Using VLANs for a 2nd Access Point with home & guest wifi

[Jack Yaz]

What's perplexing is you give 86400s for DHCP but it appears to be doing it hourly. Whats the DHCP lease set to in the main router GUI?

 

[jamestx10]

Same 86400.

It is more often then an hour

May  4 09:56:56 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 09:56:56 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 10:16:58 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 10:16:58 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 10:36:26 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 10:36:26 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 10:57:19 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 10:57:19 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 11:16:55 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 11:16:55 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 11:38:32 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 11:38:32 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 11:56:25 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 11:56:25 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 12:17:50 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 12:17:50 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 12:39:54 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 12:39:54 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 13:00:49 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 13:00:49 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 13:21:25 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 13:21:25 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 13:40:34 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 13:40:34 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 14:00:38 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 14:00:38 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 14:21:34 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 14:21:34 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 15:00:38 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 15:00:38 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 15:21:11 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 15:21:11 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC
May  4 15:39:45 dnsmasq-dhcp[246]: DHCPREQUEST(vlan4) 10.10.11.20 MAC
May  4 15:39:45 dnsmasq-dhcp[246]: DHCPACK(vlan4) 10.10.11.20 MAC

 

[Jack Yaz]

Also, iptables -S (note the capital S) definitely works for me on my 87U. Reboot your router. I suspect where you have kept running the iptables rules you have caused massive duplication of rules.

 

[Jack Yaz]

Hang on,

change dhcp-range=vlan4,10.10.11.10,10.10.11.250,255.255.255.0,86400s

to dhcp-range=vlan4,10.10.11.10,10.10.11.250,24h

 

[jamestx10]

I have put in that change and rebooted. iptables -S still fails. It will probably be tomorrow before I can test and see if that change helped.

 

[Jack Yaz]

wonder if the N66U has a different version of iptables. Let me know how things look tomorrow

 

[john9527]

Also, iptables -S (note the capital S) definitely works for me on my 87U. Reboot your router. I suspect where you have kept running the iptables rules you have caused massive duplication of rules.

The -S option is only available on the ARM routers.....for the MIPS routers use iptables-save

 

[Jack Yaz]

Ah, well that explains it!

 

[jamestx10]

No change in behavior. The client loses connectivity for a min or two and then the DHCP requests are seen in the log. The DHCP lease on the client shows that it was obtained yesterday but the expiration date move out 24 hours.

 

[Jack Yaz]

Can you try connecting a different client and seeing if the same thing happens?

 

[schmerg]

Note that the basic web UI for DHCP will only be setting options for the main DHCP pool.
If you copied/tweaked my setup, I have my normal host on 192.168.1.x but the VLAN4 hosts all get an address on 192.168.4.x (makes them easier to spot on the client map).

And this is controlled by the same dnsmasq daemon, but when I add this to the config via dnsmasq.conf.add

#
# Add DHCP custom range for VLAN 4 being the private network on physical port 4
#
interface=vlan4
dhcp-range=vlan4,192.168.4.100,192.168.4.200,255.255.255.0,86400s
dhcp-option=vlan4,3,192.168.4.1
dhcp-option=vlan4,6,192.168.4.1,0.0.0.0

and the timeout figure is the 86400s figure on the 2nd line.
So depending on what you're doing, might be worth double checking the options you're adding to dnsmasq (even if you're on the same subnet, you still have to tell dnsmasq to listen on other interface vlans as it won't listen to them by default).

 

[Jack Yaz]

Schemerg, are you able to replicate the problem if you decrease lease time and wait for a renew?

 

[jamestx10]

Can you try connecting a different client and seeing if the same thing happens?

The good news is it seems to work fine on another client. The first client with the issue did not have that problem though when it was not on this restricted guest network. Is there anything in the config that could be changed to maybe improve this?

 

[Jack Yaz]

What device is the one with the issues? I would check it's network adapter config - something isn't playing nicely.

 

[jamestx10]

So depending on what you're doing, might be worth double checking the options you're adding to dnsmasq (even if you're on the same subnet, you still have to tell dnsmasq to listen on other interface vlans as it won't listen to them by default).

Here is what I am using:

# Add DHCP custom range for VLAN 4 being a private network
#
interface=vlan4
dhcp-range=vlan4,10.10.11.10,10.10.11.250,24h
dhcp-option=vlan4,15,NULEAFGUEST
dhcp-option=vlan4,3,10.10.11.1
dhcp-option=vlan4,6,10.10.11.1,0.0.0.0

My LAN subnet is 10.10.10.1

 

[jamestx10]

What device is the one with the issues? I would check it's network adapter config - something isn't playing nicely.

It is a cheap Win10 tablet. It has a Realtek RTL8723BS wireless chip in it. I just found a driver update for it so will see if that helps but like I said it works fine on the non-guest WiFi.

 

[Jack Yaz]

I was just wondering if it had cached or had somehow set static references to the DHCP server in the adapter properties

 

[schmerg]

Schemerg, are you able to replicate the problem if you decrease lease time and wait for a renew?

I'll give a try this weekend and report back...

 

[jamestx10]

There was a driver update and it was looking promising but alas no change. Nothing in the client config is static.

 

[schmerg]

I'll give a try this weekend and report back...

I decreased lease time to 60 seconds (and rebooted the router) and then connected without problems. The system logs on the router show the initial offer and acceptance of the dynamic IP, and a further DHCPREQUEST every minute after that to renew the lease. I put the laptop to sleep and woke it up and again the IP was handed out again and renewed fine.

Is there anything in the server log? You could try adding a line "log-dhcp" to the dnsmasq.conf.add file - this will then act as the equivalent of the --log-dhcp option and should enable extra logging (http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html).

Also "When it receives a SIGUSR1, dnsmasq writes statistics to the system log" - might give some clues...

Or you can give a lease time of "infinite" (see the above man page again) if you can't see what's going wrong... you can do this on a per machine basis even (ie leave the above line with a normal lease time of an hour, and then use something like this

dhcp-host=00:20:e0:3b:13:af,wap,infinite

This tells dnsmasq to give the machine with hardware address 00:20:e0:3b:13:af the name wap, and an infinite DHCP lease.

I use lines such as the above (but without the custom lease) in my file to fix my essentially-static IP address - I find it's easier to preserve and read and modify etc than doing so via the web UI

Cheers

--
Tim