VLAN trunks and Multiple DHCP

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
View previous topic :: View next topic  
Author Message
HornAlum
DD-WRT Novice


Joined: 12 Aug 2017
Posts: 11
PostPosted: Sat Aug 12, 2017 3:46    Post subject: VLAN trunks and Multiple DHCP Reply with quote
Brief history - Ran a WRT54G v2 with DD-WRT for a long time before it began to act up. Replaced it with a RT-N16 ASUS but never got around to putting DD-WRT on it.

Flash forward - I'm setting up a full cat6 setup and bought some Ubiquiti Unifi AP's and a Cloud Key controller. I want my kids and/or Guest WiFi to be on it's own vlan and separate subnet.

I'm running a Layer 3 Procurve switch behind my router, and all my vlans are setup there. What I need my RT-N16 to do is serve as a DHCP server to the other VLAN(s), since the switch is too old to act as a DHCP server itself (HP 2910AL-24G)

Rather than set up the different ports on the RT-N16 for each VLAN, I want all the ports to be 802.1q ports, with the extra VLAN's being tagged

This was the original output of the key cmds from NVRAM:

Code:
root@DD-WRT:~# nvram show | grep vlan.*ports
vlan2ports=0 8
vlan0ports=1 2 3 4 5*
size: 27703 bytes (234441 left)
vlan1ports=4 3 2 1 8*

root@DD-WRT:~# nvram show | grep port.*vlan
port5vlans=1 2 16
size: 27732 bytes (234412 left)
port3vlans=1
port1vlans=1
port4vlans=1
port2vlans=1
port0vlans=2

root@DD-WRT:~# nvram show | grep vlan.*hwname
size: 27732 bytes (234412 left)
vlan2hwname=et0
vlan1hwname=et0
vlan0hwname=et0


after following some of the examples, I came up with this:

Code:

root@DD-WRT:~# nvram show | grep vlan.*ports
vlan2ports=0 8
vlan10ports=4t 3t 2t 1t 8
vlan0ports=1 2 3 4 5*
size: 28774 bytes (233370 left)
vlan1ports=4 3 2 1 8*
root@DD-WRT:~# nvram show | grep ports.*vlan
size: 28774 bytes (233370 left)
root@DD-WRT:~# nvram show | grep port.*vlan
size: 28774 bytes (233370 left)
port5vlans=1 2 10 16
port3vlans=1 10
port1vlans=1 10
port4vlans=1 10
port2vlans=1 10
port0vlans=2
root@DD-WRT:~# nvram show | grep vlan.*hwname
size: 29008 bytes (233136 left)
vlan2hwname=et0
vlan1hwname=et0
vlan0hwname=et0
vlan10hwname=et0


I also set did the following, under admin-cmds and saved to startup

Code:
ifconfig vlan10 192.168.10.1 netmask 255.255.255.0
ifconfig vlan10 up


also did this (allow kids wifi to talk to my primary network and out the internet, with the wildcards)



Code:
iptables -I INPUT -i vlan10 -j ACCEPT
iptables -I FORWARD -i vlan10 -o br0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan10 -o vlan+ -m state --state NEW -j ACCEPT


When I go to add a new DHCPD multiple DHCP, i add VLAN10 from the drop down, but it lists the ip/netmask as 0.0.0.0/0.0.0.0

The procurve points its ip helper-address to the IP of the router.

I set up some access/untagged ports on the switch to test my laptop with, to see if it would grab an IP on this new subnet and it doesn't.


What am I doing wrong?
Back to top View user's profile Send private message
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway
PostPosted: Sat Aug 12, 2017 6:50    Post subject: Reply with quote
I presume "vlan0ports=1 2 3 4 5* " is a bogus, as it have port 5 instead of 8.

vlan10ports=4t 3t 2t 1t 8
vlan1ports=4 3 2 1 8*


Which port is the switch connected to?

To trunk vlan 1 and 10 on that port (say port 4):

set vlan10ports="4t 8"
set vlan1ports="4t 3 2 1 8*"
nvram commit
reboot
Back to top View user's profile Send private message
HornAlum
DD-WRT Novice


Joined: 12 Aug 2017
Posts: 11
PostPosted: Sat Aug 12, 2017 13:52    Post subject: Reply with quote
I trunked all 4 ports, but right now it is plugged into port 1.

I didn't see the need to drunk VLAN 1 because that's the native vlan, and the native vlan doesn't need a tag. Does DD-WRT treat trunking differently that i have to have every vlan tagged?
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway
PostPosted: Sat Aug 12, 2017 14:14    Post subject: Reply with quote
set vlan10ports="4t 3 8"
set vlan1ports="4t 2 1 8*"
nvram commit
reboot

Now you can connect a PC to port 3 and see if you get any connection on vlan10

Port 4 is the one labeled 1 on the casing and 3 is 2
Back to top View user's profile Send private message
HornAlum
DD-WRT Novice


Joined: 12 Aug 2017
Posts: 11
PostPosted: Sat Aug 12, 2017 19:17    Post subject: Reply with quote
I'll try that.

this is a little more worrisome, that it didn't grab the ip i gave to the vlan interface (see attached)

Capture.JPG
 Description:
multiple dhcp image
 Filesize:  18.31 KB
 Viewed:  10300 Time(s)

Capture.JPG
Back to top View user's profile Send private message
HornAlum
DD-WRT Novice


Joined: 12 Aug 2017
Posts: 11
PostPosted: Sat Aug 12, 2017 19:35    Post subject: Reply with quote
ok so this is what I found.

If i marked vlan1="4t" (ie, port 4 vlan 1 becomes tagged), it broke my PC. PC failed to grab DHCP. (Right now, I have my PC plugged into that port instead of the switch, as I want to get this dhcp thing lined up before i switch to the L3Switch. I switched it back to a non trunked port on VLAN 1.

I plugged my laptop into Port 3 (otherwise marked LAN2 on the chassis), and the laptop failed to grab DHCP. Instead, it grabbed an APIPA address (169.254...)

If i move the laptop to port 2 (LAN3 on chassis), it works fine.
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway
PostPosted: Sat Aug 12, 2017 20:14    Post subject: Reply with quote
VLAN10 is missing an ip address. Go to the Networking tab and give the interface an ip address.
Back to top View user's profile Send private message
HornAlum
DD-WRT Novice


Joined: 12 Aug 2017
Posts: 11
PostPosted: Sat Aug 12, 2017 21:49    Post subject: Reply with quote
I assume to do that, you have to set it to "unbridged"? I thought the interface may already have had an IP address as i had issued a startup command via TELNET :

Code:
ifconfig vlan10 192.168.10.1 netmask 255.255.255.0


I did what you said and I'm getting an IP address on the laptop now. However, I am not routing out to the internet, nor can I ping the vlan10 interface, even though i'm getting the DHCP.

Is my rc_firewall setup right?

Code:
iptables -I INPUT -i vlan10 -j ACCEPT
iptables -I FORWARD -i vlan10 -o br0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan10 -o vlan+ -m state --state NEW -j ACCEPT
Back to top View user's profile Send private message
HornAlum
DD-WRT Novice


Joined: 12 Aug 2017
Posts: 11
PostPosted: Wed Aug 16, 2017 13:06    Post subject: Reply with quote
Thinking about blowing away nvram and starting over. there's probably something wrong with the IPTables. I can't even ping the gateway IP (192.168.10.1) from the laptop, even though it gives me a DHCP address.

RT-N16 with r30880 big firmware
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum