EdgeRouter not handing out addresses on VLAN



  • I have an EdgeRouter Lite that is not handing out DHCP addresses on VLAN 80. Does anyone see an issue in the config as to why that would be?

    [email protected]:~$ show configuration
    firewall {
        all-ping enable
        broadcast-ping disable
        ipv6-receive-redirects disable
        ipv6-src-route disable
        ip-src-route disable
        log-martians enable
        name WAN_IN {
            default-action drop
            description "WAN to internal"
            rule 10 {
                action accept
                description "Allow established/related"
                state {
                    established enable
                    related enable
                }
            }
            rule 20 {
                action drop
                description "Drop invalid state"
                state {
                    invalid enable
                }
            }
        }
        name WAN_LOCAL {
            default-action drop
            description "WAN to router"
            rule 10 {
                action accept
                description "Allow established/related"
                state {
                    established enable
                    related enable
                }
            }
            rule 20 {
                action drop
                description "Drop invalid state"
                state {
                    invalid enable
                }
            }
        }
        receive-redirects disable
        send-redirects enable
        source-validation disable
        syn-cookies enable
    }
    interfaces {
        ethernet eth0 {
            address dhcp
            description Internet
            duplex auto
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            speed auto
        }
        ethernet eth1 {
            address 192.168.1.1/24
            description Local
            duplex auto
            speed auto
            vif 80 {
                address 192.168.80.1/24
                description guestInternet
                mtu 1500
            }
        }
        ethernet eth2 {
            address 192.168.2.1/24
            description "Local 2"
            duplex auto
            speed auto
        }
        loopback lo {
        }
    }
    service {
        dhcp-server {
            disabled false
            hostfile-update disable
            shared-network-name GuestInternet {
                subnet 192.168.80.0/24 {
                    default-router 192.168.80.1
                    dns-server 8.8.8.8
                    dns-server 4.2.2.2
                    start 192.168.80.10 {
                        stop 192.168.80.250
                    }
                }
            }
            shared-network-name LAN1 {
                authoritative enable
                subnet 192.168.1.0/24 {
                    default-router 192.168.1.1
                    dns-server 192.168.1.3
                    lease 86400
                    start 192.168.1.38 {
                        stop 192.168.1.243
                    }
                }
            }
        }
        dns {
            forwarding {
                cache-size 150
                listen-on eth1
                listen-on eth2
            }
        }
        gui {
            https-port 443
        }
        nat {
            rule 5010 {
                description "masquerade for WAN"
                outbound-interface eth0
                type masquerade
            }
        }
        ssh {
            port 22
            protocol-version v2
        }
    }
    system {
        host-name ubnt
        login {
            user ubnt {
                authentication {
                    encrypted-password ****************
                }
                level admin
            }
        }
        ntp {
            server 0.ubnt.pool.ntp.org {
            }
            server 1.ubnt.pool.ntp.org {
            }
            server 2.ubnt.pool.ntp.org {
            }
            server 3.ubnt.pool.ntp.org {
            }
        }
        syslog {
            global {
                facility all {
                    level notice
                }
                facility protocols {
                    level debug
                }
            }
        }
        time-zone UTC
    }
    [email protected]:~$
    

    I know I don't have the rules in yet to block subnet to subnet traffic. On my EdgeSwitch, I have port 2 untagged on VLAN 80, and excluded on VLAN 1. Port 2 is connected to the computer. On port 24, I have VLAN 1 untagged, and VLAN 80 tagged. If I statically configure an address on 192.168.80.0/24 I can route out to the internet and ping the other subnet. If I statically configure an address on 192.168.1.0/24, I can't ping anything, so it seems like it's on the VLAN, it's just that DHCP isn't working on that VLAN.



  • Here is the config at one client.

    Interfaces

    set interfaces ethernet eth1 address 10.202.1.1/23
    set interfaces ethernet eth1 description 'FSL LAN'
    set interfaces ethernet eth1 duplex auto
    set interfaces ethernet eth1 firewall in name LAN_IN
    set interfaces ethernet eth1 firewall local name LAN_LOCAL
    set interfaces ethernet eth1 speed auto
    set interfaces ethernet eth1 vif 10 address 10.202.10.1/24
    set interfaces ethernet eth1 vif 10 description 'Guest Wireless'
    set interfaces ethernet eth1 vif 10 firewall in name Public_WiFi_IN
    set interfaces ethernet eth1 vif 10 firewall local name Public_WiFi_LOCAL
    set interfaces ethernet eth1 vif 10 mtu 1500
    

    DHCP

    set service dhcp-server disabled false
    set service dhcp-server hostfile-update enable
    set service dhcp-server shared-network-name FSL_LAN authoritative disable
    set service dhcp-server shared-network-name FSL_LAN disable
    set service dhcp-server shared-network-name FSL_LAN subnet 10.202.0.0/23 default-router 10.202.1.1
    set service dhcp-server shared-network-name FSL_LAN subnet 10.202.0.0/23 dns-server 10.202.1.1
    set service dhcp-server shared-network-name FSL_LAN subnet 10.202.0.0/23 lease 28800
    set service dhcp-server shared-network-name FSL_LAN subnet 10.202.0.0/23 start 10.202.0.100 stop 10.202.1.249
    set service dhcp-server shared-network-name FSL_LAN subnet 10.202.0.0/23 unifi-controller 207.244.223.13
    set service dhcp-server shared-network-name Guest_WiFi authoritative disable
    set service dhcp-server shared-network-name Guest_WiFi subnet 10.202.10.0/24 default-router 10.202.10.1
    set service dhcp-server shared-network-name Guest_WiFi subnet 10.202.10.0/24 dns-server 10.202.10.1
    set service dhcp-server shared-network-name Guest_WiFi subnet 10.202.10.0/24 lease 14400
    set service dhcp-server shared-network-name Guest_WiFi subnet 10.202.10.0/24 start 10.202.10.30 stop 10.202.10.200
    set service dhcp-server shared-network-name Guest_WiFi subnet 10.202.10.0/24 unifi-controller 207.244.223.13
    set service dhcp-server static-arp disable
    set service dhcp-server use-dnsmasq disable
    


  • are you sure you have your switch setup right?

    What is port 24 plugged into?

    Which port were you plugged into with the manual config that worked?



  • @jaredbusch Port 24 on the switch is plugged in to the EdgeRouter Eth1.



  • @jaredbusch said in EdgeRouter not handing out addresses on VLAN:

    Which port were you plugged into with the manual config that worked?

    Same ports for everything.



  • Keep the switch out of the picture.

    Plug something into eth1 directly does it pull DHCP on vlan1?

    Force that device to VLAN 80 and plug it in to eth1. Does it get the DHCP then?



  • @mike-davis said in EdgeRouter not handing out addresses on VLAN:

    @jaredbusch said in EdgeRouter not handing out addresses on VLAN:

    Which port were you plugged into with the manual config that worked?

    Same ports for everything.

    That is not the correct answer.



  • @jaredbusch good idea. Forgot I could force something to a VLAN.



  • @jaredbusch said in EdgeRouter not handing out addresses on VLAN:

    Plug something into eth1 directly does it pull DHCP on vlan1?
    Force that device to VLAN 80 and plug it in to eth1. Does it get the DHCP then?

    Did this and not getting an IP. Doing the old stare and compare with your config to see what is different.



  • @mike-davis said in EdgeRouter not handing out addresses on VLAN:

    @jaredbusch said in EdgeRouter not handing out addresses on VLAN:

    Plug something into eth1 directly does it pull DHCP on vlan1?
    Force that device to VLAN 80 and plug it in to eth1. Does it get the DHCP then?

    Did this and not getting an IP. Doing the old stare and compare with your config to see what is different.

    my LAN scope is disabled in that. It is only there for failover if the windows AD server with all the roles fails.



  • You can also tell your switch to use VLAN 80 to get it's IP for management. not sure where. Notlogged into an ES atm.



  • @jaredbusch said in EdgeRouter not handing out addresses on VLAN:

    my LAN scope is disabled in that. It is only there for failover if the windows AD server with all the roles fails.

    That explains this line:

    set service dhcp-server shared-network-name FSL_LAN disable
    

    What about this:

    set service dhcp-server shared-network-name FSL_LAN authoritative disable
    


  • @mike-davis said in EdgeRouter not handing out addresses on VLAN:

    What about this:
    set service dhcp-server shared-network-name FSL_LAN authoritative disable

    That was it. Thanks @JaredBusch - you the man.


Log in to reply