OpenWrt Forum Archive

Topic: central DHCP with multiple WLAN routers and guest wifi network

The content of this topic has been archived on 27 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hi,

I have a central openwrt router on which I configured a LAN network, a DMZ and
a DHCP server. The DHCP server serves clients from both networks with different
IP ranges.

To this router I have connected a few wireless access points (also running
openwrt) where I want to configure two different wifi networks:

1st network: Clients connecting to this network should receive an IP
address from the LAN address range and have full access to LAN, DMZ and
Internet.

2nd network: Clients connecting to this network should receive either an
IP address from a complete new address range, or one of the DMZ range.
But the address should also be given from the central DHCP server.
Clients should not have access to the LAN zone.

The first network is not a problem. I also have no problem with the
firewall settings.  My Problem is that I don't know how to setup the
second network and the central DHCP server. Somehow the DHCP server has
to know to which wifi a client is connected to.

Is this even possible without activating DHCP servers on each access
point? I like the idea of only one central server where I can configure
my static leases and see all the IPs used.

Can I set this up using VLAN tags? Or am I thinking to complicated and it
is a lot easier? Or is it impossible?

As hardware I am using an APU board as central router/DHCP server. Three
TP-Link 1750 Archer C7 boards are used as access points, all installed with the
latest version of Chaos Calmer.

Any help would be appreciated.

Monkey

Hi,

monkey wrote:

Hi,
Can I set this up using VLAN tags?
Monkey

this is exactely the way how it will work.

Create a new LAN-interface with DHCP, bridge it to a VLAN and configure the downlink to your APs to carry the VLAN and the other LAN to the AP.
On the AP do the same and connect the LAN to SSID#1 and the VLAN to SSID#2.

In my setup I use "LAN" untagged and "Guest" tagged on the downlink.
Of course, you can use both Interfaces tagged.

Hi,

sorry for bringing this up after such a long time but I haven't found the time
earlier and now'm still having trouble with this setup! I try to tell you where
my problem is, but at first what I have done so far:

1st thing is that the central router, the APU board, has 3 physical interfaces.
I configured
* eth0 as LAN
* eth1 as DMZ
* eth2 as WAN

I setup an DHCP-Server on the LAN and the DMZ inteface, I want to keep my LAN
untagged, so I won't need to do anything with VLANs on this network.

After my "normal" (untagged) LAN-wifi was working, I created an additional
VLAN-interface (on my access point), named it "DMZ" and set the interface to
eth1.2. I bridged it to my DMZ-wifi.

This is the network-config on my access-point:

config interface 'lan'
        option ifname 'eth1'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.0.2'
        option gateway '192.168.0.1'
        option dns '192.168.0.1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 2 3 4 5'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '1 6'

config interface 'dmz'
        option ifname 'eth1.2'
        option proto 'static'
        option ipaddr '10.10.10.2'
        option netmask '255.255.255.0'
        option _orig_ifname 'eth1.2'
        option _orig_bridge 'false'
        option type 'bridge'

Note: I changed the ifname in the dmz from eth0.2 to eth1.2 since my lan
interface is eth1. I found a ticket about this here:
https://dev.openwrt.org/ticket/20739

As available interfaces LuCI shows me (under Network - Interfaces - DMZ -
Physical Settings):
* Ethernet Adapter: "eth0"
* VLAN Interface: "eth0.1"
* VLAN Interface: "eth0.2"
* Ethernet Switch: "eth1" (lan)
* VLAN Interface: "eth1.2" (dmz)
* Wireless Network: Master "LAN-SSID" (lan)
* Wireless Network: Master "DMZ-SSID" (dmz)

When I now try to connect to my dmz-wifi I see the dhcp-requests leaving the
br-dmz interface using tcpdump, but they don't appear on my APU-board.

I also tried bridging it to the Ethernet Switch (so it said lan, dmz) with no
result.

I don't want to setup an VLAN-ID on the APU board (like eth1.2) since it has
three interfaces (by the way, I tried it but it didn't change anything).

The central router and the access points are connected over a switch on which I
have configured VLAN trunk ports carrying vlan-id 1 and 2. But maybe I made a
mistake there...

I read something about appending a "t" to the ports where I want the VLAN-ID to
be added when leaving the interface. Do I need this option somewhere.

Somehow I'm lost and any help would be highly appreciated! Even if you think
the problem might be somewhere else...

Thanks
Monkey

Hi,

1st I did not catch your setup fully.

But what I saw is

1st thing is that the central router, the APU board, has 3 physical interfaces.
I configured
* eth0 as LAN
* eth1 as DMZ
* eth2 as WAN

You have to connect your AP with one cable to the APU.
The port of the APU for example eth0 (and AP) must carry both VLANs: DMZ and LAN.
At maximum one of the VLANs can be untagged.
Or both can be tagged (t).

The discussion might have continued from here.