Central DHCP for lan and remote subnets

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
ddwrt.guy
DD-WRT Novice


Joined: 13 Aug 2013
Posts: 24

PostPosted: Sun May 14, 2023 23:51    Post subject: Central DHCP for lan and remote subnets Reply with quote
I have a gateway router (R7000) and two other R7000s configured as routers on the LAN to provide wifi coverage. The gateway router provides DHCP service to all routers on the LAN. I have a long list of devices and assigned IP addresses defined under services.

The two non-gateway remote routers, besides hosting LAN devices, each have a subnet for untrusted devices. These non-trusted devices can access the internet but not the LAN. A few devices are even blocked from the internet, such as Chinese-made IP-CAMs.

All works fine. However, I'd like to make a change. I'd like to have the gateway router allocate addresses for the subnets as well. This would simplify the maintenance of the MAC-IP assignments by having them in one place.

I know how to create a DHCP server for a subnet with an interface on the current router. I can't figure out how to create one for a subnet defined on a different router. Near as I can tell, any dhcp service needs an interface defined in ifconfig. By having them defined on the remote routers, I can't see how to forward dhcp requests for those subnets to the gateway router.

I suspect there is a way to do this. Any ideas would be appreciated.
Sponsor
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Mon May 15, 2023 6:18    Post subject: Reply with quote
This works via VLANs and trunk ports

You configure a LAN port to transport multiple tagged VLANs.

_________________
Quickstart guides:
use Pi-Hole as simple DNS-Server with DD-WRT
VLAN configuration via GUI - 1 CPU port
VLAN configuration via GUI - 2 CPU ports (R7800, EA8500 etc)

Routers
Marvell OCTEON TX2 - QHora-322 - OpenWrt 23.05.3 - Gateway
Qualcomm IPQ8065 - R7800 - DD-WRT - WAP
ddwrt.guy
DD-WRT Novice


Joined: 13 Aug 2013
Posts: 24

PostPosted: Wed May 17, 2023 12:10    Post subject: Reply with quote
Thanks for the solution. Can you please explain in a bit more detail? Does this mean I forefit a Lan port on the gateway router to create a new vlan? I'm hoping there's some other way to create this extra interface.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Wed May 17, 2023 13:12    Post subject: Reply with quote
ddwrt.guy wrote:
Thanks for the solution. Can you please explain in a bit more detail? Does this mean I forefit a Lan port on the gateway router to create a new vlan? I'm hoping there's some other way to create this extra interface.


please explore the ho1Aetoo link https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=334342
and take advantage of his advise... Wink

p.s. apparently the WAN interface on the other routers must be using tag number corresponding with,
your network design...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Wed May 17, 2023 15:50; edited 1 time in total
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Wed May 17, 2023 13:39    Post subject: Reply with quote
ddwrt.guy wrote:
I have a gateway router (R7000) and two other R7000s configured as routers on the LAN to provide wifi coverage. The gateway router provides DHCP service to all routers on the LAN.

ho1Aetoo wrote:
This works via VLANs and trunk ports

You configure a LAN port to transport multiple tagged VLANs.

ddwrt.guy wrote:
Thanks for the solution. Can you please explain in a bit more detail? Does this mean I forefit a Lan port on the gateway router to create a new vlan? I'm hoping there's some other way to create this extra interface.

Alozaros wrote:
please explore the ho1Aetoo link https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=334342
and take advantage of his advise... Wink

p.s. apparently the WAN interface on the other routers must be using tag number corresponding whit,
your network design...

How exactly are the routers inter-connected, via ethernet or wifi? Wifi doesn't necessarily speak VLAN, so this would have to be over wired ethernet using the examples given.

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Wed May 17, 2023 15:20    Post subject: Reply with quote
ddwrt.guy wrote:
Thanks for the solution. Can you please explain in a bit more detail? Does this mean I forefit a Lan port on the gateway router to create a new vlan? I'm hoping there's some other way to create this extra interface.


Well that's a bit more complicated setup.

You have to configure a trunk port on the gateway router, over this port several tagged VLANs are transported (for example VLAN 1=LAN and VLAN3=guests).

Then you may also need a managed switch that can handle VLAN tagging to connect your two other WAPs (Wireless Access Point).

On the WAPs you also need to configure a trunk port that splits the VLANs again.

I do not have a sample configuration at hand.

But here are some other threads with trunk ports.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=334448
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=334462

Such a sample configuration is still on my to-do list.

See also the document from sir egc "DDWRT VLANs, VAPs and WAPs-7.pdf"

> https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1284695#1284695

_________________
Quickstart guides:
use Pi-Hole as simple DNS-Server with DD-WRT
VLAN configuration via GUI - 1 CPU port
VLAN configuration via GUI - 2 CPU ports (R7800, EA8500 etc)

Routers
Marvell OCTEON TX2 - QHora-322 - OpenWrt 23.05.3 - Gateway
Qualcomm IPQ8065 - R7800 - DD-WRT - WAP
ddwrt.guy
DD-WRT Novice


Joined: 13 Aug 2013
Posts: 24

PostPosted: Tue May 23, 2023 2:27    Post subject: Reply with quote
Thanks for all the help. I got this working with two ethernet-connected routers. I have not tested with a switch yet nor played with firewall rules (tbd). I'll share details in case anyone else wants to try this.

My test setup: R7000 as the gateway router and R4500 as a WAP, both with the latest firmware (R52596).

Goal: Have the gateway router provide DHCP for all network-connected devices, some connected to WAP routers. The gateway and WAP devices will be connected via ethernet thru a switch to a specific gateway port.

I needed no firewall or startup scripts for this to work.
Ethernet connects the gateway router port 3 to WAP router port 4.
The gateway issues all IP addresses via DHCP for the LAN (br0) and the subnets defined by br5 and br6.

Gateway router -> Services -> Static leases can be defined for any of LAN, 2 subnets and will be applied. The same MAC can be defined on multiple nets.

I've attached images of the setup GUI screens.

Next tasks:
1) test with a switch connecting multiple WAP's to the gateway port.
2) play with firewall rules to restrict access of a subnet yet allow access of the subnet from the br0 LAN. Determine where these rules must be placed (gateway or WAP).
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Tue May 23, 2023 8:33    Post subject: Reply with quote
on the main settings page
CTF (or Shortcut Forward Engine) - turn it off as this is not needed and its base for a odd behaviours..
This is an acceleration engine that is meant to provide a better throughput over the WAN, as it opens the firewall..in lots of cases it could also behave very odd..unless you have very high ISP speed and your router is too slow...and desperately need it, turn it off..

In general R7000 can deliver around 300-400MBit performance over the WAN with no problem...with CTF or SFE...it can go higher, but as i said, it also tends to surprise with some odd behaviours...moreover WAP's, tagging and firewall rules...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum