192.168.5.1'
option netmask '255.255.255.0'
config bridge-vlan
option device 'br-lan'
option vlan '110'
list ports 'lan5:t'
config bridge-vlan
option device 'br-lan'
option vlan '120'
list ports 'lan5:t'
config bridge-vlan
option device 'br-lan'
option vlan '99'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
list ports 'lan5'
config device
option name 'br-lan.99'
option type '8021q'
option ifname 'br-lan'
option vid '99'
option ipv6 '0'
config interface 'HomeAsst'
option proto 'static'
option device 'br-lan.110'
option ipaddr '192.168.110.1'
option netmask '255.255.255.0'
list dns '192.168.1.1'
config interface 'DockerMedia'
option proto 'static'
option device 'br-lan.120'
option ipaddr '192.168.120.1'
option netmask '255.255.255.0'
list dns '192.168.1.1'
The problem is likely in your unraid server config, as it needs to be configured to expect the tagged VLANs. You must explicitly set that on the host (and/or vm) such that it will be able to communicate with the tagged networks.
Just to make sure that there aren’t any issues on the router side, let’s review your dhcp and firewall files.
Ya i did look over some unraid guides on vlans but everything iv tried hasnt worked the way i expected. I did create unraid Vlans one with no IP assignment and another with a static IP. I assigned the custom interface to the VM but it didnt seem to work either(windows server). The docker required i enable the custom interface and add a subnet and optionally a gateway. But I have another test to try using the macvlan instead of ipvlan but im waiting to test that since the VM wont even work yet.
Anyway heres the DHCP and Firewall configs.
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option logfacility 'USER'
option noresolv '1'
option port '54'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '3,192.168.1.1'
list dhcp_option '6,192.168.1.1'
list dhcp_option '15,lan'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
list mac '40:B0:76:5B:67:43'
option ip '192.168.1.84'
option name 'HomeServer'
config host
option name 'BuddyPC'
list mac '10:7C:61:1F:A8:71'
option ip '192.168.1.11'
config host
option name 'Quest3'
list mac 'C0:DD:8A:58:D6:BD'
option ip '192.168.1.174'
config host
option name 'HomeAssistant'
list mac '52:54:00:85:14:9E'
option ip '192.168.1.55'
config host
option name 'BrotherPrinter'
list mac '30:C9:AB:CD:B4:E5'
option ip '192.168.4.232'
config host
option name 'winserver'
list mac '52:54:00:22:4A:F2'
option ip '192.168.1.172'
config dhcp 'iot'
option interface 'iot'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '15,lan'
list dhcp_option '3,192.168.4.1'
list dhcp_option '6,192.168.4.1'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '15,lan'
list dhcp_option '3,192.168.5.1'
list dhcp_option '6,192.168.5.1'
config host
option name 'panda-touch'
option ip '192.168.4.152'
list mac '24:58:7C:D0:DA:3C'
config host
option ip '192.168.4.233'
list mac 'DC:DA:0C:7B:27:B4'
option name 'p1s'
config host
option name 'panda-pwr'
option ip '192.168.4.110'
list mac 'D0:EF:76:98:9D:90'
config host
option name 'kasa-plug-1'
option ip '192.168.4.172'
list mac '24:2F:D0:E0:9F:9E'
config host
option ip '192.168.4.173'
list mac '24:2F:D0:E0:8F:2B'
option name 'kasa-plug-2'
config dhcp 'HomeAsst'
option interface 'HomeAsst'
option start '10'
option limit '150'
option leasetime '12h'
list dhcp_option '3,192.168.110.1'
list dhcp_option '6,192.168.110.1'
list dhcp_option '15,lan'
config dhcp 'DockerMedia'
option interface 'DockerMedia'
option start '10'
option limit '150'
option leasetime '12h'
list dhcp_option '3,192.168.120.1'
list dhcp_option '6,192.168.120.1'
list dhcp_option '15,lan'
the firewall rules are kinda in flux as i have several disabled as i test dif setups.
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'GuestZone'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guest'
config zone
option name 'IOTZone'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option log '1'
option log_limit '10/second'
list network 'iot'
config forwarding
option src 'GuestZone'
option dest 'wan'
config forwarding
option src 'IOTZone'
option dest 'wan'
config rule
option name 'HomeAsst-IOTAccess'
option src 'lan'
list src_ip '192.168.1.55'
option dest 'IOTZone'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
option enabled '0'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HomeServer-Deluge'
list proto 'tcp'
option src 'wan'
option src_dport '52525'
option dest_ip '192.168.1.84'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HomeServer-Deluge2'
list proto 'tcp'
option src 'wan'
option src_dport '58846'
option dest_ip '192.168.1.84'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HomeServer-Emby'
list proto 'tcp'
option src 'wan'
option src_dport '8096'
option dest_ip '192.168.1.84'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HomeServer-Emby2'
list proto 'tcp'
option src 'wan'
option src_dport '8920'
option dest_ip '192.168.1.84'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HomeServer-VPN'
list proto 'udp'
option src 'wan'
option src_dport '51820'
option dest_ip '192.168.1.84'
config rule
option name 'LocalPrinterAccess'
option src 'lan'
option dest 'IOTZone'
list dest_ip '192.168.4.232'
option target 'ACCEPT'
list proto 'all'
option enabled '0'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'WinServer Arma Reforger'
list proto 'udp'
option src 'wan'
option src_dport '20001'
option dest_ip '192.168.1.172'
option enabled '0'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'WinServer Arma Reforger'
list proto 'udp'
option src 'wan'
option src_dport '17777'
option dest_ip '192.168.1.172'
option enabled '0'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'WinServer Arma Reforger'
list proto 'udp'
option src 'wan'
option src_dport '19999'
option dest_ip '192.168.1.172'
option enabled '0'
config rule
option name 'Allow mDNS'
list proto 'udp'
option src '*'
option src_port '5353 33257'
list dest_ip '224.0.0.251'
option dest_port '5353 33257'
option target 'ACCEPT'
config rule
option name 'Allow mDNS'
list proto 'udp'
option src '*'
option src_port '33257'
list dest_ip '224.0.0.251'
option dest_port '5353'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Atom Echo --> Home Assistant'
option src 'IOTZone'
option dest 'lan'
list dest_ip '192.168.1.55'
option target 'ACCEPT'
list src_ip '192.168.4.197'
list src_ip '192.168.4.112'
list src_ip '192.168.4.120'
list src_ip '192.168.4.210'
list src_ip '192.168.4.218'
list src_ip '192.168.4.122'
list proto 'tcp'
config rule
option name 'Lan --> IOT'
option src 'lan'
option dest 'IOTZone'
option target 'ACCEPT'
option enabled '0'
config zone
option name 'HomeAsstZone'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'HomeAsst'
config rule
option name 'Tuya Discovery'
list proto 'udp'
option src 'IOTZone'
list dest_ip '255.255.255.255'
option dest_port '6667'
option target 'ACCEPT'
config rule
option name 'Adguard_dns'
option src 'lan'
option src_port '53'
option dest_port '53'
option target 'ACCEPT'
option dest 'lan'
config rule
option name 'homekit/ecobee/HASS'
list proto 'tcp'
option src 'IOTZone'
list src_ip '192.168.4.153'
option dest 'lan'
list dest_ip '192.168.1.55'
option target 'ACCEPT'
option src_port '37948'
config forwarding
option src 'lan'
option dest 'IOTZone'
config forwarding
option src 'HomeAsstZone'
option dest 'wan'
config rule
option name 'IOT DHCP and DNS'
option src 'IOTZone'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option name 'Guest DHCP and DNS'
option src 'GuestZone'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option name 'DockerMedia DHCP and DNS'
option src 'DockerMediaZone'
option dest_port '53 67 68'
option target 'ACCEPT'
config zone
option name 'DockerMediaZone'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'DockerMedia'
config forwarding
option src 'DockerMediaZone'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'DockerMediaZone'
config forwarding
option src 'lan'
option dest 'HomeAsstZone'
config forwarding
option src 'IOTZone'
option dest 'HomeAsstZone'
no managed switch just the router. I tried to see if my laptop or desktop could assign their own vlan tag but unfortunately they dont have that option.
Ok i guess il move on to the unraid forums and see if they can help me find a solution since it sounds like my router is setup correctly.
hmm apparently something iv done on the router has made the router unable to ping hostnames too. It can ping google's IP but trying to ping google.com from ssh comes up bad address. So my routers dns is messed up. so i guess il try and fix that before going any further
I see that you have changed your dns to use doh/dot or something else that is not part of the default config. For that, you should open a new thread since that is independent of your vlan question.
I figured as much. I'm gonna take a whack at it before throwing up another post. Anyway thanks for the help with the Vlan stuff. Its good to know atleast the routers vlan is setup correctly