Hey, I am new to VyOS and I am in the process of setting up a switch running 1.3-rolling-202012141037. I have created the bridge( br0 ) with several interfaces and things seem to be working as expected with it. I can plug different computers into the interfaces assigned to br0, manually assign each computer an IP, and they all seem to communicate with one another. Cool thing is the 10GB interfaces are pretty much hitting 10GB on throughput. Yeah, major accomplishment and goal for this project.
Now the issue I am fighting and need some help it. I have a few 1GB interface cards in br0 I need to assign DHCP & DNS info to. The VyOS machine has two things, the bridge br0 and eth0. eth0 is connected to an existing DHCP server. Some how I would like a couple of things connected the bridge br0 1GB interfaces to be able to talk to the DHCP server on the other end of eth0 to get IP address and DNS info.
I think I might be able to be done with creating a DHCP on the VyOS service that mimics the existing DHCP server on eth0 and then set up the dhcp-relay info. Any help would be greatly appreciated.
If you look at the diagram on that page, but replace it’s eth1 with br0 and it’s DHCP server of 10.0.1.4 with the IP address of your DHCP server on eth0, you should be away.
Thanks for the tip. I did see that before, but I think I messed the config up on the first couple of tries. I think I have gotten really close now with the following:
set service dhcp-relay server 192.168.4.1
set service dhcp-relay relay-options relay-agents-packet discard
set service dhcp-relay interface br0
The following commands now creates an entry like from the doc:
dhcp-relay {
interface br0
relay-options {
relay-agents-packets discard
}
server 192.168.4.1
}
Looking on the DHCP server it is now getting requests, but failing with the following:
dnsmasq-dhcp[33001]: no address range available for DHCP request via 192.168.100.10
The br0 address was set to 192.168.100.10, so I changed it to the 192.168.4 subnet and things fell on their face. Now I can ping anything and the static route and name-service are broken. This might be a stupid question, but should I be setting the br0 address to DHCP also.
So far a little more messing around, assigning br0 address to the 192.168.4.xxx subnet bypasses the static route out and trys to resolve everything within the bridge. It looks like I need to add another interface to both the VyOS server and the DHCP server. On VyOS one interface will act as the gateway and the second will be used for DHCP via the dhcp-relay. I am going to give it a try and will report back.
OK, I thought about this a little here. I do have to admit that I am a software developer and not a network engineer so my knowledge of VLANs is limited. But after a quick crash course on YouTube, I think I see what you are getting at. I think this is what is needed to be done:
add eth0 to the bridge.
create vlan1 that contains eth0 and any other port than needs dhcp service
create vlan2 that contains all the other ports that will have static ip addresses.
set up routing between the two vlan to allow all traffic
OK, getting really close. I added eth0 to the bridge and created the 2 vlans. The first vlan has eth0( the dhcp server ) and all the other ports needing DHCP. I plugged a computer into one of the port of the first vlan and it got an IP addressed, DNS, and gateway set. Awesome sauce!!! Thou there seems to be a routing problem or things are not set as I expected.
vyos@cerberus:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
br0 192.168.13.13/24 u/u 10GB/1GB Switch
br0.3 192.168.4.13/24 u/u DHCP Available
br0.100 192.168.100.13/24 u/u DHCP Unavailable
eth0 192.168.1.5/24 u/u Management
eth1 - u/u Uplink
eth2 - u/u 10GB Intel Lower
eth3 - u/u 10GB Intel Upper
eth4 - u/D 10GB BComm Lower
eth5 - u/D 10GB BComm Upper
eth6 - u/D 1GB Intel Single
eth7 - u/D 1GB BCommE Lower
eth8 - u/u 1GB BCommE Upper
eth9 - u/D 1GB BCommM Lower
eth10 - u/D 1GB BCommM Upper
lo 127.0.0.1/8 u/u
::1/128
The computer getting the DHCP is getting one of 192.168.4.197 with a gateway of 192.168.4.1 and DNS of 192.168.4.1, which is what the DHCP server is giving out the is connected to eth0. For some reason I can not ping 192.168.4.1. Running traceroute it looks like the packets are hitting 192.168.4.13 and stopping there. Shouldnt the packets be broadcast out to the other interface within the VLAN?
Update. Well I have abandon the original idea because it looks like it just is not doable. I got the second option almost fully working, but I got one last thing I need to figure out. Here is what I have so far:
eth0 - providing DNS and outside access.
br0 - bridging all the ports and providing DHCP
All the things connected to the bridge can talk to one another and get out to the world. I am trying to figure out how to setup the routing to allow all incoming traffic on eth0 to come through.
Got it figured out. Turned out to be a routing problem upstream with the untangled server. Got everything working now. Overall I am extremely pleased with things and VyOS. Because of it I was able to eliminate 2 switches, many direct connect cables, and many headaches.
Great to hear you got it sorted out and working, and that you can remove a couple of boxes to make your life easier.
There’s many ways to get involved in Vyos! I try to help out in the forums and also am a Patreon, but check that link there’s lot of other ways to help too.
Hmm… I am starting to see some odd behavior. I got a couple of connections now hooked up to the bridge. All the clients can see/ping one another. Good thing. From the Vyos server, it can see/ping all the clients. Another good thing. I have another client that is on the outside visible through eth0 connected to the VyOS server. The first two interfaces in the bridge are on one physical NIC. Next two interfaces on another physical card and so on. I have a client on the outside that visible/accessible through eth0. The client can see/ping the two clients connected to the first physical card. Any other clients connected to any other interfaces of the bridge it can not see. Basically it looks like packets are not getting broadcast out the interfaces/cards on the bridge. Does something have to be manually configured to get the inward bounds to be broadcasted to all the interfaces in the bridge?
