OpenWrt Forum Archive

Topic: Split lan into two segments

The content of this topic has been archived on 24 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

I am trying setup my TP-LINK TL-WR841N installed with openwrt to provide two lan segments.

External segment port 1 that has interface IP configured and respond to DHCP request received on the port.

Internal segment port 2, 3 and 4 to act just like normal switch to forward all the traffic among these port.

The idea is connect a DPI box to port 1 and 2 such that it sits between external and internal segments.

I see the following problems.
1. Mon Aug  7 21:24:53 2017 kern.warn kernel: [50529.850000] br-internal: received packet on eth0.2 with own address as source address
When forwarding packets between segment mac spoof check shows errors.
2. Since the internel segment has no interface IP configured and dhcp is disable it shows the following.
Mon Aug  7 21:23:58 2017 daemon.warn dnsmasq-dhcp[10662]: DHCP packet received on br-internal which has no address

Any suggestions on how to fix this problems would be really helpful.

Thanks in advance!

/Yogaraj

(Last edited by yogaraj on 7 Aug 2017, 22:27)

Do the internal and external interfaces have the same MAC address? Try changing one if this is the case. It may solve the first problem. The second may be solved by only listening on the external interface in dnsmasq.

If you want ports 2,3,4 to only switch among themselves, don't connect their VLAN to the CPU at all.

@mikma @mk24

I configured different mac addresses on the interfaces and first issue was fixed. Then I configured dnsmasq not to listed on internal lan, so second issue is gone. But there is a new issue now.

When I loop internal and external segment. dhcp discover and request from internal are forwarded to external port. Dhcp offer/response is sent from external but for some reason internal segment does not forward the dhcp offer/request back to host. Could it be switch configuration issue or firewall ?

btw, I need to connect internal segment to cpu as well since I want internal segment to be bridged along with wlan.

The discussion might have continued from here.